Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16,944 advisories

Loading
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort'... High Unreviewed
CVE-2026-4060 was published May 2, 2026
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the ... High Unreviewed
CVE-2026-4061 was published May 2, 2026
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids... High Unreviewed
CVE-2026-4062 was published May 2, 2026
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote... High Unreviewed
CVE-2026-7489 was published May 2, 2026
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup... High Unreviewed
CVE-2026-7649 was published May 2, 2026
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the ... Moderate Unreviewed
CVE-2026-6457 was published May 2, 2026
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the... Moderate Unreviewed
CVE-2026-42474 was published May 1, 2026
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the... Moderate Unreviewed
CVE-2026-42475 was published May 1, 2026
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin... Moderate Unreviewed
CVE-2026-37505 was published May 1, 2026
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the... High Unreviewed
CVE-2026-7435 was published Apr 30, 2026
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting.... Moderate Unreviewed
CVE-2026-3346 was published Apr 30, 2026
CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` High
CVE-2026-42031 was published for ckan (pip) Apr 29, 2026
ddd Credited to ddd
XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows... High Unreviewed
CVE-2018-25300 was published Apr 29, 2026
n8n has SQL Injection in SeaTable Node Moderate
CVE-2026-42229 was published for n8n (npm) Apr 29, 2026
sm1ee Credited to sm1ee
n8n has SQL Injection in Snowflake and MySQL Nodes Moderate
CVE-2026-42237 was published for n8n (npm) Apr 29, 2026
appsmith has SQL Injection in FilterDataService via Unsafe DROP TABLE Execution High
GHSA-h8cj-hpmg-636v was published for com.appsmith:interfaces (Maven) Apr 29, 2026
liyander Credited to liyander
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-42646 was published Apr 29, 2026
SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “... Critical Unreviewed
CVE-2026-3325 was published Apr 29, 2026
A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue... Moderate Unreviewed
CVE-2025-9742 was published Apr 29, 2026
A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This... Moderate Unreviewed
CVE-2025-9741 was published Apr 29, 2026
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an... Moderate Unreviewed
CVE-2025-9740 was published Apr 29, 2026
mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a... High Unreviewed
CVE-2026-42167 was published Apr 29, 2026
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute... High Unreviewed
CVE-2026-40978 was published Apr 28, 2026
An authenticated administrative user who can import or save DataObject class definitions can... High Unreviewed
CVE-2026-5394 was published Apr 27, 2026
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the... Moderate Unreviewed
CVE-2021-36438 was published Apr 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database