sqlalchemy
PyPI3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting sqlalchemypage 1 of 1
- CVE-2012-0805NONECVSS 0.0EG 0.0✓ Fixed in 0.7.02012-06-05
vulnerable: 0.1.0 ... 0.6beta3 (75 versions)
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to th…
- CVE-2019-7164CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.3.0b32019-02-20
vulnerable: 0.1.0 ... 1.3.0b2 (178 versions)
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
- CVE-2019-7548HIGHCVSS 7.8EG 7.8✓ Fixed in 1.2.182019-02-06
vulnerable: 0.1.0 ... 1.2.17 (174 versions)
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Check whether sqlalchemy is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sqlalchemy CVEs against the assets you own.
Start Free Scan →