Security overview · dataease/SQLBot · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

RCE via SQL Injection in Excel Upload Endpoint
GHSA-7hww-8rj5-7rmm published Mar 19, 2026 by xuwei-fit2cloud

High
SSRF to Arbitrary File Read (AFR) via Rogue MySQL
GHSA-wqj3-xcxf-j9m9 published Mar 19, 2026 by xuwei-fit2cloud

High
Remote Code Execution via Terminology Poisoning (RCE via Terminology Poisoning)
GHSA-m7q7-vhw9-q7m3 published Mar 19, 2026 by xuwei-fit2cloud

High
Privilege vulnerability exists in the API interface
GHSA-h4xm-3q3p-5g6r published Jan 20, 2026 by xuwei-fit2cloud

High
Unauthenticated Arbitrary File Upload in SQLBot uploadExcel Endpoint
GHSA-crfm-cch4-hjpv published Jan 20, 2026 by xuwei-fit2cloud

High

Learn more about advisories related to dataease/SQLBot in the GitHub Advisory Database