3 matches found
SUSE CVE-2022-40023
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...
python-sqlalchemy: SQL Injection when the order_by parameter can be controlled
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter...
aequitas (>=0.26.0 <=0.34.0), alembic-viz (=0.1.0) +151 more potentially affected by CVE-2019-7548 via sqlalchemy (>=0.7.7 <=1.2.17)
sqlalchemy PYPI version =0.7.7, =0.26.0, =1.10.0, =0.10.0, =0.1.6, =1.0.0a0, =1.0.0, =0.0.4, =1.0.1, =0.6.7.post3, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.0.6 and more Source cves: CVE-2019-7548 Source advisory: OSV:PYSEC-2019-124...