{"id":"PYSEC-2026-2002","summary":"Vanna vulnerable to SQL Injection","details":"vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API.","aliases":["CVE-2024-5753","GHSA-mwxm-35f8-6vg2"],"modified":"2026-07-07T17:47:54.152740565Z","published":"2026-07-07T14:34:36.424917Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5753"},{"type":"PACKAGE","url":"https://github.com/vanna-ai/vanna"},{"type":"WEB","url":"https://huntr.com/bounties/a3f913d6-c717-4528-b974-26d8d9e839ca"},{"type":"PACKAGE","url":"https://pypi.org/project/vanna"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-mwxm-35f8-6vg2"}],"affected":[{"package":{"name":"vanna","ecosystem":"PyPI","purl":"pkg:pypi/vanna"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.3.4"}]}],"versions":["0.0.1","0.0.10","0.0.11","0.0.12","0.0.13","0.0.14","0.0.15","0.0.16","0.0.17","0.0.18","0.0.19","0.0.2","0.0.20","0.0.21","0.0.22","0.0.23","0.0.24","0.0.25","0.0.26","0.0.27","0.0.28","0.0.29","0.0.3","0.0.30","0.0.31","0.0.32","0.0.33","0.0.34","0.0.35","0.0.36","0.0.37","0.0.38","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9","0.1.0","0.1.1","0.2.0","0.2.1","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/vanna/PYSEC-2026-2002.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}