GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
202 advisories
Filter by severity
Moodle SQL Injection vulnerability
Critical
CVE-2021-36393
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Moodle SQL Injection vulnerability
Critical
CVE-2021-36392
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Sequelize vulnerable to SQL Injection via replacements
Critical
CVE-2023-25813
was published
for
sequelize
(npm)
Feb 22, 2023
GeoTools OGC Filter SQL Injection Vulnerabilities
Critical
CVE-2023-25158
was published
for
org.geotools:gt-jdbc
(Maven)
Feb 22, 2023
GeoServer OGC Filter SQL Injection Vulnerabilities
Critical
CVE-2023-25157
was published
for
org.geoserver.community:gs-jdbcconfig
(Maven)
Feb 22, 2023
SQL injection in webbuilders-group silverstripe-kapost-bridge
Critical
CVE-2015-10077
was published
for
webbuilders-group/silverstripe-kapost-bridge
(Composer)
Feb 10, 2023
Dromara hutool vulnerable to SQL Injection
Critical
CVE-2023-24163
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
phpmyadmin contains SQL Injection vulnerability
Critical
CVE-2020-22452
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 26, 2023
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Critical
CVE-2023-22727
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Jeecg-boot is vulnerable to SQL injection
Critical
CVE-2022-47105
was published
for
org.jeecgframework.boot:jeecg-boot-base-core
(Maven)
Jan 19, 2023
SQL Injection in liftkit/database
Critical
CVE-2016-15020
was published
for
liftkit/database
(Composer)
Jan 16, 2023
curupira is vulnerable to SQL injection
Critical
CVE-2015-10053
was published
for
curupira
(RubyGems)
Jan 16, 2023
WebPA SQL Injection vulnerability
Critical
CVE-2021-4308
was published
for
webpa/webpa
(Composer)
Jan 8, 2023
PaginationServiceProvider SQL Injection vulnerability
Critical
CVE-2014-125029
was published
for
ttskch/pagination-service-provider
(Composer)
Jan 8, 2023
Squalor SQL Injection vulnerability
Critical
CVE-2020-36645
was published
for
github.com/square/squalor
(Go)
Jan 7, 2023
gosqljson SQL Injection vulnerability
Critical
CVE-2014-125064
was published
for
github.com/elgs/gosqljson
(Go)
Jan 7, 2023
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Critical
CVE-2014-125051
was published
for
himiklab/yii2-jqgrid-widget
(Composer)
Jan 6, 2023
DBRisinajumi d2files SQL Injection vulnerability
Critical
CVE-2015-10018
was published
for
dbrisinajumi/d2files
(Composer)
Jan 6, 2023
nodebatis SQL Injection vulnerability
Critical
CVE-2018-25066
was published
for
nodebatis
(npm)
Jan 6, 2023
laravel-jqgrid vulnerable to SQL Injection
Critical
CVE-2021-4262
was published
for
mgallegos/laravel-jqgrid
(Composer)
Dec 19, 2022
Mingsoft MCMS vulnerable to SQL Injection
Critical
CVE-2022-4375
was published
for
net.mingsoft:ms-mcms
(Maven)
Dec 9, 2022
owncast is vulnerable to SQL Injection
Critical
CVE-2022-3751
was published
for
github.com/owncast/owncast
(Go)
Nov 29, 2022
Jeecg-boot vulnerable to SQL Injection
Critical
CVE-2022-45206
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 25, 2022
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
Critical
CVE-2022-45207
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 25, 2022
SQL injection in Dolibarr
Critical
CVE-2022-4093
was published
for
dolibarr/dolibarr
(Composer)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API