GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
Moderate
GHSA-9ggv-8w38-r7pm
was published
for
typeorm
(npm)
Jun 19, 2026
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
Moderate
CVE-2026-54313
was published
for
n8n
(npm)
Jun 16, 2026
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
Moderate
CVE-2026-54310
was published
for
n8n
(npm)
Jun 16, 2026
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
Moderate
CVE-2026-47720
was published
for
fuxa-server
(npm)
Jun 8, 2026
NocoDB: SQL Injection via Column Title in Bulk GroupBy
Moderate
CVE-2026-47384
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
Moderate
CVE-2026-47375
was published
for
nocodb
(npm)
Jun 5, 2026
n8n has SQL Injection in SeaTable Node
Moderate
CVE-2026-42229
was published
for
n8n
(npm)
Apr 29, 2026
n8n has SQL Injection in Oracle Database Node via Limit Field
Moderate
CVE-2026-42233
was published
for
n8n
(npm)
Apr 29, 2026
n8n has SQL Injection in Snowflake and MySQL Nodes
Moderate
CVE-2026-42237
was published
for
n8n
(npm)
Apr 29, 2026
Parse Server has a SQL injection via query field name when using PostgreSQL
Moderate
CVE-2026-32234
was published
for
parse-server
(npm)
Mar 12, 2026
NocoDB Vulnerable to SQL Injection via DATEADD Formula
Moderate
CVE-2026-28399
was published
for
nocodb
(npm)
Mar 3, 2026
n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes
Moderate
CVE-2026-56351
was published
for
n8n
(npm)
Feb 26, 2026
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Moderate
GHSA-38cw-85xc-xr9x
was published
for
@veramo/data-store
(npm)
Jan 16, 2026
Ghost has SQL Injection in Members Activity Feed
Moderate
CVE-2026-22596
was published
for
ghost
(npm)
Jan 8, 2026
pg-promise SQL Injection vulnerability
Moderate
CVE-2025-29744
was published
for
pg-promise
(npm)
Jun 12, 2025
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
nocodb SQL Injection vulnerability
Moderate
CVE-2023-43794
was published
for
nocodb
(npm)
Oct 17, 2023
a12nserver vulnerable to potential SQL Injections via Knex dependency
Moderate
GHSA-crhg-xgrg-vvcc
was published
for
@curveball/a12n-server
(npm)
Jan 13, 2023
Matrix-appservice-irc vulnerable to sql injection via roomIds argument
Moderate
CVE-2022-3971
was published
for
matrix-appservice-irc
(npm)
Nov 13, 2022
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API