GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
100 advisories
Filter by severity
Budibase has nonymous NoSQL operator injection via published-app query templates
Critical
CVE-2026-54350
was published
for
@budibase/server
(npm)
Jun 23, 2026
TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
Moderate
GHSA-9ggv-8w38-r7pm
was published
for
typeorm
(npm)
Jun 19, 2026
budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL
High
GHSA-qqf5-x7mj-v43p
was published
for
budibase
(npm)
Jun 18, 2026
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
Moderate
CVE-2026-54313
was published
for
n8n
(npm)
Jun 16, 2026
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
Moderate
CVE-2026-54310
was published
for
n8n
(npm)
Jun 16, 2026
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
Moderate
CVE-2026-47720
was published
for
fuxa-server
(npm)
Jun 8, 2026
NocoDB: SQL Injection via Column Title in Bulk GroupBy
Moderate
CVE-2026-47384
was published
for
nocodb
(npm)
Jun 5, 2026
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
Moderate
CVE-2026-47375
was published
for
nocodb
(npm)
Jun 5, 2026
AgenticMail API/storage and outbound relay hardening fixes
High
CVE-2026-47255
was published
for
@agenticmail/api
(npm)
May 29, 2026
n8n Has a Source Control Pull SQL Injection
High
CVE-2026-44792
was published
for
n8n
(npm)
May 14, 2026
Strapi Vulnerable to SQL Injection in Content Type Builder
Critical
CVE-2026-22599
was published
for
@strapi/content-type-builder
(npm)
May 13, 2026
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
High
CVE-2026-44635
was published
for
kysely
(npm)
May 11, 2026
MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys
High
CVE-2026-44680
was published
for
@mikro-orm/knex
(npm)
May 8, 2026
n8n has SQL Injection in SeaTable Node
Moderate
CVE-2026-42229
was published
for
n8n
(npm)
Apr 29, 2026
n8n has SQL Injection in Oracle Database Node via Limit Field
Moderate
CVE-2026-42233
was published
for
n8n
(npm)
Apr 29, 2026
n8n has SQL Injection in Snowflake and MySQL Nodes
Moderate
CVE-2026-42237
was published
for
n8n
(npm)
Apr 29, 2026
@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading
High
CVE-2026-41640
was published
for
@nocobase/database
(npm)
Apr 22, 2026
@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call
High
CVE-2026-41641
was published
for
@nocobase/plugin-collection-sql
(npm)
Apr 22, 2026
Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
Critical
CVE-2026-41478
was published
for
@saltcorn/server
(npm)
Apr 16, 2026
@vendure/core has a SQL Injection vulnerability
Critical
CVE-2026-40887
was published
for
@vendure/core
(npm)
Apr 14, 2026
@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler
Low
GHSA-59xv-588h-2vmm
was published
for
@saltcorn/data
(npm)
Apr 10, 2026
Drizzle ORM has SQL injection via improperly escaped SQL identifiers
High
CVE-2026-39356
was published
for
drizzle-orm
(npm)
Apr 8, 2026
NocoBase Has SQL Injection via template variable substitution in workflow SQL node
High
CVE-2026-34825
was published
for
@nocobase/plugin-workflow-sql
(npm)
Apr 1, 2026
Payload has an SQL Injection via Query Handling
High
CVE-2026-34747
was published
for
payload
(npm)
Apr 1, 2026
MikroORM is vulnerable to SQL Injection via specially crafted object
Critical
CVE-2026-34220
was published
for
@mikro-orm/core
(npm)
Mar 29, 2026
ProTip!
Advisories are also available from the
GraphQL API