CVE-2025-12743 SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

CVE-2025-12743

CVE-2025-12743 affects Looker: the project-generation endpoint (creating new projects from database connections) accepts a reserved internal name "looker" and the schemas parameter is vulnerable to SQL injection. This allows users with developer permissions to manipulate SELECT queries against Lo...

EUVD-2021-0202

Malware in sbrugna...

EUVD-2022-5760

Malicious code in bioql PyPI...

EUVD-2022-3987

Malicious code in bioql PyPI...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

GHSA-GPMW-H4WQ-4RCH Missing permission check in Jenkins Project Inheritance Plugin

A missing permission check in Jenkins Project Inheritance Plugin 19.08.01 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

Design/Logic Flaw

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

PYSEC-2021-111

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

CVE-2021-21423

CVE-2021-21423 concerns the projen build tool. The issue centers on the rebuild-bot GitHub workflow (triggered by issue_comment with @projen rebuild) which runs with the repository’s GITHUB_TOKEN and could allow untrusted code to affect the main branch, potentially exposing secrets or altering co...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

Information disclosure

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...