CVE-2025-65896: assyncmy is vulnerable to SQL injection via crafted dict keys

December 2, 2025 (updated December 3, 2025)

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.

References

github.com/advisories/GHSA-qhqw-rrw9-25rm
github.com/long2ice/asyncmy
github.com/long2ice/asyncmy/issues/134
nvd.nist.gov/vuln/detail/CVE-2025-65896

Code Behaviors & Features

Detect and mitigate CVE-2025-65896 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →