VYPR

apk package

chainguard/dbt-snowflake

pkg:apk/chainguard/dbt-snowflake

Vulnerabilities (8)

  • CVE-2026-45409MedJun 5, 2026
    affected < 1.10.4-r2fixed 1.10.4-r2

    Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t

  • CVE-2026-44432HigMay 13, 2026
    affected < 1.10.4-r2fixed 1.10.4-r2

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w

  • CVE-2026-44431MedMay 13, 2026
    affected < 1.10.4-r2fixed 1.10.4-r2

    urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

  • CVE-2026-25645Mar 25, 2026
    affected < 1.10.4-r2fixed 1.10.4-r2

    Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without valid

  • CVE-2026-33155HigMar 20, 2026
    affected < 1.10.4-r2fixed 1.10.4-r2

    DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_T

  • CVE-2026-32597HigMar 13, 2026
    affected < 1.10.4-r2fixed 1.10.4-r2

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token i

  • CVE-2026-29790Mar 6, 2026
    affected < 1.10.4-r2fixed 1.10.4-r2

    dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safe_extract() function used when extracting tarball archives. The function uses os.path.commonprefix

  • CVE-2026-0994HigJan 23, 2026
    affected < 1.10.4-r1fixed 1.10.4-r1

    A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l