Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

248 advisories

Loading
OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter High
CVE-2025-65103 was published for devcode-it/openstamanager (Composer) Nov 19, 2025
XY20130630
Credited to XY20130630
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality High
CVE-2025-62519 was published for phpmyfaq/phpmyfaq (Composer) Nov 17, 2025
XY20130630
Credited to XY20130630
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter High
CVE-2025-64519 was published for torrentpier/torrentpier (Composer) Nov 10, 2025
XY20130630
Credited to XY20130630
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore High
CVE-2025-64104 was published for langgraph-checkpoint-sqlite (pip) Oct 29, 2025
ColeMurray
Credited to ColeMurray
TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update High
CVE-2025-60542 was published for typeorm (npm) Oct 29, 2025
cavadalizada
Credited to cavadalizada
pg8000 SQL injection vulnerability via a specially crafted Python list input High
CVE-2025-61385 was published for pg8000 (pip) Oct 27, 2025
LangGraph's SQLite store implementation has a SQL Injection Vulnerability High
CVE-2025-8709 was published for langgraph-checkpoint-sqlite (pip) Oct 26, 2025
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
Django vulnerable to SQL injection in column aliases High
CVE-2025-59681 was published for django (pip) Oct 1, 2025
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
NodeBB SQL Injection vulnerability High
CVE-2025-50979 was published for nodebb (npm) Aug 27, 2025
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter High
CVE-2025-55156 was published for pyload-ng (pip) Aug 12, 2025
cyjhhh
Credited to cyjhhh
Bacula-web SQL Injection Vulnerability High
CVE-2025-45346 was published for bacula-web/bacula-web (Composer) Jul 29, 2025
z-push/z-push-dev SQL Injection Vulnerability High
CVE-2025-8264 was published for z-push/z-push-dev (Composer) Jul 29, 2025
XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API High
CVE-2025-54385 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 25, 2025
eKuiper API endpoints handling SQL queries with user-controlled table names. High
CVE-2025-54379 was published for github.com/lf-edge/ekuiper (Go) Jul 24, 2025
odaysec
Credited to odaysec
Apache Superset: Improper authorization bypass on row level security via SQL Injection High
CVE-2025-48912 was published for apache-superset (pip) May 30, 2025
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr
Credited to 4rdr
PostHog Plugin Server SQL Injection Vulnerability High
CVE-2025-1520 was published for @posthog/plugin-server (npm) Apr 23, 2025
org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API High
CVE-2025-32968 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 23, 2025
OpenMetadata SQL Injection High
CVE-2024-55238 was published for org.open-metadata:openmetadata-service (Maven) Apr 17, 2025
crud-query-parser SQL Injection vulnerability High
CVE-2025-32020 was published for crud-query-parser (npm) Apr 9, 2025
Flowise Vulnerable to SQL Injection via `tableName` Parameter High
CVE-2025-29189 was published for flowise-components (npm) Apr 9, 2025
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database