GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
761 advisories
Filter by severity
Budibase has nonymous NoSQL operator injection via published-app query templates
Critical
CVE-2026-54350
was published
for
@budibase/server
(npm)
Jun 23, 2026
TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
Moderate
GHSA-9ggv-8w38-r7pm
was published
for
typeorm
(npm)
Jun 19, 2026
budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL
High
GHSA-qqf5-x7mj-v43p
was published
for
budibase
(npm)
Jun 18, 2026
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
High
CVE-2026-55405
was published
for
dev.langchain4j:langchain4j-mariadb
(Maven)
Jun 17, 2026
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
Moderate
CVE-2026-54313
was published
for
n8n
(npm)
Jun 16, 2026
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
Moderate
CVE-2026-54310
was published
for
n8n
(npm)
Jun 16, 2026
Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint
Moderate
CVE-2026-46371
was published
for
github.com/fleetdm/fleet/v4
(Go)
Jun 12, 2026
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint
Moderate
CVE-2026-46370
was published
for
github.com/fleetdm/fleet/v4
(Go)
Jun 12, 2026
TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
High
CVE-2026-49741
was published
for
typo3/cms-core
(Composer)
Jun 12, 2026
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
Moderate
CVE-2026-47720
was published
for
fuxa-server
(npm)
Jun 8, 2026
NocoDB: SQL Injection via Column Title in Bulk GroupBy
Moderate
CVE-2026-47384
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
Moderate
CVE-2026-47375
was published
for
nocodb
(npm)
Jun 5, 2026
OpenMeter: SQL injection through meter creation
Moderate
CVE-2026-8462
was published
for
github.com/openmeterio/openmeter
(Go)
Jun 4, 2026
stigmem-node's Postgres schema identifier handling required defensive quoting
High
GHSA-9pc9-4crj-mhpj
was published
for
stigmem-node
(pip)
May 29, 2026
AgenticMail API/storage and outbound relay hardening fixes
High
CVE-2026-47255
was published
for
@agenticmail/api
(npm)
May 29, 2026
ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
High
CVE-2026-38739
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 29, 2026
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
High
CVE-2026-5394
was published
for
pimcore/pimcore
(Composer)
May 28, 2026
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Moderate
CVE-2026-45073
was published
for
symfony/cache
(Composer)
May 27, 2026
Langroid has Prompt to SQL Injection, Leading to RCE
Critical
CVE-2026-25879
was published
for
langroid
(pip)
May 27, 2026
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
High
CVE-2026-44741
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
May 27, 2026
Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
High
CVE-2026-44739
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
YesWiki: Unauthenticated SQL Injection
Critical
CVE-2026-46670
was published
for
yeswiki/yeswiki
(Composer)
May 22, 2026
Drupal Core has a SQL Injection issue
Critical
CVE-2026-9082
was published
for
drupal/core
(Composer)
May 20, 2026
BillaBear is Vulnerable to SQL Injection in the EventRepository
High
CVE-2026-31069
was published
for
billabear/billabear
(Composer)
May 19, 2026
georgringer/news has SQL Injection in extension "News system" (news)
High
CVE-2026-8726
was published
for
georgringer/news
(Composer)
May 19, 2026
ProTip!
Advisories are also available from the
GraphQL API