Package impact
PyPI / vanna
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4229 | high | 7.3 | 7.3 | 3mo ago | A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes… | |||
| CVE-2024-5753 | unknown | — | — | 2y ago | Vanna vulnerable to SQL Injection | |||
| CVE-2024-5826 | unknown | — | — | 2y ago | vanna vulnerable to remote code execution caused by prompt injection | |||
| CVE-2024-5565 | unknown | — | — | 2y ago | Vanna prompt injection code execution |