Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,384 advisories

Loading
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search... Critical Unreviewed
CVE-2021-44026 was published May 24, 2022
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL... Critical Unreviewed
CVE-2024-1839 was published Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -... Critical Unreviewed
CVE-2024-4228 was published Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-37252 was published Jun 26, 2024
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL... Critical Unreviewed
CVE-2024-6027 was published Jun 21, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Critical Unreviewed
CVE-2024-36779 was published Jun 6, 2024
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via... Critical Unreviewed
CVE-2024-36673 was published Jun 7, 2024
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via... Critical Unreviewed
CVE-2024-4295 was published Jun 5, 2024
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-4743 was published Jun 5, 2024
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql Critical
GHSA-qf36-fx9f-232x was published for zendframework/zendframework1 (Composer) Jun 7, 2024
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL... Critical Unreviewed
CVE-2024-36393 was published Jun 6, 2024
MyBatis-Plus vulnerable to SQL injection via TenantPlugin Critical
CVE-2023-25330 was published for com.baomidou:mybatis-plus (Maven) Apr 5, 2023
DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote... Critical Unreviewed
CVE-2024-5311 was published Jun 3, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php` Critical
CVE-2024-35374 was published for mocodo (pip) May 28, 2024
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system... Critical Unreviewed
CVE-2022-40835 was published Oct 7, 2022
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system... Critical Unreviewed
CVE-2022-40831 was published Oct 7, 2022
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system... Critical Unreviewed
CVE-2022-40826 was published Oct 7, 2022
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system... Critical Unreviewed
CVE-2022-40828 was published Oct 7, 2022
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system... Critical Unreviewed
CVE-2022-40832 was published Oct 7, 2022
ProTip! Advisories are also available from the GraphQL API