Lucene search
K

504 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in cashfree-pg-koa-app (npm)

The package cashfree-pg-koa-app was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-16622 Malicious code in cashfree-pg-koa-app (npm)

The package cashfree-pg-koa-app was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-13132 Malicious code in @zalastax/nolb-pg (npm)

The package @zalastax/nolb-pg was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 1:15 p.m.7 views

AZL-66327 CVE-2025-8715 affecting package postgresql for versions less than 14.19-1

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

8.8CVSS7.5AI score0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.7 views

PT-2025-33268

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: The vulnerability relates to untrusted data inclusion...

10CVSS7.9AI score0.89472EPSS
Exploits12References158
Chainguard
Chainguard
added 2025/08/09 1:17 p.m.9 views

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: consul, crossplane-provider-azure, aactl, kubernetes-csi-livenessprobe-fips, yunikorn-web, cloud-provider-aws-fips, spegel, telegraf, datadog-agent, k8ssandra-operator, certificate-transparency, dgraph, kube-bench, kuberay-operator-fips, smarter-device-manager,...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/08/04 11:28 p.m.3 views

SUSE CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS8.5AI score0.00371EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2025/07/29 1:38 p.m.6 views

ruby:3.3 security update

An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.7AI score0.00784EPSS
Exploits0
Veracode
Veracode
added 2025/07/23 7:41 a.m.6 views

SQL Injection

github.com/go-pg/pg is vulnerable to SQL injection. The vulnerability is due to improper handling of input in the /types/appendvalue.go component, which allows an attacker to inject and execute arbitrary SQL commands...

6.5CVSS7.3AI score0.00371EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/07/17 8:2 a.m.6 views

SQL Injection

pg-promise is vulnerable to SQL Injection. The vulnerability is due to improper handling of negative numbers, which allows an attacker to manipulate SQL queries by injecting malicious input...

5.4CVSS6.6AI score0.00193EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/14 12:21 a.m.7 views

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

5.4CVSS6AI score0.00193EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/14 12:21 a.m.4 views

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS6.6AI score0.00371EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/06/12 6:31 p.m.5 views

@0x18b2ee/parse-server (>=3.10.1 <=3.11.0), @514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64) +412 more potentially affected by CVE-2025-29744 via pg-promise (>=0.9.8 <=11.5.4)

pg-promise NPM version =0.9.8, =3.10.1, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.0, =1.1.2, =0.0.2, =0.0.3, =0.1.1, =9.3.8, =2.13.15, =2.0.0, =1.1.152, =1.0.1, =1.0.5, =1.0.10 and more Source cves: CVE-2025-29744 Source advisory: OSV:GHSA-FF9H-848C-4XFJ...

5.4CVSS5.7AI score0.00193EPSS
Exploits1
OSV
OSV
added 2025/06/12 6:31 p.m.3 views

GHSA-FF9H-848C-4XFJ pg-promise SQL Injection vulnerability

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

5.4CVSS6AI score0.00193EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/06/12 6:31 p.m.11 views

go-pg SQL injection vulnerability via the component /types/append_value.go

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS8.5AI score0.00371EPSS
Exploits1References8Affected Software3
OSV
OSV
added 2025/06/12 6:31 p.m.2 views

GHSA-6XP3-P59P-Q4FJ go-pg SQL injection vulnerability via the component /types/append_value.go

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS8.5AI score0.00371EPSS
Exploits1References8
Snyk
Snyk
added 2025/06/12 4:43 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the /types/appendvalue.go component. When a placeholder is directly preceded by a minus - and not separated by any whitespace, the library does not handle the particular case when a negative number is inserted for the...

6.5CVSS7.8AI score0.00371EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/12 4:43 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the /types/appendvalue.go component. When a placeholder is directly preceded by a minus - and not separated by any whitespace, the library does not handle the particular case when a negative number is inserted for the...

6.5CVSS7.8AI score0.00371EPSS
Exploits1References2
NVD
NVD
added 2025/06/12 4:15 p.m.14 views

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

5.4CVSS0.00193EPSS
Exploits1References2
OSV
OSV
added 2025/06/12 4:15 p.m.6 views

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

6.5CVSS8.5AI score
Exploits0References4
Rows per page
Query Builder