VYPR

PyPI package

alerta-server

pkg:pypi/alerta-server

Vulnerabilities (2)

  • CVE-2026-34400CriMar 31, 2026
    affected < 9.1.0fixed 9.1.0

    Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been

  • CVE-2020-26214Nov 6, 2020
    affected >= 8.0.0, < 8.1.0fixed 8.1.0

    In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication