Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

v1 is actively maintained, and any security vulnerabilities will be patched.

v0.X will have any major security vulnerabilities patched.

Reporting a Vulnerability

We recommend opening a security advisory on GitHub, as per the documentation.

Alternatively, reach out to the maintainers via email (see setup.py for contact details).

SQL Injection via named transaction savepoints
GHSA-xq59-7jf3-rjc6 published Nov 10, 2023 by dantownsend

High
Current `BaseUser.login` implementation is vulnerable to time based user enumeration
GHSA-h7cm-mrvq-wcfr published Sep 11, 2023 by dantownsend

Low

Learn more about advisories related to piccolo-orm/piccolo in the GitHub Advisory Database