Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

350 advisories

Loading
YesWiki has Authenticated SQL Injection via ReactionManager High
CVE-2026-52775 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
SnailSploit Credited to SnailSploit and 0xShemesh 0xShemesh 0xShemesh
YesWiki: Second-Order SQL Injection in Page Delete API via Unescaped Page Tag (`ApiController::deletePage`) High
CVE-2026-52771 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
hash3liZer Credited to hash3liZer
YesWiki: SQL Injection possible through public Bazar entry-listing APIs via numeric `query`/`queries` filters High
CVE-2026-52770 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
sondt99 Credited to sondt99
YesWiki: SQL injection via the `recentchanges` action `period` argument leads to arbitrary DB read Moderate
CVE-2026-52763 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
CosmicCrusader23 Credited to CosmicCrusader23
Mautic has SQL Injection in API Contact Filtering High
CVE-2026-4776 was published for mautic/core (Composer) Jul 2, 2026
Senku01 Credited to Senku01, Harish4948, patrykgruszka, and LeuchtfeuerDigitalMarketing Harish4948 Harish4948
patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework High
CVE-2026-49741 was published for typo3/cms-core (Composer) Jun 12, 2026
ezsystems/ezpublish-legacy has a SQL injection in dfscleanup High
CVE-2026-38739 was published for ezsystems/ezpublish-legacy (Composer) May 29, 2026
Goaterino Credited to Goaterino
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save High
CVE-2026-5394 was published for pimcore/pimcore (Composer) May 28, 2026
researchatfluidattacks Credited to researchatfluidattacks
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix Moderate
CVE-2026-45073 was published for symfony/cache (Composer) May 27, 2026
FORIMOC Credited to FORIMOC and nicolas-grekas nicolas-grekas nicolas-grekas
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter High
CVE-2026-44741 was published for pimcore/admin-ui-classic-bundle (Composer) May 27, 2026
tikket1 Credited to tikket1
Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration High
CVE-2026-44739 was published for pimcore/pimcore (Composer) May 27, 2026
msayedZiko Credited to msayedZiko
YesWiki: Unauthenticated SQL Injection Critical
CVE-2026-46670 was published for yeswiki/yeswiki (Composer) May 22, 2026
SamyGhannad Credited to SamyGhannad
Drupal Core has a SQL Injection issue Critical
CVE-2026-9082 was published for drupal/core (Composer) May 20, 2026
Rudloff Credited to Rudloff and orbegam orbegam orbegam
BillaBear is Vulnerable to SQL Injection in the EventRepository High
CVE-2026-31069 was published for billabear/billabear (Composer) May 19, 2026
TYPO3 SQL Injection in extension "Address List" (tt_address) High
CVE-2026-8827 was published for friendsoftypo3/tt-address (Composer) May 19, 2026
eliashaeussler Credited to eliashaeussler
georgringer/news has SQL Injection in extension "News system" (news) High
CVE-2026-8726 was published for georgringer/news (Composer) May 19, 2026
eliashaeussler Credited to eliashaeussler and RobertLang RobertLang RobertLang
Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha Critical
GHSA-ch9q-c9mp-j5gq was published for phpmyfaq/phpmyfaq (Composer) May 15, 2026 withdrawn
Duplicate Advisory: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields High
GHSA-p9wc-4pjv-rg82 was published for phpmyfaq/phpmyfaq (Composer) May 15, 2026 withdrawn
elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL) High
CVE-2026-44521 was published for studio-42/elfinder (Composer) May 11, 2026
elulq Credited to elulq
Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete High
CVE-2026-42550 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha Critical
CVE-2026-46364 was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields High
CVE-2026-46359 was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
MixPHP Framework has an SQL injection vulnerability via crafted `data` array Moderate
CVE-2026-42474 was published for mix/mix (Composer) May 1, 2026
MixPHP Framework has an SQL injection vulnerability Moderate
CVE-2026-42475 was published for mix/mix (Composer) May 1, 2026
Duplicate Advisory: Pimcore admin users can trigger SQL Injection High
GHSA-c8g3-x47w-8q7p was published for pimcore/pimcore (Composer) Apr 27, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API