Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 63 pypi packages depend on asyncmy (37 direct, 27 indirect)
Ecosystem-wide dependent count for version 0.2.11.
DescriptionCVE.org
SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.
Analysis
SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.
Technical ContextAI
SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.
RemediationAI
Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-200319
GHSA-qhqw-rrw9-25rm