All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2019-7164 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 | Critical | – | – | <=1.2.17 >=1.3.0b1,<=1.3.0b2 |
| CVE-2019-7548 | SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. | High | – | – | <1.3.0 |
| CVE-2012-0805 | Sqlalchemy 0.7.0 includes a fix for CVE-2012-0805: Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands vi… | High | – | – | <0.7.0 |
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.