PyPI: sqlalchemy

CVE-2012-0805

Safety vulnerability ID: SFTY-20120605-17778

Safety legacy ID: pyup.io-52946

Sqlalchemy 0.7.0 includes a fix for CVE-2012-0805: Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. https://docs.sqlalchemy.org/en/20/changelog/changelog_07.html#change-0.7.0

PythonPyPINVDNVDGitHubGHSA
Created at: Apr 29, 2026Updated at: Apr 29, 2026

Overview

SQLAlchemy vulnerable to SQL injection

Advisory

Sqlalchemy 0.7.0 includes a fix for CVE-2012-0805: Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. https://docs.sqlalchemy.org/en/20/changelog/changelog_07.html#change-0.7.0

Affected Package

Affecting sqlalchemy package, versions
<0.7.0

Also affects

---

How to Fix

Upgrade
sqlalchemy
to
0.7.0
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more