Browse all 5 CVE security advisories affecting kedro-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kedro-org is an open-source data pipeline framework enabling Python-based ML and data science workflows. Historically, it has faced vulnerabilities including remote code execution (RCE) in template rendering, cross-site scripting (XSS) in web UI components, and privilege escalation through improper access controls. The project maintains a moderate security posture with five disclosed CVEs, primarily addressing input validation flaws and insecure default configurations. While no major incidents have been widely reported, the project's growing adoption has led to increased scrutiny of its security practices, particularly around template processing and web interface components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35492 | Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write — kedro-pluginsCWE-22 | 6.5 | Medium | 2026-04-07 |
This page lists every published CVE security advisory associated with kedro-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.