CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

Search Vulnerabilities

Software

Searching vulnerabilities affecting “sqlalchemy”

4 vulnerabilities found for “sqlalchemy”

CVE-2024-24811

CRITICAL9.8

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.

zope / sqlalchemyda

Network

Published Feb 7, 2024

CVE-2022-40023

HIGH7.5

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

sqlalchemy / mako+1

Network

Published Sep 7, 2022

CVE-2019-7164

CRITICAL9.8

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

sqlalchemy / sqlalchemy+17

Network

Published Feb 20, 2019

CVE-2019-7548

HIGH7.8

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

sqlalchemy / sqlalchemy+15

Local

Published Feb 6, 2019