GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
263 advisories
Mongoose search injection vulnerability
High
CVE-2024-53900
was published
for
mongoose
(npm)
Dec 2, 2024
FacturaScripts has SQL Injection in Autocomplete Actions
High
CVE-2026-25514
was published
for
facturascripts/facturascripts
(Composer)
Feb 3, 2026
FacturaScripts has SQL Injection in API ORDER BY Clause
High
CVE-2026-25513
was published
for
facturascripts/facturascripts
(Composer)
Feb 3, 2026
OpenSTAManager has an SQL Injection in the Stampe Module
High
CVE-2025-69215
was published
for
devcode-it/openstamanager
(Composer)
Feb 3, 2026
OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
High
CVE-2025-69213
was published
for
devcode-it/openstamanager
(Composer)
Feb 3, 2026
EGroupware has SQL Injection in Nextmatch Filter Processing
High
CVE-2026-22243
was published
for
egroupware/egroupware
(Composer)
Jan 28, 2026
WeKnora vulnerable to SQL Injection
High
CVE-2026-22687
was published
for
github.com/Tencent/WeKnora
(Go)
Jan 9, 2026
Pimcore Has an Incomplete Patch for CVE-2023-30848
High
CVE-2026-23492
was published
for
pimcore/pimcore
(Composer)
Jan 14, 2026
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
High
CVE-2025-67644
was published
for
langgraph-checkpoint-sqlite
(pip)
Dec 10, 2025
OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter
High
CVE-2025-65103
was published
for
devcode-it/openstamanager
(Composer)
Nov 19, 2025
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
High
CVE-2025-62519
was published
for
phpmyfaq/phpmyfaq
(Composer)
Nov 17, 2025
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter
High
CVE-2025-64519
was published
for
torrentpier/torrentpier
(Composer)
Nov 10, 2025
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
High
CVE-2022-31197
was published
for
org.postgresql:postgresql
(Maven)
Aug 6, 2022
activerecord vulnerable to SQL Injection
High
CVE-2011-2930
was published
for
activerecord
(RubyGems)
Oct 24, 2017
TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update
High
CVE-2025-60542
was published
for
typeorm
(npm)
Oct 29, 2025
ProTip!
Advisories are also available from the
GraphQL API