PYSEC-2026-1766

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pg8000/PYSEC-2026-1766.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1766
Aliases
Published
2026-07-07T16:03:08.272566Z
Modified
2026-07-07T17:47:18.158332127Z
Severity
  • 8.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
pg8000 SQL injection vulnerability via a specially crafted Python list input
Details

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.

References

Affected packages

PyPI / pg8000

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.31.5

Affected versions

1.*
1.00
1.01
1.02
1.03
1.04
1.05
1.06
1.07
1.08
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.11.0
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.13.1
1.13.2
1.14.0
1.14.1
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.17.0
1.18.0
1.19.0
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.20.0
1.21.0
1.21.1
1.21.2
1.21.3
1.22.0
1.22.1
1.23.0
1.24.0
1.24.1
1.24.2
1.25.0
1.26.0
1.26.1
1.27.0
1.27.1
1.28.0
1.28.1
1.28.2
1.28.3
1.29.0
1.29.1
1.29.2
1.29.3
1.29.4
1.29.5
1.29.6
1.29.7
1.29.8
1.30.1
1.30.2
1.30.3
1.30.4
1.30.5
1.31.0
1.31.1
1.31.2
1.31.3
1.31.4

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pg8000/PYSEC-2026-1766.yaml"