275 matches found
Server-side Request Forgery (SSRF)
Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the /project/element update flow when the SQLAlchemy data layer backend is configured. An attacker can cause the server to send arbitrary HTTP requests to intern...
CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element
Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...
CVE-2026-22219
CVE-2026-22219 affects Chainlit
CVE-2026-22219
Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...
CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element
Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
PT-2026-3483
Name of the Vulnerable Software and Affected Versions ChatterBot versions up to 1.2.10 ChatterBot version 1.2.11 Description ChatterBot, a machine learning conversational dialog engine, is susceptible to a denial-of-service condition. This occurs due to improper management of database sessions an...
PT-2026-3516
Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 have a server-side request forgery SSRF issue in the /project/element update flow when using the SQLAlchemy data layer backend. An authenticated client can control t...
blacksheep-sqlalchemy (=0.0.3), shapelets-platform (>=2.0.40 <=2.2.5) +2 more potentially affected by CVE-2026-22779 via blacksheep (>=1.2.18 <=2.0.8)
blacksheep PYPI version =1.2.18, =2.0.40, =2.2.5 - shapelets-rec-server =0.1.0.dev1 - sheepcord =0.1.0 Source cves: CVE-2026-22779 Source advisory: OSV:GHSA-6PW3-H7XF-X4GP...
MiracleLinux 4 : python-sqlalchemy-0.5.5-3.AXS4 (AXSA:2012-366:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-366:01 advisory. SQLAlchemy is an Object Relational Mappper ORM that provides a flexible, high-level interface to SQL databases. Database and domain concepts are decoupled,...
CVE-2024-34715
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
Exploit for SQL Injection in Sqlalchemy
What Part A - Prereqs - hud cli - Docker Part A - Setu...
EUVD-2012-0028
Malware in sbrugna...
EUVD-2019-0134
Malware in sbrugna...
EUVD-2019-0133
Malware in sbrugna...
EUVD-2024-1520
Malicious code in bioql PyPI...
EUVD-2022-0149
Malicious code in bioql PyPI...