Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-jj54-r8gm-2fcf
  • PyPI/dbt-mcp
 dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction 14 May
  • Fix available
  • Severity - 3.1 (Low)
GHSA-7xgw-6qf3-7w59
  • PyPI/dbt-mcp
 dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled 14 May
  • Fix available
  • Severity - 2.5 (Low)
GHSA-xpww-f6pm-cfhq
  • PyPI/dbt-mcp
 dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters 14 May
  • Fix available
  • Severity - 6.3 (Medium)