GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
3,254 advisories
Filter by severity
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in ...
Critical
Unreviewed
CVE-2022-25488
was published
Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in...
Critical
Unreviewed
CVE-2022-25490
was published
Mar 16, 2022
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in ...
Critical
Unreviewed
CVE-2022-25505
was published
Mar 22, 2022
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST...
Critical
Unreviewed
CVE-2022-0739
was published
Mar 22, 2022
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id...
Critical
Unreviewed
CVE-2022-0760
was published
Mar 22, 2022
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries...
Critical
Unreviewed
CVE-2022-25222
was published
Mar 24, 2022
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...
Critical
Unreviewed
CVE-2021-27468
was published
Mar 24, 2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the...
Critical
Unreviewed
CVE-2022-26283
was published
Mar 23, 2022
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
Critical
Unreviewed
CVE-2021-43735
was published
Mar 24, 2022
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the...
Critical
Unreviewed
CVE-2022-0694
was published
Mar 22, 2022
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...
Critical
Unreviewed
CVE-2021-27464
was published
Mar 24, 2022
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation...
Critical
Unreviewed
CVE-2021-27472
was published
Mar 24, 2022
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username...
Critical
Unreviewed
CVE-2021-43650
was published
Mar 23, 2022
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which...
Critical
Unreviewed
CVE-2021-44088
was published
Mar 19, 2022
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability,...
Critical
Unreviewed
CVE-2022-0757
was published
Mar 19, 2022
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id...
Critical
Unreviewed
CVE-2022-0747
was published
Mar 22, 2022
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in ...
Critical
Unreviewed
CVE-2021-43700
was published
Mar 25, 2022
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column...
Critical
Unreviewed
CVE-2022-25517
was published
Mar 23, 2022
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User...
Critical
Unreviewed
CVE-2021-25070
was published
Mar 29, 2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the...
Critical
Unreviewed
CVE-2022-26285
was published
Mar 23, 2022
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via...
Critical
Unreviewed
CVE-2022-26284
was published
Mar 23, 2022
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the...
Critical
Unreviewed
CVE-2022-0846
was published
Mar 29, 2022
Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter...
Critical
Unreviewed
CVE-2022-26268
was published
Mar 29, 2022
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and...
Critical
Unreviewed
CVE-2022-0787
was published
Mar 29, 2022
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id...
Critical
Unreviewed
CVE-2022-0784
was published
Mar 29, 2022
ProTip!
Advisories are also available from the
GraphQL API