Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically... High Unreviewed
CVE-2026-3021 was published Mar 16, 2026
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically... High Unreviewed
CVE-2026-3022 was published Mar 16, 2026
Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters High
CVE-2026-32247 was published for graphiti-core (pip) Mar 12, 2026
romain-deperne Credited to romain-deperne
Parse Server has a NoSQL injection via token type in password reset and email verification endpoints High
CVE-2026-30941 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
New API has an SQL LIKE Wildcard Injection DoS via Token Search High
CVE-2026-25591 was published for github.com/QuantumNous/new-api (Go) Feb 23, 2026
xuemian168 Credited to xuemian168, callmeiks, and Calcium-Ion callmeiks callmeiks
Calcium-Ion Calcium-Ion
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion High
CVE-2025-24787 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee Credited to nnsee, modelorona, and hkdeman modelorona modelorona
hkdeman hkdeman
An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen.... High Unreviewed
CVE-2018-7829 was published May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of... High Unreviewed
CVE-2017-12904 was published May 13, 2022
Sort order SQL injection in Administrate High
CVE-2020-5257 was published for administrate (RubyGems) Mar 13, 2020
becojo Credited to becojo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database