piccolo

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting piccolopage 1 of 1

CVE-2023-41885MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.121.0
2023-09-12
vulnerable: 0.1.0 ... 0.99.0 (240 versions)
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of …
CVE-2023-47128CRITICALCVSS 9.1EG 9.1✓ Fixed in 82679eb8cd1449cf31d87c9914a072e70168b6eb
2023-11-10
vulnerable: 0.1.0 ... 1.9.0 (287 versions)
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While th…

Check whether piccolo is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for piccolo CVEs against the assets you own.

Start Free Scan →