GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
3,324 advisories
Filter by severity
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...
Critical
Unreviewed
CVE-2021-27464
was published
Mar 24, 2022
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation...
Critical
Unreviewed
CVE-2021-27472
was published
Mar 24, 2022
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries...
Critical
Unreviewed
CVE-2022-25222
was published
Mar 24, 2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the...
Critical
Unreviewed
CVE-2022-26283
was published
Mar 23, 2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the...
Critical
Unreviewed
CVE-2022-26285
was published
Mar 23, 2022
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via...
Critical
Unreviewed
CVE-2022-26284
was published
Mar 23, 2022
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username...
Critical
Unreviewed
CVE-2021-43650
was published
Mar 23, 2022
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column...
Critical
Unreviewed
CVE-2022-25517
was published
Mar 23, 2022
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in ...
Critical
Unreviewed
CVE-2022-25505
was published
Mar 22, 2022
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST...
Critical
Unreviewed
CVE-2022-0739
was published
Mar 22, 2022
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the...
Critical
Unreviewed
CVE-2022-0694
was published
Mar 22, 2022
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id...
Critical
Unreviewed
CVE-2022-0760
was published
Mar 22, 2022
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id...
Critical
Unreviewed
CVE-2022-0747
was published
Mar 22, 2022
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which...
Critical
Unreviewed
CVE-2021-44088
was published
Mar 19, 2022
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability,...
Critical
Unreviewed
CVE-2022-0757
was published
Mar 19, 2022
Online Project Time Management System v1.0 was discovered to contain a SQL injection...
Critical
Unreviewed
CVE-2022-26293
was published
Mar 17, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in...
Critical
Unreviewed
CVE-2022-25492
was published
Mar 16, 2022
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in ...
Critical
Unreviewed
CVE-2022-25488
was published
Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in...
Critical
Unreviewed
CVE-2022-25490
was published
Mar 16, 2022
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via...
Critical
Unreviewed
CVE-2022-25494
was published
Mar 16, 2022
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using...
Critical
Unreviewed
CVE-2021-25007
was published
Mar 15, 2022
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the...
Critical
Unreviewed
CVE-2022-0169
was published
Mar 15, 2022
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location...
Critical
Unreviewed
CVE-2022-0658
was published
Mar 15, 2022
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the...
Critical
Unreviewed
CVE-2022-24600
was published
Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.
Critical
Unreviewed
CVE-2022-24605
was published
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API