[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-7164":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":57,"downstream":58,"duplicates":95,"related":96,"reserved_at":9,"published_at":109,"modified_at":110,"state":111,"summary":112,"references_raw":120,"kevs":191,"epss":192,"epss_history":195,"metrics":444,"affected":459},"CVE-2019-7164","SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_SQLALCHEMY_SQLALCHEMY","Sqlalchemy","github","https://github.com/sqlalchemy/sqlalchemy/issues/4481","poc",0.3,false,[],[55,56],"GHSA-887w-45rq-vxgf","PYSEC-2019-123",[],[59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93],{"_key":60},"SUSE-SU-2019:2253-2",{"_key":62},"RHSA-2019:0981",{"_key":64},"RHSA-2019:0984",{"_key":66},"UBUNTU-CVE-2019-7164",{"_key":68},"SUSE-SU-2019:2253-1",{"_key":70},"SUSE-SU-2019:2261-1",{"_key":72},"SUSE-SU-2019:2267-1",{"_key":74},"SUSE-SU-2019:2350-1",{"_key":76},"SUSE-SU-2019:2374-1",{"_key":78},"OPENSUSE-SU-2019:2078-1",{"_key":80},"OPENSUSE-SU-2019:2039-1",{"_key":82},"OPENSUSE-SU-2019:2064-1",{"_key":84},"OPENSUSE-SU-2024:11211-1",{"_key":86},"OPENSUSE-SU-2024:12915-1",{"_key":88},"DLA-1718-1",{"_key":90},"DLA-2811-1",{"_key":92},"MGASA-2019-0350",{"_key":94},"DEBIAN-CVE-2019-7164",[],[97,98,99,100,101,102,103,104,105,106,107,108],{"_key":60},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":92},"2019-02-20T00:00:00.000Z","2024-08-04T20:38:33.439Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":113,"epss_score":114,"severity":115,"severity_score":116,"severity_version":117,"severity_source":118,"severity_vector":119,"severity_status":111},"low",0.0189,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[121,131,138,142,147,151,155,161,166,170,174,178,182,186],{"url":122,"sources":123,"tags":126},"https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html",[124,118,125],"cve.org","osv_pypi",[127,128,129,130],"Mailing List","X Refsource MLIST","Third Party Advisory","WEB",{"url":132,"sources":133,"tags":134},"https://access.redhat.com/errata/RHSA-2019:0984",[124,118,125],[135,136,129,130,137],"Vendor Advisory","X Refsource REDHAT","Advisory",{"url":139,"sources":140,"tags":141},"https://access.redhat.com/errata/RHSA-2019:0981",[124,118,125],[135,136,129,130,137],{"url":143,"sources":144,"tags":145},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html",[124,118,125],[135,146,127,129,130],"X Refsource SUSE",{"url":148,"sources":149,"tags":150},"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html",[124,118,125],[135,146,127,129,130],{"url":152,"sources":153,"tags":154},"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html",[124,118,125],[135,146,127,129,130],{"url":156,"sources":157,"tags":158},"https://www.oracle.com/security-alerts/cpujan2021.html",[124,118,125],[159,160,129,130],"X Refsource MISC","Patch",{"url":49,"sources":162,"tags":163},[124,118,125],[159,164,129,130,165],"Exploit","REPORT",{"url":167,"sources":168,"tags":169},"https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html",[124,118,125],[127,128,129,130],{"url":171,"sources":172,"tags":173},"https://nvd.nist.gov/vuln/detail/CVE-2019-7164",[125],[137],{"url":175,"sources":176,"tags":177},"https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414",[125],[130],{"url":179,"sources":180,"tags":181},"https://github.com/advisories/GHSA-887w-45rq-vxgf",[125],[137],{"url":183,"sources":184,"tags":185},"https://github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2019-123.yaml",[125],[130],{"url":187,"sources":188,"tags":189},"https://github.com/sqlalchemy/sqlalchemy",[125],[190],"PACKAGE",[],{"date":193,"score":114,"percentile":194},"2026-06-04",0.83529,[196,200,203,206,209,212,215,218,221,224,227,230,232,235,237,241,244,246,249,252,255,258,261,263,265,267,270,273,276,279,282,285,288,292,295,298,301,304,307,310,313,316,318,321,324,327,330,333,336,338,340,343,346,349,352,355,357,359,361,364,367,370,373,375,377,380,382,384,386,389,391,394,396,398,401,404,406,408,411,413,416,419,422,425,428,430,433,435,438,441],{"date":197,"score":198,"percentile":199},"2025-11-04",0.01979,0.82967,{"date":201,"score":198,"percentile":202},"2025-11-05",0.82971,{"date":204,"score":198,"percentile":205},"2025-11-06",0.82974,{"date":207,"score":198,"percentile":208},"2025-11-07",0.82984,{"date":210,"score":198,"percentile":211},"2025-11-08",0.8299,{"date":213,"score":198,"percentile":214},"2025-11-09",0.82985,{"date":216,"score":198,"percentile":217},"2025-11-10",0.82978,{"date":219,"score":198,"percentile":220},"2025-11-11",0.82987,{"date":222,"score":198,"percentile":223},"2025