huntr: feast-dev/feast

feast-dev / feast

The Open Source Feature Store for Machine Learning

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN30 DAYS

FIX

WITHIN97 DAYS

feast-dev

Hard-coded non-overridable intra-communication secret in Helm chart enables auth...

Mar 20th 2026

self closed

feast-dev

Unsafe dill.loads() Deserialization in 9 Locations Enables Remote Code Execution...

Mar 19th 2026

mom3gool2030•

duplicate

None

feast-dev

Arbitrary Code Execution via Unsafe dill Deserialization of UDF Bodies from Feas...

Mar 19th 2026

duplicate

High

feast-dev

Insecure deserialization of UDF registry blobs leads to RCE

Mar 19th 2026

duplicate

Critical

feast-dev

Arbitrary File Read / Path Traversal

Mar 29th 2026

luffybounty18•

pending

feast-dev

Arbitrary code execution during YAML config parsing in Kubernetes materializer

Jan 1st 2026

High

High

•CVE-2025-11157

feast-dev

Improper CORS Configuration Allowing Unauthorized Cross-Origin Access

Feb 21st 2025

soloplayer140•

duplicate

High

feast-dev

SQL injection in PostgreSQL offline store

Jan 3rd 2025

spam

feast-dev

Client-Side Desync Attack: HTTP Request Smuggling Vulnerability in Feast

Dec 18th 2024

not applicable

feast-dev

Client-Side Desync Attack: HTTP Request Smuggling Vulnerability in Feast

Oct 10th 2024

self closed

feast-dev

Remote Code Execution (RCE) in PythonTransformation

Nov 4th 2024

informative

Critical

feast-dev

Remote Code Execution (RCE) via Deserialization in Feast GEProfiler

Nov 4th 2024

informative

Critical

feast-dev

CORS can leads to expose the sensitive data

Dec 30th 2024

High

•$750

High

•$750•CVE-2024-11602

CRITICAL

$0

HIGH

$0

MEDIUM

$0

LOW

$0