Vulnerabilities in dbt-labs
4 resultsCVE-2024-36105MEDIUMdbt allows Binding to an Unrestricted IP Address via socketsocketEPSS 0.7%CVE-2026-39382CRITICALdbt has a Command Injection in Reusable Workflow via Unsanitized comment-body OutputEPSS 0.4%CVE-2024-40637MEDIUMImplicit override for built-in materializations from installed packages in dbt-coreEPSS 0.4%CVE-2026-29790LOWdbt-common: commonprefix() doesn't protect against path traversalEPSS 0.3%