Search for packages
| purl | pkg:pypi/sqlalchemy@0.3.10 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3q38-re5x-rbaj
Aliases: CVE-2012-0805 GHSA-hfg2-wf6j-x53p PYSEC-2012-9 |
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-kbkh-bf1z-3kb4
Aliases: CVE-2019-7548 GHSA-38fc-9xqv-7f7q PYSEC-2019-124 |
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tt22-7cuc-gkfc
Aliases: CVE-2019-7164 GHSA-887w-45rq-vxgf PYSEC-2019-123 |
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:05:32.814313+00:00 | Pypa Importer | Affected by | VCID-tt22-7cuc-gkfc | https://github.com/pypa/advisory-database/blob/main/vulns/sqlalchemy/PYSEC-2019-123.yaml | 38.6.0 |
| 2026-06-02T04:05:31.534565+00:00 | Pypa Importer | Affected by | VCID-kbkh-bf1z-3kb4 | https://github.com/pypa/advisory-database/blob/main/vulns/sqlalchemy/PYSEC-2019-124.yaml | 38.6.0 |
| 2026-06-02T04:03:16.061724+00:00 | Pypa Importer | Affected by | VCID-3q38-re5x-rbaj | https://github.com/pypa/advisory-database/blob/main/vulns/sqlalchemy/PYSEC-2012-9.yaml | 38.6.0 |