Django REST framework
Api Root
Package List
Package Instance
Format
json
api
admin
Package Instance
Lookup for vulnerable packages by Package URL.
Purl
pkg:pypi/sqlalchemy@1.0.8
Type
pypi
Namespace
Name
sqlalchemy
Version
1.0.8
Qualifiers
Subpath
Is_vulnerable
true
Next_non_vulnerable_version
1.2.18
Latest_non_vulnerable_version
1.3.0b3
Affected_by_vulnerabilities
0
url
VCID-kbkh-bf1z-3kb4
vulnerability_id
VCID-kbkh-bf1z-3kb4
summary
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
references
0
reference_url
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
reference_id
reference_type
scores
url
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
1
reference_url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
reference_id
reference_type
scores
url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
2
reference_url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
reference_id
reference_type
scores
url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
3
reference_url
https://access.redhat.com/errata/RHSA-2019:0981
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2019:0981
4
reference_url
https://access.redhat.com/errata/RHSA-2019:0984
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2019:0984
5
reference_url
https://github.com/advisories/GHSA-38fc-9xqv-7f7q
reference_id
reference_type
scores
url
https://github.com/advisories/GHSA-38fc-9xqv-7f7q
6
reference_url
https://github.com/no-security/sqlalchemy_test
reference_id
reference_type
scores
url
https://github.com/no-security/sqlalchemy_test
7
reference_url
https://github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2019-124.yaml
reference_id
reference_type
scores
url
https://github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2019-124.yaml
8
reference_url
https://github.com/sqlalchemy/sqlalchemy
reference_id
reference_type
scores
url
https://github.com/sqlalchemy/sqlalchemy
9
reference_url
https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
reference_id
reference_type
scores
url
https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
10
reference_url
https://github.com/sqlalchemy/sqlalchemy/issues/4510
reference_id
reference_type
scores
url
https://github.com/sqlalchemy/sqlalchemy/issues/4510
11
reference_url
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
reference_id
reference_type
scores
url
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
12
reference_url
https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
reference_id
reference_type
scores
url
https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
13
reference_url
https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url
https://www.oracle.com/security-alerts/cpujan2021.html
14
reference_url
https://nvd.nist.gov/vuln/detail/CVE-2019-7548
reference_id
CVE-2019-7548
reference_type
scores
url
https://nvd.nist.gov/vuln/detail/CVE-2019-7548
fixed_packages
0
url
pkg:pypi/sqlalchemy@1.2.18
purl
pkg:pypi/sqlalchemy@1.2.18
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/sqlalchemy@1.2.18
1
url
pkg:pypi/sqlalchemy@1.2.19
purl
pkg:pypi/sqlalchemy@1.2.19
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/sqlalchemy@1.2.19
aliases
CVE-2019-7548, GHSA-38fc-9xqv-7f7q, PYSEC-2019-124
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-kbkh-bf1z-3kb4
1
url
VCID-tt22-7cuc-gkfc
vulnerability_id
VCID-tt22-7cuc-gkfc
summary
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
references
0
reference_url
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
reference_id
reference_type
scores
url
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
1
reference_url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
reference_id
reference_type
scores
url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
2
reference_url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
reference_id
reference_type
scores
url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
3
reference_url
https://access.redhat.com/errata/RHSA-2019:0981
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2019:0981
4
reference_url
https://access.redhat.com/errata/RHSA-2019:0984
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2019:0984
5
reference_url
https://github.com/advisories/GHSA-887w-45rq-vxgf
reference_id
reference_type
scores
url
https://github.com/advisories/GHSA-887w-45rq-vxgf
6
reference_url
https://github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2019-123.yaml
reference_id
reference_type
scores
url
https://github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2019-123.yaml
7
reference_url
https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
reference_id
reference_type
scores
url
https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
8
reference_url
https://github.com/sqlalchemy/sqlalchemy/issues/4481
reference_id
reference_type
scores
url
https://github.com/sqlalchemy/sqlalchemy/issues/4481
9
reference_url
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
reference_id
reference_type
scores
url
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
10
reference_url
https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
reference_id
reference_type
scores
url
https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
11
reference_url
https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url
https://www.oracle.com/security-alerts/cpujan2021.html
12
reference_url
https://nvd.nist.gov/vuln/detail/CVE-2019-7164
reference_id
CVE-2019-7164
reference_type
scores
url
https://nvd.nist.gov/vuln/detail/CVE-2019-7164
fixed_packages
0
url
pkg:pypi/sqlalchemy@1.2.18
purl
pkg:pypi/sqlalchemy@1.2.18
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/sqlalchemy@1.2.18
1
url
pkg:pypi/sqlalchemy@1.3.0b3
purl
pkg:pypi/sqlalchemy@1.3.0b3
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/sqlalchemy@1.3.0b3
aliases
CVE-2019-7164, GHSA-887w-45rq-vxgf, PYSEC-2019-123
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-tt22-7cuc-gkfc
Fixing_vulnerabilities
Risk_score
null
Resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/sqlalchemy@1.0.8
×
Create
None
×
Edit
None