GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
29 advisories
Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
Critical
CVE-2026-41478
was published
for
@saltcorn/server
(npm)
Apr 16, 2026
@vendure/core has a SQL Injection vulnerability
Critical
CVE-2026-40887
was published
for
@vendure/core
(npm)
Apr 14, 2026
MikroORM is vulnerable to SQL Injection via specially crafted object
Critical
CVE-2026-34220
was published
for
@mikro-orm/core
(npm)
Mar 29, 2026
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
Critical
CVE-2026-33660
was published
for
n8n
(npm)
Mar 25, 2026
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Critical
CVE-2024-27298
was published
for
parse-server
(npm)
Mar 1, 2024
OneUptime ClickHouse SQL Injection via Aggregate Query Parameters
Critical
CVE-2026-32306
was published
for
oneuptime
(npm)
Mar 13, 2026
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL
Critical
CVE-2026-31871
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL
Critical
CVE-2026-31856
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server: SQL injection via dot-notation field name in PostgreSQL
Critical
CVE-2026-31840
was published
for
parse-server
(npm)
Mar 10, 2026
n8n has Potential Remote Code Execution via Merge Node
Critical
CVE-2026-27497
was published
for
n8n
(npm)
Feb 25, 2026
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Critical
CVE-2026-25544
was published
for
@payloadcms/drizzle
(npm)
Feb 5, 2026
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Critical
CVE-2022-29822
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
SQL Injection via GeoJSON in sequelize
Critical
CVE-2016-1000225
was published
for
sequelize
(npm)
Sep 1, 2020
feathers-sequelize contains improper input validation leading to SQL injection
Critical
CVE-2022-2422
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
Sequelize vulnerable to SQL Injection via replacements
Critical
CVE-2023-25813
was published
for
sequelize
(npm)
Feb 22, 2023
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Critical
CVE-2022-35942
was published
for
loopback-connector-postgresql
(npm)
Aug 11, 2022
ProTip!
Advisories are also available from the
GraphQL API