Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

vanna-ai — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting vanna-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vanna-ai is an AI-powered tool designed to assist developers with SQL query generation and database interaction. Historically, the platform has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with 15 CVEs documented to date. These vulnerabilities often stem from improper input validation and insecure API endpoints. While no major public security incidents have been reported, the consistent discovery of flaws suggests potential risks for organizations implementing the tool without proper hardening. Users should remain vigilant about applying security patches and implementing least privilege principles when integrating this AI assistant into development workflows.

Found 7 results / 15Clear Filters
Top products by vanna-ai: vanna vanna-ai/vanna
CVE IDTitleCVSSSeverityPublished
CVE-2024-7764 SQL Injection in vanna-ai/vanna — vanna-ai/vannaCWE-89 9.8 -2025-03-20
CVE-2024-8055 Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna — vanna-ai/vannaCWE-89 9.1 -2025-03-20
CVE-2024-6841 CSRF in vanna-ai/vanna — vanna-ai/vannaCWE-352 8.8 -2025-03-20
CVE-2024-8099 Server-Side Request Forgery (SSRF) in vanna-ai/vanna — vanna-ai/vannaCWE-918 9.1 -2025-03-20
CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna — vanna-ai/vannaCWE-89 9.1AICriticalAI2024-07-05
CVE-2024-5827 Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna — vanna-ai/vannaCWE-89 9.8AICriticalAI2024-06-28
CVE-2024-5826 Remote Code Execution via Prompt Injection in vanna-ai/vanna — vanna-ai/vannaCWE-94 9.8AICriticalAI2024-06-27

This page lists every published CVE security advisory associated with vanna-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.