Package impact
PyPI / prefect
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7723 | high | 7.3 | 7.3 | 26d ago | Prefect Unauthenticated Event Injection via /api/events/in WebSocket | |||
| CVE-2026-7725 | medium | 6.3 | 6.3 | 26d ago | Prefect Git Argument Injection in GitRepository Pull Steps | |||
| CVE-2026-7722 | medium | 5.3 | 5.3 | 26d ago | Prefect Auth Bypass via endswith() Health Check Exemption | |||
| CVE-2026-7724 | medium | 5.0 | 5.0 | 26d ago | Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url | |||
| CVE-2024-8183 | unknown | — | — | 1y ago | Prefect CORS (Cross-Origin Resource Sharing) misconfiguration | |||
| CVE-2023-6022 | unknown | — | — | 3y ago | Cross-Site Request Forgery vulnerability in Prefect |