Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pmww-v6c9-7p83
  • PyPI/piccolo-admin
 Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page 01 Apr 2024
  • Fix available
  • Severity - 7.7 (High)
GHSA-xq59-7jf3-rjc6
  • PyPI/piccolo
 piccolo SQL Injection via named transaction savepoints 12 Nov 2023
  • Fix available
  • Severity - 9.3 (Critical)
PYSEC-2023-241
  • PyPI/piccolo
  • github.com/piccolo-orm/piccolo
 See record for full details 10 Nov 2023
  • Fix available
  • Severity - 9.1 (Critical)
PYSEC-2023-173
  • PyPI/piccolo
  • github.com/piccolo-orm/piccolo
 See record for full details 12 Sep 2023
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-h7cm-mrvq-wcfr
  • PyPI/piccolo
 Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration 12 Sep 2023
  • Fix available
  • Severity - 5.3 (Medium)