GHSA-6497-prx7-gpmqHighCVSS 8.6

geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure

Published
January 30, 2026
Last Modified
June 5, 2026

🔗 CVE IDs covered (1)

📋 Description

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

🎯 Affected products1

  • pip/geopandas:< 1.1.2

🔗 References (9)