pkg:PyPI/dbt-mcp
3 total CVEsMEDIUM1LOW2
✅ Check your installed version
All known vulnerabilities
- MEDIUM6.3CVE-2026-44968dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parametersfrom 0, < 1.17.1
- LOW3.1CVE-2026-44970dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redactionfrom 0, < 1.17.1
- LOW2.5CVE-2026-44969dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabledfrom 0, < 1.17.1