Medium
CVE-2026-29790
dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safe_extract() funct…
Tag: dbt Core
All CVEs associated with "dbt Core". Page 1/1 • 2 CVEs.
About “dbt Core”
A curated feed of “dbt Core”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 5.3 (all time; 5.3 over 365d), and 0% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: dbt-core
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Premier Support | EOL | LTS |
|---|---|---|---|---|---|
| 1.11 | 1.11.11 | Unavailable | |||
| 1.10 | 1.10.22 | Soon | |||
| 1.9 | 1.9.10 | Expired | |||
| 1.8 | 1.8.9 | Expired | |||
| 1.7 | 1.7.19 | Expired | |||
| 1.6 | 1.6.18 | Expired | |||
| 1.5 | 1.5.11 | Expired | |||
| 1.4 | 1.4.9 | Expired | |||
| 1.3 | 1.3.7 | Expired | |||
| 1.2 | 1.2.6 | Expired | |||
| 1.1 | 1.1.5 | Expired | |||
| 1.0 | 1.0.9 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “dbt Core”
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-03-06
2024-05-27
Medium
CVE-2024-36105
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `IN…