Bounties
Partners
Community
Info
dagster-io / dagster
Project repository
An orchestration platform for the development, production, and observation of data assets.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
22 DAYS
FIX
WITHIN
N/A DAYS
Patch coverage gap for CVE-2026-41490 -- dagster-clickhouse partition-key inject...
May 10th 2026
jaydubya09
•
self closed
Remote Code Execution via unsafe pickle.load() in Dagster Run Config — any UI us...
May 18th 2026
texuguinho1234
•
pending
Unauthenticated Remote Code Execution via GraphQL `launchRun` Mutation
May 16th 2026
aydinnyunus
•
pending
PrivateKeys exposed
Jul 13th 2025
booboohq
•
self closed
Code injection
Apr 15th 2024
h2oa
•
duplicate
Critical
CSRF on every GraphQL endpoint allows external attacker to perform any platform...
Feb 16th 2024
pinkdraconian
•
informative
High
Github actions vulnerable to command injection through untrusted context variabl...
Feb 14th 2024
dmandefy
•
informative
Critical
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
