repository icon
prefecthq / prefect Project repository

Prefect is a workflow orchestration framework for building resilient data pipelines in Python.

Submit a report

FIRST INTERACTION

WITHIN14 DAYS

REVIEW

WITHIN15 DAYS

FIX

WITHIN86 DAYS

Missing Input Validation in Work Pool Storage Configuration Allows Arbitrary Mod...
ar03
informative
High
`LocalFileSystem` basepath enforcement is bypassable for reads, writes, and dire...
gunp1a
informative
Critical
`prefect.deployments.steps.git_clone` allows path traversal through `clone_direc...
gunp1a
informative
High
Unauthenticated secret exfiltration via include_secrets parameter + SSRF via web...
snakeyworm
informative
None
Unauthenticated secret exfiltration via include_secrets parameter + SSRF via web...
snakeyworm
informative
None
Unauthenticated RCE on Workers via Malicious Pull Steps in Deployment API
csaw-admin
not applicable
RCE via PREFECT_LOGGING_SETTINGS_PATH environment variable (dictConfig factory i...
wernerina
not applicable
CORS Wildcard + Default No Authentication → Workflow Data Theft + Deletion in Pr...
zuck3-r
informative
High
Unsafe cloudpickle deserialization in Prefect task runners and bundle deserializ...
etwithin
None
Unsafe deserialization via cloudpickle in Prefect flow and task serialization
etwithin
informative
High
Authentication Bypass via endswith() Health Check Exemption Allows Unauthenticat...
galanzi2580-wq
High
CVE-2026-3514
Git Argument Injection via Reference Field in GitHubRepository Block
optimus-fulcria
High
CVE-2026-3515
CORS misconfiguration leads to data leak
srivallikusumba
High
$300CVE-2024-8183
Code injection
h2oa
informative
Critical
CVE-2024-4387
/api/logs endpoint has no upper limit on data input
mik0w
not applicable
Can use csrf to steal/modify block content, artifact content, variables possibly...
jbonnett
High
$15680CVE-2023-6022