SECURITY - Potential SQL Injection?

Hi everyone,

I am learning ERPNext, Frappe and going through the application and source code. I recently found this page

Doees anyone know if this has been patched?
Is the code being scanned during it’s CI pipeline against known issues using tools like SonarQube or others?

I would be happy to help in any way I can to close any found items. Might be a good opportunity to learn the code.