504 matches found
Malicious code in cashfree-pg-koa-app (npm)
The package cashfree-pg-koa-app was found to contain malicious code...
MAL-2025-16622 Malicious code in cashfree-pg-koa-app (npm)
The package cashfree-pg-koa-app was found to contain malicious code...
MAL-2025-13132 Malicious code in @zalastax/nolb-pg (npm)
The package @zalastax/nolb-pg was found to contain malicious code...
AZL-66327 CVE-2025-8715 affecting package postgresql for versions less than 14.19-1
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
PT-2025-33268
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: The vulnerability relates to untrusted data inclusion...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: consul, crossplane-provider-azure, aactl, kubernetes-csi-livenessprobe-fips, yunikorn-web, cloud-provider-aws-fips, spegel, telegraf, datadog-agent, k8ssandra-operator, certificate-transparency, dgraph, kube-bench, kuberay-operator-fips, smarter-device-manager,...
SUSE CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
ruby:3.3 security update
An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
SQL Injection
github.com/go-pg/pg is vulnerable to SQL injection. The vulnerability is due to improper handling of input in the /types/appendvalue.go component, which allows an attacker to inject and execute arbitrary SQL commands...
SQL Injection
pg-promise is vulnerable to SQL Injection. The vulnerability is due to improper handling of negative numbers, which allows an attacker to manipulate SQL queries by injecting malicious input...
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
@0x18b2ee/parse-server (>=3.10.1 <=3.11.0), @514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64) +412 more potentially affected by CVE-2025-29744 via pg-promise (>=0.9.8 <=11.5.4)
pg-promise NPM version =0.9.8, =3.10.1, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.0, =1.1.2, =0.0.2, =0.0.3, =0.1.1, =9.3.8, =2.13.15, =2.0.0, =1.1.152, =1.0.1, =1.0.5, =1.0.10 and more Source cves: CVE-2025-29744 Source advisory: OSV:GHSA-FF9H-848C-4XFJ...
GHSA-FF9H-848C-4XFJ pg-promise SQL Injection vulnerability
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
go-pg SQL injection vulnerability via the component /types/append_value.go
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
GHSA-6XP3-P59P-Q4FJ go-pg SQL injection vulnerability via the component /types/append_value.go
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the /types/appendvalue.go component. When a placeholder is directly preceded by a minus - and not separated by any whitespace, the library does not handle the particular case when a negative number is inserted for the...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the /types/appendvalue.go component. When a placeholder is directly preceded by a minus - and not separated by any whitespace, the library does not handle the particular case when a negative number is inserted for the...
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
CVE-2024-44905
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...