VYPR

Vanna

by Vanna AI

pypi: vanna

Source repositories

CVEs (15)

  • CVE-2024-5827CriJun 28, 2024
    risk 0.67cvss 9.8epss 0.03

    Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents…

  • CVE-2024-5826CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec`…

  • CVE-2024-8099HigMar 20, 2025
    risk 0.54cvss 8.3epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`,…

  • CVE-2024-7764HigMar 20, 2025
    risk 0.53cvss 8.1epss 0.01

    Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the `generate_sql` function calls `extract_sql` with the LLM response. An attacker can include a semi-colon…

  • CVE-2024-5565HigMay 31, 2024
    risk 0.53cvss 8.1epss 0.15

    The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s…

  • CVE-2024-8055HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the `PUT` and `COPY` commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as `/etc/passwd`, by exploiting…

  • CVE-2024-5753HigJul 5, 2024
    risk 0.49cvss 7.5epss 0.01

    vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by…

  • CVE-2026-6977HigApr 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2026-5320HigApr 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated…

  • CVE-2026-4231HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may…

  • CVE-2024-6841MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them…

  • CVE-2026-4513MedMar 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public…

  • CVE-2026-4511MedMar 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor…

  • CVE-2026-4230MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been…

  • CVE-2026-5321MedApr 2, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The…