Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,006 advisories

SQL Injection via in django-debug-toolbar High
CVE-2021-30459 was published for django-debug-toolbar (pip) Apr 16, 2021
alex
Rating Script Service expose XWiki to SQL injection High
CVE-2021-21380 was published for org.xwiki.platform:xwiki-platform-ratings-api (Maven) Mar 23, 2021
Madge vulnerable to command injection High
CVE-2021-23352 was published for madge (npm) Mar 12, 2021
Query Binding Exploitation High
CVE-2021-21263 was published for illuminate/database (Composer) Jan 19, 2021
SQL Injection in untitled-model High
GHSA-hq8g-qq57-5275 was published for untitled-model (npm) Sep 11, 2020
SQL Injection in resquel High
GHSA-crpm-fm48-chj7 was published for resquel (npm) Sep 11, 2020
SQL Injection in sails-mysql High
GHSA-hx5x-49mm-vmhw was published for sails-mysql (npm) Sep 3, 2020
NoSQL Injection in loopback-connector-mongodb High
GHSA-hxwc-5vw9-2w4w was published for loopback-connector-mongodb (npm) Sep 2, 2020
NoSQL injection in express-cart High
GHSA-f5cv-xrv9-r8w7 was published for express-cart (npm) Sep 1, 2020
SQL injection in Django High
CVE-2020-9402 was published for django (pip) Jun 5, 2020
sunSUNQ
SQL Injection in LibreNMS High
CVE-2019-10671 was published for librenms/librenms (Composer) Oct 11, 2019
SQL Injection in LibreNMS High
CVE-2019-12465 was published for librenms/librenms (Composer) Oct 11, 2019
SQL Injection in connect-pg-simple High
CVE-2019-15658 was published for connect-pg-simple (npm) Aug 26, 2019
SQL Injection in typeorm High
GHSA-w7q7-vjp8-7jv4 was published for typeorm (npm) Jun 6, 2019
NoSQL Injection in sequelize High
GHSA-wfp9-vr4j-f49j was published for sequelize (npm) Jun 4, 2019
tdunlap607
NoSQL Injection in loopback-connector-mongodb High
GHSA-m734-r4g6-34f9 was published for loopback-connector-mongodb (npm) Jun 4, 2019
SQLAlchemy is vulnerable to SQL Injection via group_by parameter High
CVE-2019-7548 was published for SQLAlchemy (pip) Apr 16, 2019
SQL Injection in sequelize High
CVE-2016-10550 was published for sequelize (npm) Feb 18, 2019
Potential SQL Injection in sequelize High
CVE-2016-10553 was published for sequelize (npm) Feb 18, 2019
SQL Injection in waterline-sequel High
CVE-2016-10551 was published for waterline-sequel (npm) Feb 18, 2019
SQL Injection in sequelize High
CVE-2016-10556 was published for sequelize (npm) Feb 18, 2019
tdunlap607
SQL injection vulnerability in the policy admin tool in Apache Ranger High
CVE-2016-2174 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
SQL Injection in query-mysql High
CVE-2018-3754 was published for query-mysql (npm) Sep 10, 2018
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
ProTip! Advisories are also available from the GraphQL API