GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
Blind SQL injection in shopware
Critical
CVE-2024-22406
was published
for
shopware/core
(Composer)
Jan 17, 2024
Jeecg Boot SQL Injection
Critical
CVE-2023-41543
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
Jeecg Boot SQL injection vulnerability
Critical
CVE-2023-41542
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
RuoYi vulnerable to SQL injection vulnerability
Critical
CVE-2023-49371
was published
for
com.ruoyi:ruoyi
(Maven)
Dec 1, 2023
Apache Cocoon SQL Injection vulnerability
Critical
CVE-2022-45135
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
SQL injection vulnerability in Meshery
Critical
CVE-2023-46575
was published
for
github.com/layer5io/meshery
(Go)
Nov 24, 2023
SQL injection in Apache Submarine
Critical
CVE-2023-37924
was published
for
apache-submarine
(pip)
Nov 22, 2023
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
SQL injection in jeecgboot
Critical
CVE-2023-40989
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Sep 22, 2023
FUXA SQL Injection vulnerability
Critical
CVE-2023-31719
was published
for
fuxa-server
(npm)
Sep 22, 2023
OpenRefine Remote Code execution in project import with mysql jdbc url attack
Critical
CVE-2023-41887
was published
for
org.openrefine:database
(Maven)
Sep 12, 2023
Jeecg boot SQL Injection vulnerability
Critical
CVE-2023-42268
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Sep 8, 2023
PrestaShop SQL manager vulnerability
Critical
CVE-2023-39526
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
SQL injection in jeecg-boot
Critical
CVE-2023-38992
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Jul 28, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
postgraas-server vulnerable to SQL injection
Critical
CVE-2018-25088
was published
for
postgraas-server
(pip)
Jul 18, 2023
jeecg-boot SQL injection vulnerability
Critical
CVE-2023-34659
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 16, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Critical
CVE-2023-30839
was published
for
prestashop/prestashop
(Composer)
Apr 25, 2023
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Critical
CVE-2023-25330
was published
for
com.baomidou:mybatis-plus
(Maven)
Apr 5, 2023
Ming-Soft MCMS vulnerable to SQL injection
Critical
CVE-2020-20913
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 4, 2023
Withdrawn: SQL injection in Yii 2
Critical
CVE-2023-26750
was published
for
yiisoft/yii2
(Composer)
Apr 4, 2023
•
withdrawn
jeecg-boot vulnerable to SQL injection
Critical
CVE-2023-1741
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 31, 2023
jeecg-boot SQL Injection vulnerability
Critical
CVE-2023-1454
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Mar 17, 2023
Funadmin vulnerable to SQL injection
Critical
CVE-2023-24774
was published
for
funadmin/funadmin
(Composer)
Mar 10, 2023
ProTip!
Advisories are also available from the
GraphQL API