CVE-2026-29953

Description

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go.

References

• https://gist.github.com/b0b0haha/fb59199fb1fdf9414e76442e0599bfed
• https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md