← Back

Sqlalchemy

sqlalchemy

Vendor: Sqlalchemy • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-7164
5Debian
OpensuseOracle+2 more
9Backports Sle
Communications Operations MonitorDebian Linux+6 more
Nov 21, 2024
Feb 20, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-7548
5Debian
OpensuseOracle+2 more
9Backports Sle
Communications Operations MonitorDebian Linux+6 more
Nov 21, 2024
Feb 6, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2012-0805
1Sqlalchemy
1Sqlalchemy
Apr 29, 2026
Jun 5, 2012
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspec...Show more
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.Show less