Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23 advisories

Loading
n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes Moderate
CVE-2026-56351 was published for n8n (npm) Feb 26, 2026
TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB) Moderate
GHSA-9ggv-8w38-r7pm was published for typeorm (npm) Jun 19, 2026
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation Moderate
CVE-2026-54313 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes Moderate
CVE-2026-54310 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString Moderate
CVE-2026-47720 was published for fuxa-server (npm) Jun 8, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
NocoDB: SQL Injection via Column Title in Bulk GroupBy Moderate
CVE-2026-47384 was published for nocodb (npm) Jun 5, 2026
geo-chen Credited to geo-chen
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT` Moderate
CVE-2026-47375 was published for nocodb (npm) Jun 5, 2026
leduckhuong Credited to leduckhuong
n8n has SQL Injection in Snowflake and MySQL Nodes Moderate
CVE-2026-42237 was published for n8n (npm) Apr 29, 2026
offensiveee Credited to offensiveee
n8n has SQL Injection in SeaTable Node Moderate
CVE-2026-42229 was published for n8n (npm) Apr 29, 2026
sm1ee Credited to sm1ee
n8n has SQL Injection in Oracle Database Node via Limit Field Moderate
CVE-2026-42233 was published for n8n (npm) Apr 29, 2026
pawbednarz Credited to pawbednarz
Parse Server has a SQL injection via query field name when using PostgreSQL Moderate
CVE-2026-32234 was published for parse-server (npm) Mar 12, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
NocoDB Vulnerable to SQL Injection via DATEADD Formula Moderate
CVE-2026-28399 was published for nocodb (npm) Mar 3, 2026
q1uf3ng Credited to q1uf3ng
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM Moderate
GHSA-38cw-85xc-xr9x was published for @veramo/data-store (npm) Jan 16, 2026
rekter0 Credited to rekter0
Ghost has SQL Injection in Members Activity Feed Moderate
CVE-2026-22596 was published for ghost (npm) Jan 8, 2026
odgrso Credited to odgrso
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss Credited to pyozzi-toss
pg-promise SQL Injection vulnerability Moderate
CVE-2025-29744 was published for pg-promise (npm) Jun 12, 2025
nocodb SQL Injection vulnerability Moderate
CVE-2023-43794 was published for nocodb (npm) Oct 17, 2023
sylwia-budzynska Credited to sylwia-budzynska
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
a12nserver vulnerable to potential SQL Injections via Knex dependency Moderate
GHSA-crhg-xgrg-vvcc was published for @curveball/a12n-server (npm) Jan 13, 2023
Matrix-appservice-irc vulnerable to sql injection via roomIds argument Moderate
CVE-2022-3971 was published for matrix-appservice-irc (npm) Nov 13, 2022
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
ProTip! Advisories are also available from the GraphQL API