13285 matches found
USN-7908-1 postgresql-14, postgresql-16, postgresql-17 vulnerabilities
Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE privileges. An authenticated attacker could possibly use this issue to create a denial of service against other CREATE STATISTICS users. CVE-2025-12817 Aleksey Solovev discovered...
ROOT-OS-DEBIAN-11-CVE-2025-12818 CVE-2025-12818 in rootio-postgresql-13 - Patched by Root
Root has patched CVE-2025-12818 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2025-13372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a...
EUVD-2025-200249
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
GHSA-RQW2-GHQ9-44M7 Django is vulnerable to SQL injection in column aliases
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
Django is vulnerable to SQL injection in column aliases
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
PYSEC-2025-104
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL.Earlier,...
CVE-2025-13372
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
PYSEC-2025-104
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
CVE-2025-13372
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
SQL Injection
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the FilteredRelation column aliases. When a malicious dictionary expansion is passed in as the kwargs argument ...
CVE-2025-13372
CVE-2025-13372 affects Django 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. The issue is a SQL injection in FilteredRelation column aliases when dictionary expansion is passed to QuerySet.annotate() or QuerySet.alias() on PostgreSQL. Several connected advisories confirm affected dis...
CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
CVE-2025-13372
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
UBUNTU-CVE-2025-13372
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
SQL Injection
Overview fraiseql is a GraphQL for the LLM era. Simple. Powerful. Rust-fast. Production-ready GraphQL API framework for PostgreSQL with CQRS, JSONB optimization, and type-safe mutations Affected versions of this package are vulnerable to SQL Injection due to missing validation of GraphQL context...
Oracle Linux 8 : postgresql (ELSA-2025-28019)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28019 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Backport CVE-2025-8715 - Fix backport for CVE-2025-1094 - Backport fix for CVE-2025-1094 - Fixes:...
PT-2025-48697
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.26 Django versions 5.1 through 5.1.14 Django versions 5.2 through 5.2.8 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description An issue exists in Django...
Exploit for OS Command Injection in Postgresql
usage: CVE-2019-9193.py -h -i IP -p PORT -d DATABASE...