GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
443 advisories
Filter by severity
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Moderate
CVE-2024-32872
was published
for
Plumber.Workflow
(NuGet)
Apr 24, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
High
CVE-2024-32480
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS vulnerable to SQL injection time-based leads to database extraction
High
CVE-2024-32461
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
Mautic SQL Injection in dynamic Reports
Moderate
CVE-2022-25775
was published
for
mautic/core
(Composer)
Apr 12, 2024
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23115
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23118
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23117
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-0637
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23116
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23119
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
phpMyFAQ SQL injections at insertentry & saveentry
High
CVE-2024-28107
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ SQL Injection at "Save News"
High
CVE-2024-27299
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
SQL injection in Folio Spring Module Core
Moderate
CVE-2022-4963
was published
for
org.folio:spring-module-core
(Maven)
Mar 21, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
Moderate
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Protocol Message Size Overflow
Moderate
CVE-2024-27304
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Line Comment Creation
Moderate
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Critical
CVE-2024-27298
was published
for
parse-server
(npm)
Mar 1, 2024
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Critical
CVE-2024-1597
was published
for
org.postgresql:postgresql
(Maven)
Feb 21, 2024
Duplicate Advisory: SQL injection in pgjdbc
Critical
GHSA-xfg6-62px-cxc2
was published
for
org.postgresql:postgresql
(Maven)
Feb 19, 2024
•
withdrawn
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Critical
CVE-2024-24811
was published
for
Products.SQLAlchemyDA
(pip)
Feb 7, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana/pkg/tsdb/mysql
(Go)
Jan 31, 2024
SQL Injection in Admin download files as zip
High
CVE-2024-23646
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
SQL injection in llama-index
Critical
CVE-2024-23751
was published
for
llama-index
(pip)
Jan 22, 2024
ProTip!
Advisories are also available from the
GraphQL API