dbt-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-40637Lowdbt-core: dbt has an implicit override for built-in materializations from installed packagesCVE-2024-36105Mediumdbt-core: dbt allows Binding to an Unrestricted IP Address via socketsocketGHSA-P72Q-H37J-3HQ7Highdbt-core: dbt uses a SQLparse version with a high vulnerabilityGHSA-J4G3-3Q8X-JXQPLowdbt-core: dbt-core's secret env vars written to package-lock.json in plaintext

Stop the waste.
Protect your environment with Kodem.