Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,930
Maven
5,000+
npm
4,587
NuGet
786
pip
4,294
Pub
12
RubyGems
981
Rust
1,114
Swift
49
Unreviewed advisories
All unreviewed
5,000+

611 advisories

Loading
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters Critical
CVE-2026-25544 was published for @payloadcms/drizzle (npm) Feb 5, 2026
thxtech
Credited to thxtech
Mongoose search injection vulnerability High
CVE-2024-53900 was published for mongoose (npm) Dec 2, 2024
balles skrtheboss
ljharb
Credited to balles, skrtheboss, and ljharb
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has an SQL Injection in the Stampe Module High
CVE-2025-69215 was published for devcode-it/openstamanager (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
Django has an SQL Injection issue High
CVE-2026-1312 was published for Django (pip) Feb 3, 2026
Django has an SQL Injection issue High
CVE-2026-1287 was published for Django (pip) Feb 3, 2026
Django has an SQL Injection issue High
CVE-2026-1207 was published for Django (pip) Feb 3, 2026
OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) High
CVE-2025-69213 was published for devcode-it/openstamanager (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
LibreNMS contains an authenticated SQL Injection vulnerability High
CVE-2020-36947 was published for librenms/librenms (Composer) Jan 27, 2026
Active Record component in Ruby on Rails has a data-type injection vulnerability Critical
CVE-2013-3221 was published for activerecord (RubyGems) May 14, 2022
geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure High
CVE-2025-69662 was published for geopandas (pip) Jan 30, 2026
EGroupware has SQL Injection in Nextmatch Filter Processing High
CVE-2026-22243 was published for egroupware/egroupware (Composer) Jan 28, 2026
lukasz-rybak
Credited to lukasz-rybak
Duplicate Advisory: terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024 withdrawn
Possible SQL injection in tablelookupwizard Contao Extension Critical
GHSA-v3mr-gp7j-pw5w was published for terminal42/contao-tablelookupwizard (Composer) Feb 10, 2022
WeKnora vulnerable to SQL Injection High
CVE-2026-22687 was published for github.com/Tencent/WeKnora (Go) Jan 9, 2026
passer-W
Credited to passer-W
Pimcore Has an Incomplete Patch for CVE-2023-30848 High
CVE-2026-23492 was published for pimcore/pimcore (Composer) Jan 14, 2026
Snow1nd
Credited to Snow1nd
ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection High
GHSA-5qw5-wf2q-f538 was published for activerecord-jdbc-adapter (RubyGems) Jan 16, 2026
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM Moderate
GHSA-38cw-85xc-xr9x was published for @veramo/data-store (npm) Jan 16, 2026
rekter0
Credited to rekter0
Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter High
CVE-2021-47763 was published for aimeos/aimeos-laravel (Composer) Jan 15, 2026
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
CoreShop Vulnerable to SQL Injection via Admin Reports Moderate
CVE-2026-22242 was published for coreshop/core-shop (Composer) Jan 7, 2026
PlyNatwara bypazs
Credited to PlyNatwara and bypazs
XWiki allows SQL injection in query endpoint of REST API with Oracle Critical
CVE-2024-56158 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 12, 2025
XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService Critical
CVE-2025-65091 was published for org.xwiki.contrib:macro-fullcalendar-pom (Maven) Jan 9, 2026
Ghost has SQL Injection in Members Activity Feed Moderate
CVE-2026-22596 was published for ghost (npm) Jan 8, 2026
odgrso
Credited to odgrso
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database