CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

SQL Injection

Overview drizzle-orm is a Drizzle ORM package for SQL databases Affected versions of this package are vulnerable to SQL Injection through the escapeName handling in the PostgreSQL, SQLite, and SingleStore dialects. An attacker can inject arbitrary SQL by supplying a malicious identifier to...

GHSA-GPJ5-G38J-94V9 Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

Security Bulletin: Singlestore DB with IBM is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in Singlestore DB with IBM SingleStore Self-Managed Enterprise with IBM and SingleStore Self-Managed Standard with IBM in Version 8.9.46. Its been addressed in 8.9.47. Hence, IBM strongly recommends upgrading to 8.9.47. Vulnerability Details Refer to the...

MAL-2025-6856 Malicious code in singlestore-avro-sample (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in singlestore-avro-sample (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6805 Malicious code in nodejs-with-singlestore-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2dfae81e2129cf717fbae5a22ecd1938d1ea741de0968e42d5363363d6ea2dfe The OpenSSF Package Analysis project identified 'nodejs-with-singlestore-demo' @ 1002.0.1 npm as malicious. It is considered malicious because: ...

Malicious code in nodejs-with-singlestore-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2dfae81e2129cf717fbae5a22ecd1938d1ea741de0968e42d5363363d6ea2dfe The OpenSSF Package Analysis project identified 'nodejs-with-singlestore-demo' @ 1002.0.1 npm as malicious. It is considered malicious because: ...

SingleStore: Exceeding the limit of Workspaces via Race Condition

The reporter discovered a race condition vulnerability in backend.singlestore.com that allowed free-tier users to bypass the 5-workspace limit by sending multiple simultaneous CreateWorkspace requests. This issue was patched by SingleStore as of October 3rd, 2025...

SingleStore: Exceed the maximum number of subscribers using Race Condition

A race condition vulnerability was discovered in the SingleStore control panel that allowed bypassing the maximum limit of five subscribers for alerts. The issue was patched and deployed to production...