Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin Moderate
CVE-2026-34386 was published for github.com/fleetdm/fleet/v4 (Go) Mar 30, 2026
prateek-0490 Credited to prateek-0490
Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database Moderate
CVE-2026-34385 was published for github.com/fleetdm/fleet/v4 (Go) Mar 30, 2026
prateek-0490 Credited to prateek-0490
Ory Keto has a SQL injection via forged pagination tokens High
CVE-2026-33505 was published for github.com/ory/keto (Go) Mar 20, 2026
Ory Hydra has a SQL injection via forged pagination tokens High
CVE-2026-33504 was published for github.com/ory/hydra (Go) Mar 20, 2026
Ory Kratos has a SQL injection via forged pagination tokens High
CVE-2026-33503 was published for github.com/ory/kratos (Go) Mar 20, 2026
SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API Critical
CVE-2026-32767 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
iconnnjka Credited to iconnnjka
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool Critical
CVE-2026-30860 was published for github.com/Tencent/WeKnora (Go) Mar 6, 2026
aleister1102 Credited to aleister1102
SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access Moderate
CVE-2026-29073 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 3, 2026
rezmoss Credited to rezmoss
Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter Moderate
CVE-2026-26186 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
fuzzztf Credited to fuzzztf
WeKnora vulnerable to SQL Injection Moderate
CVE-2026-22687 was published for github.com/Tencent/WeKnora (Go) Jan 9, 2026
passer-W Credited to passer-W
pREST has a Systemic SQL Injection Vulnerability Critical
CVE-2025-58450 was published for github.com/prest/prest/v2 (Go) Sep 8, 2025
v1ktor0t Credited to v1ktor0t
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
eKuiper API endpoints handling SQL queries with user-controlled table names. High
CVE-2025-54379 was published for github.com/lf-edge/ekuiper (Go) Jul 24, 2025
odaysec Credited to odaysec
uptrace pgdriver SQL injection vulnerability Moderate
CVE-2024-44906 was published for github.com/uptrace/bun/driver/pgdriver (Go) Jun 12, 2025
maxfierke Credited to maxfierke and Aoang Aoang Aoang
go-pg SQL injection vulnerability via the component /types/append_value.go Moderate
CVE-2024-44905 was published for github.com/go-pg/pg (Go) Jun 12, 2025
elliotcourant Credited to elliotcourant
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr Credited to 4rdr
SeaweedFS Vulnerable to SQL Injection Moderate
CVE-2024-40120 was published for github.com/seaweedfs/seaweedfs (Go) May 16, 2025
SQL injection in Apache Traffic Control High
CVE-2024-45387 was published for github.com/apache/trafficcontrol/v8 (Go) Dec 23, 2024
Devtron has SQL Injection in CreateUser API High
CVE-2024-45794 was published for github.com/devtron-labs/devtron (Go) Nov 7, 2024
leonnewton Credited to leonnewton
Navidrome has Multiple SQL Injections and ORM Leak Critical
CVE-2024-47062 was published for github.com/navidrome/navidrome (Go) Sep 20, 2024
snyff Credited to snyff
CWA-2024-006: wasmd non-deterministic module_query_safe query Moderate
GHSA-fpgj-cr28-fvpx was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
amimart Credited to amimart
LF Edge eKuiper has a SQL Injection in sqlKvStore High
CVE-2024-43406 was published for ekuiper (Go) Aug 20, 2024
leonnewton Credited to leonnewton
SQL injection in github.com/stashapp/stash Critical
CVE-2024-32231 was published for github.com/stashapp/stash (Go) Aug 15, 2024
rudder-server is vulnerable to SQL injection Critical
CVE-2023-30625 was published for github.com/rudderlabs/rudder-server (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35182 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database