Critical Photon OS Security Update - PHSA-2026-5.0-0736

Updates of 'python3-pg8000' packages of Photon OS have been released...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

anubis-policy-api (>=0.3.0 <=0.6.0), awsdf (=0.1.12) +29 more potentially affected by CVE-2025-61385 via pg8000 (>=1.12.1 <=1.31.4)

pg8000 PYPI version =1.12.1, =0.3.0, =2.0.0, =0.17.1, =0.4.0, =2050.0.0, =0.0.6, =1.0.5, =0.5.2, =0.1.0, =0.0.1, =2.40.0, =1.0.0, =0.2.2, =1.0.1, =1.0.3 and more Source cves: CVE-2025-61385 Source advisory: SNYK:PYTHON-PG8000-13723709...

SQL Injection

Overview pg8000 is a PostgreSQL interface library Affected versions of this package are vulnerable to SQL Injection via the literal function. An attacker can execute arbitrary SQL commands by supplying a specially crafted Python list as input. Remediation Upgrade pg8000 to version 1.31.5 or highe...

EUVD-2025-36226

pg8000 SQL injection vulnerability via a specially crafted Python list input...

pg8000 SQL injection vulnerability via a specially crafted Python list input

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

anubis-policy-api (>=0.3.0 <=0.6.0), awsdf (=0.1.12) +29 more potentially affected by CVE-2025-61385 via pg8000 (>=1.12.1 <=1.31.4)

pg8000 PYPI version =1.12.1, =0.3.0, =2.0.0, =0.17.1, =0.4.0, =2050.0.0, =0.0.6, =1.0.5, =0.5.2, =0.1.0, =0.0.1, =2.40.0, =1.0.0, =0.2.2, =1.0.1, =1.0.3 and more Source cves: CVE-2025-61385 Source advisory: OSV:GHSA-WQ2G-R956-J8CC...

GHSA-WQ2G-R956-J8CC pg8000 SQL injection vulnerability via a specially crafted Python list input

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

CVE-2025-61385

CVE-2025-61385 affects pg8000 1.31.4. The SQL injection occurs via a specially crafted Python list input to pg8000.native.literal, enabling remote execution of arbitrary SQL. The CVSS 3.1 base score is 9.6 with Network attack vector, low complexity, no privileges, required user interaction, and i...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

pg8000 安全漏洞

pg8000 is a PostgreSQL database driver by tlocke individual developers. A security vulnerability exists in pg8000 version 1.31.4, which stems from not properly handling Python list input and could lead to an SQL injection attack...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

PT-2025-44000

Name of the Vulnerable Software and Affected Versions pg8000 version 1.31.4 Description A SQL injection flaw exists in pg8000. This issue allows remote attackers to execute arbitrary SQL commands by providing a specially crafted Python list as input to the pg8000.native.literal function. The...