-11-12",0.82997,{"date":225,"score":198,"percentile":226},"2025-11-13",0.83002,{"date":228,"score":198,"percentile":229},"2025-11-14",0.83005,{"date":231,"score":198,"percentile":223},"2025-11-15",{"date":233,"score":198,"percentile":234},"2025-11-16",0.83,{"date":236,"score":198,"percentile":223},"2025-11-17",{"date":238,"score":239,"percentile":240},"2025-11-18",0.0313,0.85623,{"date":242,"score":239,"percentile":243},"2025-11-19",0.85625,{"date":245,"score":239,"percentile":243},"2025-11-20",{"date":247,"score":198,"percentile":248},"2025-11-21",0.83011,{"date":250,"score":198,"percentile":251},"2025-11-22",0.83013,{"date":253,"score":198,"percentile":254},"2025-11-23",0.83007,{"date":256,"score":198,"percentile":257},"2025-11-24",0.83006,{"date":259,"score":198,"percentile":260},"2025-11-25",0.8301,{"date":262,"score":198,"percentile":248},"2025-11-26",{"date":264,"score":198,"percentile":248},"2025-11-27",{"date":266,"score":198,"percentile":234},"2025-11-28",{"date":268,"score":198,"percentile":269},"2025-11-29",0.83015,{"date":271,"score":198,"percentile":272},"2025-11-30",0.83018,{"date":274,"score":198,"percentile":275},"2025-12-01",0.83091,{"date":277,"score":198,"percentile":278},"2025-12-02",0.83094,{"date":280,"score":198,"percentile":281},"2025-12-03",0.83096,{"date":283,"score":198,"percentile":284},"2025-12-04",0.83019,{"date":286,"score":198,"percentile":287},"2025-12-05",0.83024,{"date":289,"score":290,"percentile":291},"2025-12-06",0.01941,0.82872,{"date":293,"score":290,"percentile":294},"2025-12-07",0.82868,{"date":296,"score":290,"percentile":297},"2025-12-08",0.82871,{"date":299,"score":290,"percentile":300},"2025-12-09",0.82886,{"date":302,"score":290,"percentile":303},"2025-12-10",0.8291,{"date":305,"score":290,"percentile":306},"2025-12-11",0.82927,{"date":308,"score":290,"percentile":309},"2025-12-12",0.82935,{"date":311,"score":290,"percentile":312},"2025-12-13",0.82932,{"date":314,"score":290,"percentile":315},"2025-12-14",0.82931,{"date":317,"score":290,"percentile":315},"2025-12-15",{"date":319,"score":290,"percentile":320},"2025-12-16",0.8294,{"date":322,"score":290,"percentile":323},"2025-12-17",0.82949,{"date":325,"score":290,"percentile":326},"2025-12-18",0.82955,{"date":328,"score":290,"percentile":329},"2025-12-19",0.8296,{"date":331,"score":290,"percentile":332},"2025-12-20",0.82954,{"date":334,"score":290,"percentile":335},"2025-12-21",0.82951,{"date":337,"score":290,"percentile":332},"2025-12-22",{"date":339,"score":290,"percentile":329},"2025-12-23",{"date":341,"score":290,"percentile":342},"2025-12-24",0.82968,{"date":344,"score":290,"percentile":345},"2025-12-25",0.82983,{"date":347,"score":290,"percentile":348},"2025-12-26",0.82989,{"date":350,"score":290,"percentile":351},"2025-12-27",0.83033,{"date":353,"score":290,"percentile":354},"2025-12-28",0.82976,{"date":356,"score":290,"percentile":342},"2025-12-29",{"date":358,"score":290,"percentile":354},"2025-12-30",{"date":360,"score":290,"percentile":211},"2025-12-31",{"date":362,"score":290,"percentile":363},"2026-01-01",0.83064,{"date":365,"score":290,"percentile":366},"2026-01-02",0.8306,{"date":368,"score":290,"percentile":369},"2026-01-03",0.83054,{"date":371,"score":290,"percentile":372},"2026-01-04",0.82973,{"date":374,"score":290,"percentile":342},"2026-01-05",{"date":376,"score":290,"percentile":372},"2026-01-06",{"date":378,"score":290,"percentile":379},"2026-01-07",0.82975,{"date":381,"score":290,"percentile":345},"2026-01-08",{"date":383,"score":290,"percentile":345},"2026-01-09",{"date":385,"score":290,"percentile":345},"2026-01-10",{"date":387,"score":290,"percentile":388},"2026-01-11",0.82979,{"date":390,"score":290,"percentile":354},"2026-01-12",{"date":392,"score":290,"percentile":393},"2026-01-13",0.8297,{"date":395,"score":290,"percentile":211},"2026-01-14",{"date":397,"score":290,"percentile":348},"2026-01-15",{"date":399,"score":290,"percentile":400},"2026-01-16",0.82996,{"date":402,"score":290,"percentile":403},"2026-01-17",0.82999,{"date":405,"score":290,"percentile":400},"2026-01-18",{"date":407,"score":290,"percentile":211},"2026-01-19",{"date":409,"score":290,"percentile":410},"2026-01-20",0.82991,{"date":412,"score":290,"percentile":223},"2026-01-21",{"date":414,"score":290,"percentile":415},"2026-01-22",0.83004,{"date":417,"score":290,"percentile":418},"2026-01-23",0.83025,{"date":420,"score":290,"percentile":421},"2026-01-24",0.83032,{"date":423,"score":290,"percentile":424},"2026-01-25",0.83027,{"date":426,"score":290,"percentile":427},"2026-01-26",0.83028,{"date":429,"score