LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method

Context A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...

GHSA-9RWJ-6RC7-P77C LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method

Context A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...

PT-2025-50558

Name of the Vulnerable Software and Affected Versions LangGraph versions 3.0.0 and below Description The LangGraph SQLite Checkpoint component, used for saving data with SQLite databases, has a flaw. Versions 3.0.0 and below are susceptible to SQL injection. This occurs because the metadata...

K000158128: SQLite vulnerability CVE-2025-6965

Security Advisory Description There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Impact There...

📄 Exim 4.98 SQL Injection

A vulnerability exists in Exim version 4.98 when ETRN input is serialized and passed to a SQLite backend. Time‑based SQL injection allows attackers to detect conditions in SQL execution measuring response latency...

漏洞扫描系统

This is a Python web application built using the Flask framework, designed to scan Windows systems for vulnerabilities. The application has several features, including user authentication, task management, and vulnerability scanning. Here is a summary of the key points: User Authentication The...

F5 Networks BIG-IP : SQLite vulnerability (K000158050)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6 / 17.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K000158050 advisory. SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5)

The version of AOS installed on the remote host is prior to 7.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5 advisory. - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call...

K000158050: SQLite vulnerability CVE-2019-8457

Security Advisory Description SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVE-2019-8457 Impact This vulnerability allows a remote, low-privileged user to trigger a heap out-of-bounds read in the...

ROS-20251203-20

A vulnerability in the setupLookaside function of the SQLite database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

Oracle Linux 9 : sqlite (ELSA-2025-20936)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20936 advisory. 3.34.1-9 - Fixes CVE-2025-6965 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

[SECURITY] Fedora 42 Update: migrate-4.19.0-1.fc42

Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...

[SECURITY] Fedora 43 Update: migrate-4.19.0-1.fc43

Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...

sqlite security update

3.34.1-9 - Fixes CVE-2025-6965...

sqlite security update

An update is available for sqlite. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SQLite is a C library that implements an SQL database engine. A large subset o...

RLSA-2025:20936 Important: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

TencentOS Server 3: mingw packages (TSSA-2022:0121)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0121 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: sqlite (TSSA-2025:0288)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0288 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

AlmaLinux 9 : sqlite (ALSA-2025:20936)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20936 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...

EUVD-2025-175646

Malicious code in wasat-carina-shelljs-sqlite npm...