Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

11,523 advisories

Loading
SQL Injection in Kylin Critical
CVE-2020-13926 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
SQL Injection in Kylin Moderate
CVE-2020-1937 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
SQL Injection via GeoJSON in sequelize Critical
CVE-2016-1000225 was published for sequelize (npm) Sep 1, 2020
tdunlap607
NoSQL injection in express-cart High
GHSA-f5cv-xrv9-r8w7 was published for express-cart (npm) Sep 1, 2020
NoSQL Injection in loopback-connector-mongodb High
GHSA-hxwc-5vw9-2w4w was published for loopback-connector-mongodb (npm) Sep 2, 2020
SQL Injection in sails-mysql High
GHSA-hx5x-49mm-vmhw was published for sails-mysql (npm) Sep 3, 2020
SQL Injection in resquel High
GHSA-crpm-fm48-chj7 was published for resquel (npm) Sep 11, 2020
SQL Injection in untitled-model High
GHSA-hq8g-qq57-5275 was published for untitled-model (npm) Sep 11, 2020
Query Binding Exploitation High
CVE-2021-21263 was published for illuminate/database (Composer) Jan 19, 2021
Blind SQL injection in PrestaShop productcomments module Low
CVE-2020-26248 was published for prestashop/productcomments (Composer) Jan 20, 2021
0xfadam
Madge vulnerable to command injection High
CVE-2021-23352 was published for madge (npm) Mar 12, 2021
Rating Script Service expose XWiki to SQL injection High
CVE-2021-21380 was published for org.xwiki.platform:xwiki-platform-ratings-api (Maven) Mar 23, 2021
SQL injection in vhs (aka VHS: Fluid ViewHelpers) Critical
CVE-2021-28381 was published for fluidtypo3/vhs (Composer) Mar 29, 2021
SQL Injection in moodle Moderate
CVE-2020-25700 was published for moodle/moodle (Composer) Mar 29, 2021
SQL Injection via in django-debug-toolbar High
CVE-2021-30459 was published for django-debug-toolbar (pip) Apr 16, 2021
alex
Backport for CVE-2021-21024 Blind SQLi from Magento 2 Critical
CVE-2021-21427 was published for openmage/magento-lts (Composer) Apr 22, 2021
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database High
GHSA-4mg9-vhxq-vm7j was published for illuminate/database (Composer) Apr 29, 2021
SQL Injection in librenms High
CVE-2020-35700 was published for librenms/librenms (Composer) May 6, 2021
SQL Injection in pimcore High
CVE-2020-7759 was published for pimcore/pimcore (Composer) May 6, 2021
SQL Injection in odata4j Critical
CVE-2016-11024 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
SQL Injection in odata4j Critical
CVE-2016-11023 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
SQL Injection in Apache SkyWalking Critical
CVE-2020-13921 was published for org.apache.skywalking:oap-server (Maven) May 7, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19029 was published for github.com/goharbor/harbor (Go) May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19026 was published for github.com/goharbor/harbor (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API