PYSEC-2025-104

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

CVE-2025-13372

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

SQL Injection

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the FilteredRelation column aliases. When a malicious dictionary expansion is passed in as the kwargs argument ...

CVE-2025-13372

CVE-2025-13372 affects Django 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. The issue is a SQL injection in FilteredRelation column aliases when dictionary expansion is passed to QuerySet.annotate() or QuerySet.alias() on PostgreSQL. Several connected advisories confirm affected dis...

CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

CVE-2025-13372

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

UBUNTU-CVE-2025-13372

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

SQL Injection

Overview fraiseql is a GraphQL for the LLM era. Simple. Powerful. Rust-fast. Production-ready GraphQL API framework for PostgreSQL with CQRS, JSONB optimization, and type-safe mutations Affected versions of this package are vulnerable to SQL Injection due to missing validation of GraphQL context...

PT-2025-48697

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.26 Django versions 5.1 through 5.1.14 Django versions 5.2 through 5.2.8 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description An issue exists in Django...

Oracle Linux 8 : postgresql (ELSA-2025-28019)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28019 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Backport CVE-2025-8715 - Fix backport for CVE-2025-1094 - Backport fix for CVE-2025-1094 - Fixes:...

Exploit for OS Command Injection in Postgresql

usage: CVE-2019-9193.py -h -i IP -p PORT -d DATABASE...

[SECURITY] Fedora 42 Update: pgadmin4-9.10-1.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 43 Update: pgadmin4-9.10-1.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

postgresql17-17.7-1.1 on GA media (moderate)

postgresql17-17.7-1.1 on GA media Announcement ID: openSUSE-SU-2025:15786-1 Rating: moderate Cross-References: CVE-2025-12817 CVE-2025-12818 CVSS scores: CVE-2025-12817 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2025-12817 SUSE : 5.3...

postgresql15-15.15-1.1 on GA media (moderate)

postgresql15-15.15-1.1 on GA media Announcement ID: openSUSE-SU-2025:15784-1 Rating: moderate Cross-References: CVE-2025-12817 CVE-2025-12818 CVSS scores: CVE-2025-12817 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2025-12817 SUSE : 5.3...

ROOT-OS-DEBIAN-12-CVE-2025-12818 CVE-2025-12818 in rootio-postgresql-15 - Patched by Root

Root has patched CVE-2025-12818 in the rootio-postgresql-15 package for Root:Debian:12. Multiple fixed versions available...

postgresql security update

12.22-5.0.1 - Add backport of CVE-2025-8714 Orabug: 38667546 12.22-5 - Fix previous Backport 12.22-4 - Backport CVE-2025-8715 12.22-3 - Fix backport for CVE-2025-1094 12.22-2 - Backport fix for CVE-2025-1094 12.22-1 - Update to 12.22 - Fixes: CVE-2024-10976 CVE-2024-10978 12.20-1 - Update to 12.2...

OPENSUSE-SU-2025:15786-1 postgresql17-17.7-1.1 on GA media

These are all security issues fixed in the postgresql17-17.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15782-1 postgresql13-13.23-1.1 on GA media

These are all security issues fixed in the postgresql13-13.23-1.1 package on the GA media of openSUSE Tumbleweed...