":290,"percentile":418},"2026-01-27",{"date":431,"score":290,"percentile":432},"2026-01-28",0.83026,{"date":434,"score":290,"percentile":427},"2026-01-29",{"date":436,"score":290,"percentile":437},"2026-01-30",0.83034,{"date":439,"score":290,"percentile":440},"2026-01-31",0.8304,{"date":442,"score":290,"percentile":443},"2026-02-01",0.83117,[445,453],{"source":118,"cvss_v2_0":446,"cvss_v3_0":9,"cvss_v3_1":451,"cvss_v4_0":9},{"baseScore":447,"baseSeverity":9,"vectorString":448,"impactScore":449,"exploitabilityScore":450},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":116,"baseSeverity":452,"vectorString":119,"impactScore":116,"exploitabilityScore":450},"CRITICAL",{"source":125,"cvss_v2_0":9,"cvss_v3_0":454,"cvss_v3_1":9,"cvss_v4_0":456},{"baseScore":116,"baseSeverity":9,"vectorString":455,"impactScore":116,"exploitabilityScore":450},"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",{"baseScore":457,"baseSeverity":9,"vectorString":458,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[460,471,479,485,494,512,518,528,534,540],{"ecosystem":9,"name":461,"vendor":462,"product":463,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"debian linux","debian","debian_linux","o",[466,469],{"version":467,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"version":470,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":472,"vendor":473,"product":474,"cpe_part":475,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"backports sle","opensuse","backports_sle","a",[477],{"version":478,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"ecosystem":9,"name":480,"vendor":473,"product":480,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"leap",[482,483],{"version":478,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":484,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":486,"vendor":487,"product":488,"cpe_part":475,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":489},"communications operations monitor","oracle","communications_operations_monitor",[490,492],{"version":491,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2",{"version":493,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.3",{"ecosystem":495,"name":496,"vendor":495,"product":496,"cpe_part":9,"purl_type":497,"purl_namespace":9,"purl_name":496,"source":9,"versions":498},"PyPI","sqlalchemy","pypi",[499,507,510],{"version":500,"is_range":501,"range_type":502,"version_start":503,"version_start_type":504,"version_end":505,"version_end_type":506,"fixed_in":9},"gte1_3_0b1_lt1_3_0b3",true,"ecosystem","1.3.0b1","including","1.3.0b3","excluding",{"version":508,"is_range":501,"range_type":502,"version_start":9,"version_start_type":9,"version_end":509,"version_end_type":506,"fixed_in":9},"lt1_2_18","1.2.18",{"version":511,"is_range":501,"range_type":502,"version_start":9,"version_start_type":9,"version_end":505,"version_end_type":506,"fixed_in":9},"lt1_3_0b3",{"ecosystem":9,"name":513,"vendor":514,"product":515,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":516},"enterprise linux","redhat","enterprise_linux",[517],{"version":467,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":519,"vendor":514,"product":520,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":521},"enterprise linux eus","enterprise_linux_eus",[522,524,526],{"version":523,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.1",{"version":525,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.2",{"version":527,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.4",{"ecosystem":9,"name":529,"vendor":514,"product":530,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":531},"enterprise linux server aus","enterprise_linux_server_aus",[532,533],{"version":525,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":527,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":535,"vendor":514,"product":536,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":537},"enterprise linux server tus","enterprise_linux_server_tus",[538,539],{"version":525,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":527,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":496,"vendor":496,"product":496,"cpe_part":475,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":541},[542,545,547],{"version":543,"is_range":501,"range_type":468,"version_start":9,"version_start_type":9,"version_end":544,"version_end_type":504,"fixed_in":9},"lte1.2.17","1.2.17",{"version":546,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.0:beta1",{"version":548,"is_range":52,"range_type":468,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.0:beta2"]