Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
52
GitHub Actions
50
Go
3,721
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,943
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

16,962 advisories

Loading
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening Critical
GHSA-9h64-2846-7x7f was published for github.com/getaxonflow/axonflow (Go) May 6, 2026
Daptin fuzzy search injects unvalidated column name into raw SQL High
CVE-2026-44349 was published for github.com/daptin/daptin (Go) May 6, 2026
alpakalee Credited to alpakalee
Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete High
CVE-2026-42550 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha Critical
GHSA-289f-fq7w-6q2w was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields High
GHSA-pm8c-3qq3-72w7 was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API Critical
CVE-2026-29090 was published for rucio (pip) May 6, 2026
Mistz1 Credited to Mistz1
Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API Critical
CVE-2026-29080 was published for rucio (pip) May 6, 2026
Mistz1 Credited to Mistz1
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions... High Unreviewed
CVE-2026-1719 was published May 6, 2026
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in... High Unreviewed
CVE-2026-44331 was published May 5, 2026
Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user... Critical Unreviewed
CVE-2026-38428 was published May 5, 2026
YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` High
CVE-2026-43937 was published for YAFNET.Core (NuGet) May 5, 2026
MuhammadUwais Credited to MuhammadUwais
Diesel's SQLite backend has possible UTF-8 corruption High
GHSA-h5x4-m2qf-r4f2 was published for diesel (Rust) May 5, 2026
The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent'... High Unreviewed
CVE-2026-4304 was published May 5, 2026
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress... High Unreviewed
CVE-2026-3359 was published May 5, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-40797 was published May 5, 2026
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for... High Unreviewed
CVE-2026-3456 was published May 5, 2026
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects ... High Unreviewed
CVE-2026-35228 was published May 5, 2026
The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions'... High Unreviewed
CVE-2026-5100 was published May 5, 2026
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort'... High Unreviewed
CVE-2026-4060 was published May 2, 2026
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the ... High Unreviewed
CVE-2026-4061 was published May 2, 2026
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids... High Unreviewed
CVE-2026-4062 was published May 2, 2026
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote... High Unreviewed
CVE-2026-7489 was published May 2, 2026
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup... High Unreviewed
CVE-2026-7649 was published May 2, 2026
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the ... Moderate Unreviewed
CVE-2026-6457 was published May 2, 2026
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin... Moderate Unreviewed
CVE-2026-37505 was published May 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database