GHSA-WC3V-3457-C8CM OpenMeter: SQL injection through meter creation

Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...

PT-2026-46869

Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...

EUVD-2026-11719

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...

OneUptime SQL注入漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.23 contained a SQL injection vulnerability. This vulnerability stemmed from the telemetry aggregation API directly inserting...

EUVD-2018-6564

Malware in sbrugna...

EUVD-2023-51261

Malicious code in bioql PyPI...

EUVD-2024-19964

Malicious code in bioql PyPI...

Detecting Data Leaks Before Disaster

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek...

GHSA-3P77-WG4C-QM24 Duplicate Advisory: Exposure of sensitive information in ClickHouse

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8ph-74m6-8m7r. This link is maintained to preserve external references. Original Description Exposure of sensitive information in exceptions in ClickHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

The vulnerability of the LZ4 compression codec in the ClickHouse database management system allows a hacker to execute arbitrary code.

The vulnerability of the LZ4 compression codec used by the ClickHouse database management system in OLAP queries is related to the possibility of buffer overflows in the queue. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

The vulnerability of the LZ4 compression codec in the ClickHouse database management system allows a hacker to execute arbitrary code.

The vulnerability of the LZ4 compression codec used by the ClickHouse database management system in OLAP queries is related to the possibility of buffer overflows in the queue. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...