GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
350 advisories
Filter by severity
YesWiki has Authenticated SQL Injection via ReactionManager
High
CVE-2026-52775
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki: Second-Order SQL Injection in Page Delete API via Unescaped Page Tag (`ApiController::deletePage`)
High
CVE-2026-52771
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki: SQL Injection possible through public Bazar entry-listing APIs via numeric `query`/`queries` filters
High
CVE-2026-52770
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki: SQL injection via the `recentchanges` action `period` argument leads to arbitrary DB read
Moderate
CVE-2026-52763
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
Mautic has SQL Injection in API Contact Filtering
High
CVE-2026-4776
was published
for
mautic/core
(Composer)
Jul 2, 2026
TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
High
CVE-2026-49741
was published
for
typo3/cms-core
(Composer)
Jun 12, 2026
ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
High
CVE-2026-38739
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 29, 2026
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
High
CVE-2026-5394
was published
for
pimcore/pimcore
(Composer)
May 28, 2026
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Moderate
CVE-2026-45073
was published
for
symfony/cache
(Composer)
May 27, 2026
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
High
CVE-2026-44741
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
May 27, 2026
Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
High
CVE-2026-44739
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
YesWiki: Unauthenticated SQL Injection
Critical
CVE-2026-46670
was published
for
yeswiki/yeswiki
(Composer)
May 22, 2026
Drupal Core has a SQL Injection issue
Critical
CVE-2026-9082
was published
for
drupal/core
(Composer)
May 20, 2026
BillaBear is Vulnerable to SQL Injection in the EventRepository
High
CVE-2026-31069
was published
for
billabear/billabear
(Composer)
May 19, 2026
TYPO3 SQL Injection in extension "Address List" (tt_address)
High
CVE-2026-8827
was published
for
friendsoftypo3/tt-address
(Composer)
May 19, 2026
georgringer/news has SQL Injection in extension "News system" (news)
High
CVE-2026-8726
was published
for
georgringer/news
(Composer)
May 19, 2026
Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha
Critical
GHSA-ch9q-c9mp-j5gq
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 15, 2026
•
withdrawn
Duplicate Advisory: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
High
GHSA-p9wc-4pjv-rg82
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 15, 2026
•
withdrawn
elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL)
High
CVE-2026-44521
was published
for
studio-42/elfinder
(Composer)
May 11, 2026
Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete
High
CVE-2026-42550
was published
for
flightphp/core
(Composer)
May 6, 2026
phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha
Critical
CVE-2026-46364
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 6, 2026
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
High
CVE-2026-46359
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 6, 2026
MixPHP Framework has an SQL injection vulnerability via crafted `data` array
Moderate
CVE-2026-42474
was published
for
mix/mix
(Composer)
May 1, 2026
MixPHP Framework has an SQL injection vulnerability
Moderate
CVE-2026-42475
was published
for
mix/mix
(Composer)
May 1, 2026
Duplicate Advisory: Pimcore admin users can trigger SQL Injection
High
GHSA-c8g3-x47w-8q7p
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2026
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API