sqls-server/sqls

Releases48

Frequency1 month 2 weeks

Last Release about 1 month ago

Stars1.32K

SQL language server written in Go.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-61141 ↗	Oct 30, 2025Thursday, 30 October 2025, 20:15	7.5 HIGH	—
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.