Every CVE whose affected-product data names Dbgpt Db-gpt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-10901 — CVSS 9.8 (critical): In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any…
CVE-2024-10902 — CVSS 9.8 (critical): In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path…
CVE-2024-10835 — CVSS 9.8 (critical): In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any…
CVE-2024-10831 — CVSS 9.1 (critical): In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows…
CVE-2024-10833 — CVSS 9.1 (critical): eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as…
CVE-2024-10834 — CVSS 9.1 (critical): eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue…
CVE-2025-0452 — CVSS 8.2 (high): eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The…
CVE-2024-10830 — CVSS 8.2 (high): A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This…
CVE-2024-10906 — CVSS 8.1 (high): In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance of `CORSMiddleware`…
CVE-2024-10829 — CVSS 7.5 (high): A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows…
CVE-2025-6772 — CVSS 7.3 (high): A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of…
CVE-2025-51458 — CVSS 6.5 (medium): SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via…
CVE-2025-51459 — CVSS 6.5 (medium): File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary…