Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-espj-jzhn-cqcf
Vulnerability ID VCID-espj-jzhn-cqcf
Aliases CVE-2016-8640
GHSA-hg4c-rgvm-964g
PYSEC-2018-98
Summary A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://seclists.org/oss-sec/2016/q4/406
https://github.com/advisories/GHSA-hg4c-rgvm-964g
https://github.com/geopython/pycsw
https://github.com/geopython/pycsw/commit/522873e5ce48bb9cbd4e7e8168ca881ce709c222
https://github.com/geopython/pycsw/commit/69546e13527c82e4f9191769215490381ad511b2
https://github.com/geopython/pycsw/commit/daaf09b4b920708a415be3c7f446739661ba3753
https://github.com/geopython/pycsw/pull/474/files
https://github.com/pypa/advisory-database/tree/main/vulns/pycsw/PYSEC-2018-98.yaml
https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
http://www.securityfocus.com/bid/94302
CVE-2016-8640 https://nvd.nist.gov/vuln/detail/CVE-2016-8640
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:05:15.797789+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/pycsw/PYSEC-2018-98.yaml 38.6.0