Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16,903 advisories

Loading
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity... Critical Unreviewed
CVE-2026-41460 was published Apr 23, 2026
OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database Critical
GHSA-v529-vhwc-wfc5 was published for openc3 (RubyGems) Apr 23, 2026
suffs811 Credited to suffs811
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection... Critical Unreviewed
CVE-2026-6887 was published Apr 23, 2026
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored... Moderate Unreviewed
CVE-2026-40529 was published Apr 23, 2026
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL... Critical Unreviewed
CVE-2026-29198 was published Apr 23, 2026
pgx: SQL Injection via placeholder confusion with dollar quoted string literals Low
GHSA-j88v-2chj-qfwx was published for github.com/jackc/pgx (Go) Apr 22, 2026
@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading High
CVE-2026-41640 was published for @nocobase/database (npm) Apr 22, 2026
p80n-sec Credited to p80n-sec
@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call High
CVE-2026-41641 was published for @nocobase/plugin-collection-sql (npm) Apr 22, 2026
p80n-sec Credited to p80n-sec
Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API High
CVE-2026-41422 was published for github.com/daptin/daptin (Go) Apr 22, 2026
VashuVats Credited to VashuVats
The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote... High Unreviewed
CVE-2026-6833 was published Apr 22, 2026
OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and... Moderate Unreviewed
CVE-2026-41457 was published Apr 22, 2026
A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated... High Unreviewed
CVE-2025-70420 was published Apr 21, 2026
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an... Critical Unreviewed
CVE-2025-41029 was published Apr 21, 2026
OpenBao's SQL Injection in PostgreSQL database secrets engine Moderate
CVE-2026-39946 was published for github.com/openbao/openbao (Go) Apr 21, 2026
jmecom Credited to jmecom
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values Moderate
CVE-2026-35588 was published for glances (pip) Apr 21, 2026
morimori-dev Credited to morimori-dev
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via... Moderate Unreviewed
CVE-2026-6674 was published Apr 21, 2026
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management... High Unreviewed
CVE-2026-39111 was published Apr 20, 2026
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management... High Unreviewed
CVE-2026-39110 was published Apr 20, 2026
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management... Critical Unreviewed
CVE-2026-39109 was published Apr 20, 2026
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization... Moderate Unreviewed
CVE-2025-66335 was published Apr 20, 2026
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2026-5963 was published Apr 20, 2026
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2026-5964 was published Apr 20, 2026
Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations High
GHSA-mjw2-v2hm-wj34 was published for dagster (pip) Apr 18, 2026
alexwaira Credited to alexwaira, vyprsec-research, and romain-deperne vyprsec-research vyprsec-research
romain-deperne romain-deperne
YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() High
GHSA-f58v-p6j9-24c2 was published for yeswiki/yeswiki (Composer) Apr 18, 2026
morimori-dev Credited to morimori-dev
PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) High
GHSA-rg3h-x3jw-7jm5 was published for praisonai (pip) Apr 17, 2026
BerSecHub Credited to BerSecHub
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database