GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
443 advisories
Filter by severity
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
High
GHSA-4mg9-vhxq-vm7j
was published
for
illuminate/database
(Composer)
Apr 29, 2021
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Critical
CVE-2021-21427
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
SQL Injection via in django-debug-toolbar
High
CVE-2021-30459
was published
for
django-debug-toolbar
(pip)
Apr 16, 2021
SQL Injection in moodle
Moderate
CVE-2020-25700
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Critical
CVE-2021-28381
was published
for
fluidtypo3/vhs
(Composer)
Mar 29, 2021
Rating Script Service expose XWiki to SQL injection
High
CVE-2021-21380
was published
for
org.xwiki.platform:xwiki-platform-ratings-api
(Maven)
Mar 23, 2021
Madge vulnerable to command injection
High
CVE-2021-23352
was published
for
madge
(npm)
Mar 12, 2021
Blind SQL injection in PrestaShop productcomments module
Low
CVE-2020-26248
was published
for
prestashop/productcomments
(Composer)
Jan 20, 2021
Query Binding Exploitation
High
CVE-2021-21263
was published
for
illuminate/database
(Composer)
Jan 19, 2021
SQL Injection in untitled-model
High
GHSA-hq8g-qq57-5275
was published
for
untitled-model
(npm)
Sep 11, 2020
SQL Injection in sails-mysql
High
GHSA-hx5x-49mm-vmhw
was published
for
sails-mysql
(npm)
Sep 3, 2020
NoSQL Injection in loopback-connector-mongodb
High
GHSA-hxwc-5vw9-2w4w
was published
for
loopback-connector-mongodb
(npm)
Sep 2, 2020
NoSQL injection in express-cart
High
GHSA-f5cv-xrv9-r8w7
was published
for
express-cart
(npm)
Sep 1, 2020
SQL Injection via GeoJSON in sequelize
Critical
CVE-2016-1000225
was published
for
sequelize
(npm)
Sep 1, 2020
SQL Injection in Kylin
Moderate
CVE-2020-1937
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
SQL Injection in Kylin
Critical
CVE-2020-13926
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
SQL injection in Tortoise ORM
Moderate
CVE-2020-11010
was published
for
tortoise-orm
(pip)
Apr 20, 2020
SQL injection in Centreon
Critical
CVE-2019-16194
was published
for
centreon/centreon
(Composer)
Feb 11, 2020
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
ProTip!
Advisories are also available from the
GraphQL API