Search for packages
| purl | pkg:rpm/redhat/automation-eda-controller@1.1.14-1?arch=el9ap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6wx7-16zc-8qck
Aliases: CVE-2025-9907 |
event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA | There are no reported fixed by versions. |
|
VCID-9uzd-mmyv-mfh4
Aliases: CVE-2025-64459 GHSA-frmv-pr5f-9mcr |
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue. | There are no reported fixed by versions. |
|
VCID-pvw1-t3hh-nyep
Aliases: CVE-2025-9908 |
event-driven-ansible: Sensitive Internal Headers Disclosure in AAP EDA Event Streams | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:36:40.417238+00:00 | RedHat Importer | Affected by | VCID-pvw1-t3hh-nyep | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9908.json | 38.0.0 |
| 2026-04-01T13:36:39.376071+00:00 | RedHat Importer | Affected by | VCID-6wx7-16zc-8qck | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9907.json | 38.0.0 |
| 2026-04-01T13:35:16.846971+00:00 | RedHat Importer | Affected by | VCID-9uzd-mmyv-mfh4 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json | 38.0.0 |