Lucene search
K

9 matches found

NVD
NVD
added 2026/03/19 9:17 p.m.8 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS0.01192EPSS
Exploits1References9
OSV
OSV
added 2026/03/19 9:17 p.m.3 views

DEBIAN-CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS5.6AI score0.01192EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/19 8:23 p.m.2 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS5.9AI score0.01192EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/03/19 8:23 p.m.27 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS0.01192EPSS
Exploits1References9
CVE
CVE
added 2026/03/19 8:23 p.m.25 views

CVE-2026-27953

Summary: CVE-2026-27953 affects ormar (Python)

9.8CVSS5.8AI score0.01192EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2026/03/19 8:23 p.m.3 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS5.6AI score0.01192EPSS
Exploits1
OSV
OSV
added 2026/03/19 4:27 p.m.4 views

GHSA-F964-WHRQ-44H8 ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor

Summary A Pydantic validation bypass in ormar's model constructor allows any unauthenticated user to skip all field validation — type checks, constraints, @fieldvalidator/@modelvalidator decorators, choices enforcement, and required-field checks — by injecting "pkonly": true into a JSON request...

7.1CVSS6AI score0.01192EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2026/03/19 4:27 p.m.5 views

ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor

Summary A Pydantic validation bypass in ormar's model constructor allows any unauthenticated user to skip all field validation — type checks, constraints, @fieldvalidator/@modelvalidator decorators, choices enforcement, and required-field checks — by injecting "pkonly": true into a JSON request...

9.8CVSS6AI score0.01192EPSS
Exploits1References11Affected Software1
FreeBSD
FreeBSD
added 2026/02/22 12:0 a.m.3 views

py-ormar -- vulnerabilities

https://github.com/ormar-orm/ormar/security/advisories reports: SQL Injection in aggregate functions min and max Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...

9.8CVSS7.4AI score0.01192EPSS
Exploits1References2
Rows per page
Query Builder