GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,902 advisories
Filter by severity
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for...
High
Unreviewed
CVE-2022-24407
was published
Feb 25, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping...
High
Unreviewed
CVE-2022-0651
was published
Feb 25, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping...
High
Unreviewed
CVE-2022-25148
was published
Feb 25, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping...
High
Unreviewed
CVE-2022-25149
was published
Feb 25, 2022
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids...
High
Unreviewed
CVE-2021-25069
was published
Feb 22, 2022
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST...
High
Unreviewed
CVE-2021-4208
was published
Feb 22, 2022
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the...
High
Unreviewed
CVE-2022-0255
was published
Feb 22, 2022
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby...
High
Unreviewed
CVE-2022-0228
was published
Feb 22, 2022
BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the...
High
Unreviewed
CVE-2021-44302
was published
Feb 20, 2022
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL...
High
Unreviewed
CVE-2020-8242
was published
Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
High
Unreviewed
CVE-2022-21176
was published
Feb 19, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping...
High
Unreviewed
CVE-2022-0513
was published
Feb 17, 2022
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via...
High
Unreviewed
CVE-2022-24226
was published
Feb 16, 2022
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL...
High
Unreviewed
CVE-2022-0190
was published
Feb 15, 2022
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in ...
High
Unreviewed
CVE-2022-24646
was published
Feb 12, 2022
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753,...
High
Unreviewed
CVE-2022-22540
was published
Feb 11, 2022
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of...
High
Unreviewed
CVE-2021-37197
was published
Feb 10, 2022
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not...
High
Unreviewed
CVE-2021-44866
was published
Feb 10, 2022
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to...
High
Unreviewed
CVE-2022-23873
was published
Feb 9, 2022
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an...
High
Unreviewed
CVE-2022-24121
was published
Feb 9, 2022
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id...
High
Unreviewed
CVE-2021-24919
was published
Feb 2, 2022
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component...
High
Unreviewed
CVE-2021-46459
was published
Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator...
High
Unreviewed
CVE-2022-24264
was published
Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator...
High
Unreviewed
CVE-2022-24265
was published
Feb 1, 2022
ProTip!
Advisories are also available from the
GraphQL API