sqla-yaml-fixtures is vulnerable to Code Injection
Sqla_yaml_fixtures versions up to 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
Advisories for Pypi/Sqla-Yaml-Fixtures package
2019