Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically... High Unreviewed
CVE-2026-3021 was published Mar 16, 2026
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically... High Unreviewed
CVE-2026-3022 was published Mar 16, 2026
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically... Moderate Unreviewed
CVE-2026-3023 was published Mar 16, 2026
Parse Server: Account takeover via operator injection in authentication data identifier Critical
CVE-2026-32248 was published for parse-server (npm) Mar 12, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters High
CVE-2026-32247 was published for graphiti-core (pip) Mar 12, 2026
romain-deperne Credited to romain-deperne
Parse Server has a NoSQL injection via token type in password reset and email verification endpoints High
CVE-2026-30941 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Sylius has a DQL Injection via API Order Filters Moderate
CVE-2026-31825 was published for sylius/sylius (Composer) Mar 11, 2026
Neosprings Credited to Neosprings and bnBart bnBart bnBart
Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter Critical
CVE-2026-29793 was published for @feathersjs/mongodb (npm) Mar 10, 2026
sofianeelhor Credited to sofianeelhor
New API has an SQL LIKE Wildcard Injection DoS via Token Search High
CVE-2026-25591 was published for github.com/QuantumNous/new-api (Go) Feb 23, 2026
xuemian168 Credited to xuemian168, callmeiks, and Calcium-Ion callmeiks callmeiks
Calcium-Ion Calcium-Ion
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12... Moderate Unreviewed
CVE-2025-36353 was published Jan 31, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12... Moderate Unreviewed
CVE-2025-36366 was published Jan 31, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12... Moderate Unreviewed
CVE-2025-36442 was published Jan 31, 2026
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
Due to insufficient input handling, the SAP Identity Management REST interface allows an... Low Unreviewed
CVE-2026-0504 was published Jan 13, 2026
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment... Moderate Unreviewed
CVE-2025-42884 was published Nov 11, 2025
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could... Moderate Unreviewed
CVE-2025-36185 was published Nov 7, 2025
NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection... Moderate Unreviewed
CVE-2025-23292 was published Sep 30, 2025
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a... Moderate Unreviewed
CVE-2025-33114 was published Jul 29, 2025
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion High
CVE-2025-24787 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee Credited to nnsee, modelorona, and hkdeman modelorona modelorona
hkdeman hkdeman
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2021-1481 was published Nov 15, 2024
The product does not validate any query towards persistent data, resulting in a risk of injection... Critical Unreviewed
CVE-2024-4872 was published Aug 27, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to... Moderate Unreviewed
CVE-2024-31882 was published Aug 14, 2024
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1,... Moderate Unreviewed
CVE-2024-35136 was published Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database