alerta-server

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting alerta-serverpage 1 of 1

CVE-2020-26214CRITICALCVSS 9.1EG 9.1✓ Fixed in 8.1.0
2020-11-06
vulnerable: 3.1.2 ... 8.0.3 (230 versions)
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured…
CVE-2026-34400CRITICALCVSS 9.8EG 9.8✓ Fixed in 9.1.0
2026-03-31
vulnerable: 3.1.2 ... 9.0.4 (251 versions)
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL st…

Check whether alerta-server is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for alerta-server CVEs against the assets you own.

Start Free Scan →