Vanna-Ai Vanna vulnerabilities
7 known vulnerabilities affecting vanna-ai/vanna-ai_vanna.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-5827P1CRITICALCVSS 9.8ExploitedPoC≥ unspecified, ≤ latest2024-06-28
CVE-2024-5827 [CRITICAL] CWE-89 CVE-2024-5827: Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs.
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents ``. This can lead to command execution or the creation of backdoors.
nvd
CVE-2024-5826P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2024-06-27
CVE-2024-5826 [CRITICAL] CWE-94 CVE-2024-5826: In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execu
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an
nvd
CVE-2024-8055P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-8055 [HIGH] CWE-89 CVE-2024-8055: Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations us
Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the `PUT` and `COPY` commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as `/etc/passwd`, by exploiting the exposed SQL queries through a Python Flask API.
nvd
CVE-2024-7764P3HIGHCVSS 8.1≥ unspecified, ≤ latest2025-03-20
CVE-2024-7764 [HIGH] CWE-89 CVE-2024-7764: Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting addi
Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the `generate_sql` function calls `extract_sql` with the LLM response. An attacker can include a semi-colon between a search data field and their own command, causing the `extract_sql` f
nvd
CVE-2024-5753P3HIGHCVSS 7.5≥ unspecified, ≤ latest2024-07-05
CVE-2024-5753 [HIGH] CWE-89 CVE-2024-5753: vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API.
nvd
CVE-2024-8099P3HIGHCVSS 8.3≥ unspecified, ≤ latest2025-03-20
CVE-2024-8099 [HIGH] CWE-918 CVE-2024-8099: A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna wh
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`, `read_csv_auto`, `read_text`, and `read_blob`, to make unauthorized requests to inte
nvd
CVE-2024-6841P4MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-6841 [MEDIUM] CWE-352 CVE-2024-6841: A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7
A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF attacks. This vulnerability allows an attacker to run arb
nvd