Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

11,393 advisories

Loading
SQL Injection in tribalsystems/zenario Moderate
CVE-2021-27672 was published for tribalsystems/zenario (Composer) Jun 8, 2021
SQL Injection in t3/dce High
CVE-2021-31777 was published for t3/dce (Composer) Jun 8, 2021
SQL Injection in NukeViet Critical
CVE-2019-7726 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
SQL Injection in gogs.io/gogs Moderate
CVE-2014-8681 was published for github.com/gogits/gogs (Go) Jun 29, 2021
SQL Injection in Gogs High
CVE-2014-8682 was published for gogs.io/gogs (Go) Jun 29, 2021
SQL injection in pimcore/pimcore High
CVE-2021-23405 was published for pimcore/pimcore (Composer) Jul 13, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
SQL injection in TYPO3 extension Critical
CVE-2021-38302 was published for ecodev/newsletter (Composer) Sep 2, 2021
Content object state fetch functions open to SQL injection High
GHSA-jpwx-ffjq-wr4w was published for ezsystems/ezpublish-legacy (Composer) Sep 7, 2021
SQL Injection in Subrion CMS Critical
CVE-2020-18155 was published for intelliants/subrion (Composer) Sep 8, 2021
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
SQL Injection in topthink/thinkphp Critical
CVE-2020-20120 was published for topthink/thinkphp (Composer) Sep 30, 2021
SQL Injection in medoo Critical
CVE-2019-10762 was published for catfan/medoo (Composer) Oct 12, 2021
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
SQL injection in Apache DolphinScheduler High
CVE-2021-27644 was published for org.apache.dolphinscheduler:dolphinscheduler-server (Maven) Nov 3, 2021
DBAL 3 SQL Injection Security Vulnerability Critical
CVE-2021-43608 was published for doctrine/dbal (Composer) Nov 16, 2021
The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager... High Unreviewed
CVE-2021-24847 was published Nov 17, 2021
SQL Injection in thinkjs High
CVE-2020-21176 was published for thinkjs (npm) Nov 19, 2021
iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An... High Unreviewed
CVE-2021-36300 was published Nov 24, 2021
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL... High Unreviewed
CVE-2021-36299 was published Nov 24, 2021
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is... Critical Unreviewed
CVE-2021-36916 was published Nov 25, 2021
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal... High Unreviewed
CVE-2021-36807 was published Nov 27, 2021
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not... Critical Unreviewed
CVE-2021-24915 was published Nov 30, 2021
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and... High Unreviewed
CVE-2021-24860 was published Nov 30, 2021
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields... High Unreviewed
CVE-2021-24889 was published Nov 30, 2021
ProTip! Advisories are also available from the GraphQL API