GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
86 advisories
n8n has Potential Remote Code Execution via Merge Node
Critical
CVE-2026-27497
was published
for
n8n
(npm)
Feb 25, 2026
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Critical
CVE-2026-25544
was published
for
@payloadcms/drizzle
(npm)
Feb 5, 2026
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Moderate
GHSA-38cw-85xc-xr9x
was published
for
@veramo/data-store
(npm)
Jan 16, 2026
Ghost has SQL Injection in Members Activity Feed
Moderate
CVE-2026-22596
was published
for
ghost
(npm)
Jan 8, 2026
TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update
High
CVE-2025-60542
was published
for
typeorm
(npm)
Oct 29, 2025
Mongoose search injection vulnerability
High
CVE-2024-53900
was published
for
mongoose
(npm)
Dec 2, 2024
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Critical
CVE-2024-27298
was published
for
parse-server
(npm)
Mar 1, 2024
nocodb SQL Injection vulnerability
Moderate
CVE-2023-43794
was published
for
nocodb
(npm)
Oct 17, 2023
Sequelize vulnerable to SQL Injection via replacements
Critical
CVE-2023-25813
was published
for
sequelize
(npm)
Feb 22, 2023
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
ProTip!
Advisories are also available from the
GraphQL API