What is GHSA-hqv7-8cjm-q98x?

GHSA-hqv7-8cjm-q98x is a security advisory published by GitHub Security Advisories with Low severity. A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the...

Which CVE IDs does GHSA-hqv7-8cjm-q98x cover?

GHSA-hqv7-8cjm-q98x covers the following CVE IDs: CVE-2026-9305. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-hqv7-8cjm-q98x?

GHSA-hqv7-8cjm-q98x has a CVSS v3 base score of 6.3, published by GitHub Security Advisories.

GHSA-hqv7-8cjm-q98xLowCVSS 6.3

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-9305 →

📋 Description

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-9305
https://gist.github.com/YLChen-007/cf501d0a66c81298b2f97e854f3813db
https://vuldb.com/submit/812192
https://vuldb.com/submit/812195
https://vuldb.com/vuln/365252
https://vuldb.com/vuln/365252/cti
https://github.com/advisories/GHSA-hqv7-8cjm-q98x