[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-44906":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":59,"duplicate_of":9,"upstream":62,"downstream":63,"duplicates":68,"related":69,"reserved_at":9,"published_at":74,"modified_at":75,"state":76,"summary":77,"references_raw":85,"kevs":136,"epss":137,"epss_history":140,"metrics":416,"affected":426},"CVE-2024-44906","uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[45,54],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_9DBAAE468A8FB405","Exploit Reference (media.defcon.org)","reference","https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf","unknown",0.2,false,[],{"_key":55,"name":56,"source":48,"url":57,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":58,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_48462A4F1C6B2FC3","Exploit Reference (sonarsource.com)","https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/",[],[60,61],"GHSA-h4h6-vccr-44h2","GO-2025-3765",[],[64,66],{"_key":65},"SUSE-SU-2025:02912-1",{"_key":67},"OPENSUSE-SU-2025:15405-1",[],[70,71,72],{"_key":65},{"_key":67},{"_key":73},"CGA-C275-72H9-GGRJ","2025-06-12T00:00:00.000Z","2025-08-13T13:57:44.450Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":78,"epss_score":79,"severity":80,"severity_score":81,"severity_version":82,"severity_source":83,"severity_vector":84,"severity_status":76},"low",0.00218,"medium",6.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",[86,93,98,102,106,111,115,119,123,128,132],{"url":49,"sources":87,"tags":90},[83,88,89],"nvd","osv_go",[91,92],"Exploit","WEB",{"url":94,"sources":95,"tags":96},"https://github.com/uptrace/bun/tree/master/driver/pgdriver",[83,88,89],[97,92],"Product",{"url":99,"sources":100,"tags":101},"https://github.com/uptrace/bun/blob/1573ae7c2fffad1a7f72fd2d205e924b2fd4043b/driver/pgdriver/format.go#L62",[83,88,89],[97,92],{"url":57,"sources":103,"tags":104},[83,88],[91,105],"Third Party Advisory",{"url":107,"sources":108,"tags":109},"https://github.com/advisories/GHSA-h4h6-vccr-44h2",[83,88,89],[110],"Advisory",{"url":112,"sources":113,"tags":114},"https://nvd.nist.gov/vuln/detail/CVE-2024-44906",[89],[110],{"url":116,"sources":117,"tags":118},"https://github.com/uptrace/bun/issues/1224",[89],[92],{"url":120,"sources":121,"tags":122},"https://github.com/uptrace/bun/commit/8067a8f13f8d22fb57b76d6800f7aefc12b044cd",[89],[92],{"url":124,"sources":125,"tags":126},"https://github.com/uptrace/bun",[89],[127],"PACKAGE",{"url":129,"sources":130,"tags":131},"https://github.com/uptrace/bun/blob/v1.2.15/CHANGELOG.md",[89],[92],{"url":133,"sources":134,"tags":135},"https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw",[89],[92],[],{"date":138,"score":79,"percentile":139},"2026-06-05",0.44527,[141,145,148,152,155,158,162,165,168,171,174,177,180,183,186,190,193,197,201,204,207,210,213,216,219,222,225,227,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,310,313,316,319,322,325,328,331,334,338,341,344,347,350,353,356,359,362,365,369,372,375,378,381,384,387,390,393,396,399,402,405,408,411,414],{"date":142,"score":143,"percentile":144},"2025-11-04",0.00071,0.22148,{"date":146,"score":143,"percentile":147},"2025-11-05",0.22145,{"date":149,"score":150,"percentile":151},"2025-11-06",0.00028,0.0682,{"date":153,"score":150,"percentile":154},"2025-11-07",0.06834,{"date":156,"score":150,"percentile":157},"2025-11-08",0.06832,{"date":159,"score":160,"percentile":161},"2025-11-09",0.00027,0.06359,{"date":163,"score":160,"percentile":164},"2025-11-10",0.06335,{"date":166,"score":160,"percentile":167},"2025-11-11",0.06362,{"date":169,"score":160,"percentile":170},"2025-11-12",0.06395,{"date":172,"score":160,"percentile":173},"2025-11-13",0.06426,{"date":175,"score":160,"percentile":176},"2025-11-14",0.06452,{"date":178,"score":160,"percentile":179},"2025-11-15",0.0648,{"date":181,"score":160,"percentile":182},"2025-11-16",0.06496,{"date":184,"score":160,"percentile":185},"2025-11-17",0.06491,{"date":187,"score":188,"percentile":189},"2025-11-18",0.00066,0.16345,{"date":191,"score":188,"percentile":192},"2025-11-19",0.16357,{"date":194,"score":195,"percentile":196},"2025-11-20",0.00091,0.21876,{"date":198,"score":199,"percentile":200},"2025-11-21",0.00037,0.10532,{"date":202,"score":199,"percentile":203},"2025-11-22",0.10537,{"date":205,"score":199,"percentile":206},"2025-11-23",0.10499,{"date":208,"score":199,"percentile":209},"2025-11-24",0.10463,{"date":211,"score":199,"percentile":212},"2025-11-25",0.10468,{"date":214,"score":199,"percentile":215},"2025-11-26",0.10461,{"date":217,"score":199,"percentile":218},"2025-11-27",0.10466,{"date":220,"score":199,"percentile":221},"2025-11-28",0.10454,{"date":223,"score":199,"percentile":224},"2025-11-29",0.10455,{"date":226,"score":199,"percentile":218},"2025-11-30",{"date":228,"score":199,"percentile":229},"2025-12-01",0.10506,{"date":231,"score":199,"percentile":232},"2025-12-02",0.10513,{"date":234,"score":199,"percentile":235},"2025-12-03",0.10526,{"date":237,"score":199,"percentile":238},"2025-12-04",0.1051,{"date":240,"score":199,"percentile":241},"2025-12-05",0.10538,{"date":243,"score":199,"percentile":244},"2025-12-06",0.10547,{"date":246,"score":199,"percentile":247},"2025-12-07",0.10542,{"date":249,"score":199,"percentile":250},"2025-12-08",0.10543,{"date":252,"score":199,"percentile":253},"2025-12-09",0.10591,{"date":255,"score":199,"percentile":256},"2025-12-10",0.10655,{"date":258,"score":199,"percentile":259},"2025-12-11",0.10686,{"date":261,"score":199,"percentile":262},"2025-12-12",0.10707,{"date":264,"score":199,"percentile":265},"2025-12-13",0.1071,{"date":267,"score":199,"percentile":268},"2025-12-14",0.10706,{"date":270,"score":199,"percentile":271},"2025-12-15",0.10647,{"date":273,"score":199,"percentile":274},"2025-12-16",0.10633,{"date":276,"score":199,"percentile":277},"2025-12-17",0.10712,{"date":279,"score":199,"percentile":280},"2025-12-18",0.10765,{"date":282,"score":199,"percentile":283},"2025-12-19",0.10779,{"date":285,"score":199,"percentile":286},"2025-12-20",0.10773,{"date":288,"score":199,"percentile":289},"2025-12-21",0.10755,{"date":291,"score":199,"percentile":292},"2025-12-22",0.10729,{"date":294,"score":199,"percentile":295},"2025-12-23",0.10715,{"date":297,"score":199,"percentile":298},"2025-12-24",0.10723,{"date":300,"score":199,"percentile":301},"2025-12-25",0.10806,{"date":303,"score":199,"percentile":304},"2025-12-26",0.10799,{"date":306,"score":199,"percentile":307},"2025-12-27",0.108,{"date":309,"score":199,"percentile":307},"2025-12-28",{"date":311,"score":199,"percentile":312},"2025-12-29",0.10762,{"date":314,"score":199,"percentile":315},"2025-12-30",0.10741,{"date":317,"score":199,"percentile":318},"2025-12-31",0.10791,{"date":320,"score":199,"percentile":321},"2026-01-01",0.10834,{"date":323,"score":199,"percentile":324},"2026-01-02",0.10832,{"date":326,"score":199,"percentile":327},"2026-01-03",0.10803,{"date":329,"score":199,"percentile":330},"2026-01-04",0.1073,{"date":332,"score":199,"percentile":333},"2026-01-05",0.10688,{"date":335,"score":336,"percentile":337},"2026-01-06",0.00042,0.12742,{"date":339,"score":336,"percentile":340},"2026-01-07",0.12775,{"date":342,"score":336,"percentile":343},"2026-01-08",0.12833,{"date":345,"score":336,"percentile":346},"2026-01-09",0.12846,{"date":348,"score":336,"percentile":349},"2026-01-10",0.12871,{"date":351,"score":336,"percentile":352},"2026-01-11",0.12839,{"date":354,"score":336,"percentile":355},"2026-01-12",0.12809,{"date":357,"score":336,"percentile":358},"2026-01-13",0.12787,{"date":360,"score":336,"percentile":361},"2026-01-14",0.12849,{"date":363,"score":336,"percentile":364},"2026-01-15",0.12858,{"date":366,"score":367,"percentile":368},"2026-01-16",0.0004,0.12223,{"date":370,"score":367,"percentile":371},"2026-01-17",0.12236,{"date":373,"score":367,"percentile":374},"2026-01-18",0.12185,{"date":376,"score":367,"percentile":377},"2026-01-19",0.1213,{"date":379,"score":367,"percentile":380},"2026-01-20",0.12114,{"date":382,"score":367,"percentile":383},"2026-01-21",0.12094,{"date":385,"score":367,"percentile":386},"2026-01-22",0.12075,{"date":388,"score":367,"percentile":389},"2026-01-23",0.12161,{"date":391,"score":367,"percentile":392},"2026-01-24",0.12218,{"date":394,"score":367,"percentile":395},"2026-01-25",0.12171,{"date":397,"score":367,"percentile":398},"2026-01-26",0.12115,{"date":400,"score":367,"percentile":401},"2026-01-27",0.12102,{"date":403,"score":367,"percentile":404},"2026-01-28",0.12089,{"date":406,"score":367,"percentile":407},"2026-01-29",0.12063,{"date":409,"score":367,"percentile":410},"2026-01-30",0.12081,{"date":412,"score":367,"percentile":413},"2026-01-31",0.121,{"date":415,"score":367,"percentile":413},"2026-02-01",[417,422,424],{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":418,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":419,"vectorString":84,"impactScore":420,"exploitabilityScore":421},"MEDIUM",6,7.2,{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":423,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":419,"vectorString":84,"impactScore":420,"exploitabilityScore":421},{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":425,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":9,"vectorString":84,"impactScore":420,"exploitabilityScore":421},[427,440],{"ecosystem":428,"name":429,"vendor":430,"product":431,"cpe_part":9,"purl_type":432,"purl_namespace":430,"purl_name":431,"source":9,"versions":433},"Go","github.com/uptrace/bun/driver/pgdriver","github.com/uptrace/bun/driver","pgdriver","golang",[434],{"version":435,"is_range":436,"range_type":437,"version_start":9,"version_start_type":9,"version_end":438,"version_end_type":439,"fixed_in":9},"lt1_2_15",true,"semver","1.2.15","excluding",{"ecosystem":9,"name":431,"vendor":441,"product":431,"cpe_part":442,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":443},"uptrace","a",[444],{"version":445,"is_range":52,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.2.1","cpe"]