CVE-2026-29953

Name of the Vulnerable Software and Affected Versions SchemaHero version 0.23.0

Description A SQL Injection issue exists in SchemaHero version 0.23.0. The issue is located in the columnAsInsert function within the plugins/postgres/lib/column.go file, specifically through the column parameter. The vulnerability allows for potential manipulation of SQL queries through the column parameter.

Recommendations Update to a newer version of SchemaHero that addresses this issue. As a temporary workaround, consider restricting access to the columnAsInsert function or carefully validating the column parameter before use.