Browse all 5 CVE security advisories affecting kedro-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kedro-org is an open-source data pipeline framework enabling Python-based ML and data science workflows. Historically, it has faced vulnerabilities including remote code execution (RCE) in template rendering, cross-site scripting (XSS) in web UI components, and privilege escalation through improper access controls. The project maintains a moderate security posture with five disclosed CVEs, primarily addressing input validation flaws and insecure default configurations. While no major incidents have been widely reported, the project's growing adoption has led to increased scrutiny of its security practices, particularly around template processing and web interface components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35492 | Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write — kedro-pluginsCWE-22 | 6.5 | Medium | 2026-04-07 |
| CVE-2026-35171 | Arbitrary Code Execution via Malicious Logging Configuration in Kedro — kedroCWE-94 | 9.8 | Critical | 2026-04-06 |
| CVE-2026-35167 | Kedro has a path traversal in versioned dataset loading via unsanitized version string — kedroCWE-22 | 7.1 | High | 2026-04-06 |
| CVE-2024-12215 | Remote Code Execution in kedro-org/kedro — kedro-org/kedroCWE-94 | 9.8 | - | 2025-03-20 |
| CVE-2024-9701 | Remote Code Execution in kedro-org/kedro — kedro-org/kedroCWE-502 | 9.8 | - | 2025-03-20 |
This page lists every published CVE security advisory associated with kedro-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.