Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,449 advisories

Loading
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the... Critical Unreviewed
CVE-2026-23696 was published Apr 7, 2026
The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL... Critical Unreviewed
CVE-2024-36058 was published Apr 7, 2026
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in... Critical Unreviewed
CVE-2026-33615 was published Apr 2, 2026
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads` Critical
CVE-2026-34934 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
SciTokens is vulnerable to SQL Injection in KeyCache Critical
CVE-2026-32714 was published for scitokens (pip) Mar 31, 2026
pmcao Credited to pmcao and djw8605 djw8605 djw8605
SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly... Critical Unreviewed
CVE-2026-4317 was published Mar 31, 2026
MikroORM is vulnerable to SQL Injection via specially crafted object Critical
CVE-2026-34220 was published for @mikro-orm/core (npm) Mar 29, 2026
lukas-eu Credited to lukas-eu
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the... Critical Unreviewed
CVE-2026-30533 was published Mar 27, 2026
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the... Critical Unreviewed
CVE-2026-30530 was published Mar 27, 2026
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the... Critical Unreviewed
CVE-2026-30532 was published Mar 27, 2026
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode Critical
CVE-2026-33660 was published for n8n (npm) Mar 25, 2026
duddnr0615k Credited to duddnr0615k, simonkoeck, c0rydoras, and nil340 simonkoeck simonkoeck
c0rydoras c0rydoras nil340 nil340
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-32539 was published Mar 25, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-32499 was published Mar 25, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-31920 was published Mar 25, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-25371 was published Mar 25, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-25377 was published Mar 25, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-25340 was published Mar 25, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-24993 was published Mar 25, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-22484 was published Mar 25, 2026
SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and... Critical Unreviewed
CVE-2025-41007 was published Mar 23, 2026
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve,... Critical Unreviewed
CVE-2025-41008 was published Mar 23, 2026
AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) Critical
CVE-2026-33352 was published for wwbn/avideo (Composer) Mar 19, 2026
iconnnjka Credited to iconnnjka
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-27413 was published Mar 19, 2026
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection. Critical Unreviewed
CVE-2025-67830 was published Mar 18, 2026
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection. Critical Unreviewed
CVE-2025-67829 was published Mar 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database