{"package":"vanna","ecosystem":"pypi","latest_version":"2.0.2","description":"Generate SQL queries from natural language","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pypi.org/project/vanna/","repository":"https://github.com/vanna-ai/vanna","downloads_weekly":0,"health":{"score":58,"risk":"high","breakdown":{"maintenance":20,"popularity":0,"security":23,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2026-4229","severity":"medium","summary":"Vanna has a SQL injection in the remove_training_data function","affected_versions":"<=2.0.2|=0.0.1|=0.0.10|=0.0.11|=0.0.12|=0.0.13|=0.0.14|=0.0.15|=0.0.16|=0.0.17|=0.0.18|=0.0.19|=0.0.2|=0.0.20|=0.0.21|=0.0.22|=0.0.23|=0.0.24|=0.0.25|=0.0.26|=0.0.27|=0.0.28|=0.0.29|=0.0.3|=0.0.30|=0.0.31|=0.0.32|=0.0.33|=0.0.34|=0.0.35|=0.0.36|=0.0.37|=0.0.38|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.2.0|=0.2.1|=0.3.0|=0.3.1|=0.3.2|=0.3.3|=0.3.4|=0.4.0|=0.4.1|=0.4.2|=0.4.3|=0.5.0|=0.5.1|=0.5.2|=0.5.3|=0.5.4|=0.5.5|=0.6.0|=0.6.1|=0.6.2|=0.6.3|=0.6.4|=0.6.5|=0.6.6|=0.7.0|=0.7.1|=0.7.2|=0.7.3|=0.7.4|=0.7.5|=0.7.6|=0.7.7|=0.7.8|=0.7.9|=2.0.0|=2.0.0rc1|=2.0.1|=2.0.2","fixed_version":null,"source":"osv","published_at":"2026-03-16T15:30:46Z","in_kev":false,"epss_prob":0.0004,"epss_percentile":0.12016,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"2.0.2","total_count":78,"recent":["0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","2.0.0rc1","2.0.0","2.0.1","2.0.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-02-02T14:14:49.968746Z","dependencies_count":119,"dependencies":["pydantic>=2.0.0","click>=8.0.0","pandas","httpx>=0.28.0","PyYAML","plotly","tabulate","sqlparse","sqlalchemy","requests","psycopg2-binary; extra == \"all\"","db-dtypes; extra == \"all\"","PyMySQL; extra == \"all\"","google-cloud-bigquery; extra == \"all\"","snowflake-connector-python; extra == \"all\"","duckdb; extra == \"all\"","openai; extra == \"all\"","qianfan; extra == \"all\"","mistralai>=1.0.0; extra == \"all\"","chromadb>=1.1.0; extra == \"all\"","anthropic; extra == \"all\"","zhipuai; extra == \"all\"","marqo; extra == \"all\"","google-generativeai; extra == \"all\"","google-cloud-aiplatform; extra == \"all\"","qdrant-client>=1.0.0; extra == \"all\"","fastembed; extra == \"all\"","ollama; extra == \"all\"","httpx; extra == \"all\"","opensearch-py; extra == \"all\"","opensearch-dsl; extra == \"all\"","transformers; extra == \"all\"","pinecone; extra == \"all\"","pymilvus[model]; extra == \"all\"","weaviate-client; extra == \"all\"","azure-search-documents; extra == \"all\"","azure-identity; extra == \"all\"","azure-common; extra == \"all\"","faiss-cpu; extra == \"all\"","boto; extra == \"all\"","boto3; extra == \"all\"","botocore; extra == \"all\"","langchain_core; extra == \"all\"","langchain_postgres; extra == \"all\"","langchain-community; extra == \"all\"","langchain-huggingface; extra == \"all\"","xinference-client; extra == \"all\"","anthropic; extra == \"anthropic\"","openai; extra == \"azureopenai\"","azure-identity; extra == \"azureopenai\"","azure-search-documents; extra == \"azuresearch\"","azure-identity; extra == \"azuresearch\"","azure-common; extra == \"azuresearch\"","fastembed; extra == \"azuresearch\"","boto3; extra == \"bedrock\"","botocore; extra == \"bedrock\"","google-cloud-bigquery; extra == \"bigquery\"","chromadb>=1.1.0; extra == \"chromadb\"","clickhouse_connect; extra == \"clickhouse\"","pytest>=7.0.0; extra == \"dev\"","pytest-asyncio>=0.21.0; extra == \"dev\"","pytest-mock>=3.10.0; extra == \"dev\"","pytest-cov>=4.0.0; extra == \"dev\"","tox>=4.0.0; extra == \"dev\"","mypy; extra == \"dev\"","ruff; extra == \"dev\"","pandas-stubs; extra == \"dev\"","plotly-stubs; extra == \"dev\"","types-PyYAML; extra == \"dev\"","types-requests; extra == \"dev\"","types-tabulate; extra == \"dev\"","duckdb; extra == \"duckdb\"","faiss-cpu; extra == \"faiss-cpu\"","faiss-gpu; extra == \"faiss-gpu\"","fastapi>=0.68.0; extra == \"fastapi\"","uvicorn>=0.15.0; extra == \"fastapi\"","flask>=2.0.0; extra == \"flask\"","flask-cors>=4.0.0; extra == \"flask\"","google-genai; extra == \"gemini\"","google-generativeai; extra == \"google\"","google-cloud-aiplatform; extra == \"google\"","transformers; extra == \"hf\"","pyhive; extra == \"hive\"","thrift; extra == \"hive\"","marqo; extra == \"marqo\"","pymilvus[model]; extra == \"milvus\"","mistralai>=1.0.0; extra == \"mistralai\"","pyodbc; extra == \"mssql\"","PyMySQL; extra == \"mysql\"","ollama; extra == \"ollama\"","httpx; extra == \"ollama\"","openai; extra == \"openai\"","opensearch-py; extra == \"opensearch\"","opensearch-dsl; extra == \"opensearch\"","langchain-community; extra == \"opensearch\"","langchain-huggingface; extra == \"opensearch\"","oracledb; extra == \"oracle\"","chromadb<1.0.0; extra == \"oracle\"","langchain-postgres>=0.0.12; extra == \"pgvector\"","pinecone; extra == \"pinecone\"","fastembed; extra == \"pinecone\"","psycopg2-binary; extra == \"postgres\"","db-dtypes; extra == \"postgres\"","pyhive; extra == \"presto\"","thrift; extra == \"presto\"","qdrant-client>=1.0.0; extra == \"qdrant\"","fastembed; extra == \"qdrant\"","qianfan; extra == \"qianfan\"","vanna[fastapi,flask]; extra == \"servers\"","snowflake-connector-python; extra == \"snowflake\"","pytest>=7.0.0; extra == \"test\"","pytest-asyncio>=0.21.0; extra == \"test\"","pytest-mock>=3.10.0; extra == \"test\"","pytest-cov>=4.0.0; extra == \"test\"","tox>=4.0.0; extra == \"test\"","vllm; extra == \"vllm\"","weaviate-client; extra == \"weaviate\"","xinference-client; extra == \"xinference-client\"","zhipuai; extra == \"zhipuai\""]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"2.0.2","version_hint":null,"summary":"vanna@2.0.2 is safe to use (health: 58/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":894,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":88,"avg_days_between_releases":null,"release_velocity":"active"}}