GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17,529 advisories
Filter by severity
YesWiki has Authenticated SQL Injection via ReactionManager
High
CVE-2026-52775
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki: Second-Order SQL Injection in Page Delete API via Unescaped Page Tag (`ApiController::deletePage`)
High
CVE-2026-52771
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki: SQL Injection possible through public Bazar entry-listing APIs via numeric `query`/`queries` filters
High
CVE-2026-52770
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki: SQL injection via the `recentchanges` action `period` argument leads to arbitrary DB read
Moderate
CVE-2026-52763
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this...
Critical
Unreviewed
CVE-2026-56292
was published
Jul 9, 2026
SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker...
High
Unreviewed
CVE-2026-50644
was published
Jul 9, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-5955
was published
Jul 9, 2026
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for...
Moderate
Unreviewed
CVE-2026-14342
was published
Jul 9, 2026
The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin...
Moderate
Unreviewed
CVE-2026-13011
was published
Jul 9, 2026
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute...
Moderate
Unreviewed
CVE-2026-39179
was published
Jul 9, 2026
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute...
Moderate
Unreviewed
CVE-2026-39178
was published
Jul 9, 2026
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an...
Critical
Unreviewed
CVE-2026-9074
was published
Jul 8, 2026
Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities,...
High
Unreviewed
CVE-2026-15067
was published
Jul 8, 2026
SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions...
Critical
Unreviewed
CVE-2026-15062
was published
Jul 8, 2026
n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection...
Moderate
Unreviewed
CVE-2026-59257
was published
Jul 8, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-8307
was published
Jul 8, 2026
The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the ...
High
Unreviewed
CVE-2026-6230
was published
Jul 8, 2026
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to time-based blind...
High
Unreviewed
CVE-2026-6854
was published
Jul 8, 2026
The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic...
Moderate
Unreviewed
CVE-2026-12936
was published
Jul 8, 2026
The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’...
High
Unreviewed
CVE-2026-9700
was published
Jul 8, 2026
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
Moderate
CVE-2026-53572
was published
for
github.com/kedacore/keda/v2
(Go)
Jul 7, 2026
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export
High
GHSA-cgfv-jrfp-2r7v
was published
for
io.openremote:openremote-manager
(Maven)
Jul 6, 2026
Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
Critical
CVE-2026-54760
was published
for
langroid
(pip)
Jul 6, 2026
Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing...
High
Unreviewed
CVE-2026-14809
was published
Jul 6, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-4321
was published
Jul 3, 2026
ProTip!
Advisories are also available from the
GraphQL API