All 8 CVE vulnerabilities found in vanna, with AI-generated Chinese analysis, references, and POCs.
Vendor: vanna-ai
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6977 | vanna-ai vanna Legacy Flask API improper authorization CWE-285 | 7.3 | High | 2026-04-25 |
| CVE-2026-5321 | vanna-ai vanna FastAPI/Flask Server cross-domain policy CWE-942 | 4.3 | Medium | 2026-04-02 |
| CVE-2026-5320 | vanna-ai vanna Chat API Endpoint v2 missing authentication CWE-306 | 7.3 | High | 2026-04-02 |
| CVE-2026-4513 | vanna-ai vanna base.py ask sql injection CWE-89 | 6.3 | Medium | 2026-03-21 |
| CVE-2026-4511 | vanna-ai vanna legacy exec injection CWE-74 | 6.3 | Medium | 2026-03-21 |
| CVE-2026-4231 | vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery CWE-918 | 7.3 | High | 2026-03-16 |
| CVE-2026-4230 | vanna-ai vanna Endpoint __init__.py update_sql sql injection CWE-89 | 6.3 | Medium | 2026-03-16 |
| CVE-2026-4229 | vanna-ai vanna bigquery_vector.py remove_training_data sql injection CWE-89 | 7.3 | High | 2026-03-16 |
All 8 known CVE vulnerabilities affecting vanna with full Chinese analysis, references, and POCs where available.