GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
202 advisories
Filter by severity
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
Critical
CVE-2019-1010259
was published
for
salt
(pip)
May 24, 2022
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
SQL Injection in hive-jdbc
Critical
CVE-2018-1282
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Withdrawn: SQL injection in Yii 2
Critical
CVE-2023-26750
was published
for
yiisoft/yii2
(Composer)
Apr 4, 2023
•
withdrawn
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Critical
CVE-2024-27298
was published
for
parse-server
(npm)
Mar 1, 2024
postgraas-server vulnerable to SQL injection
Critical
CVE-2018-25088
was published
for
postgraas-server
(pip)
Jul 18, 2023
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Critical
CVE-2024-1597
was published
for
org.postgresql:postgresql
(Maven)
Feb 21, 2024
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Critical
CVE-2024-24811
was published
for
Products.SQLAlchemyDA
(pip)
Feb 7, 2024
Magento 2 Community Edition SQLi Vulnerability
Critical
CVE-2019-7139
was published
for
magento/community-edition
(Composer)
May 24, 2022
Zend Framework Allows SQL Injection
Critical
CVE-2015-0270
was published
for
zendframework/zend-db
(Composer)
May 24, 2022
Zend Framework Allows SQL Injection
Critical
CVE-2016-6233
was published
for
zendframework/zendframework
(Composer)
May 14, 2022
Silverstripe Framework SQLi Vulnerability
Critical
CVE-2019-5715
was published
for
silverstripe/framework
(Composer)
May 14, 2022
DBAL 3 SQL Injection Security Vulnerability
Critical
CVE-2021-43608
was published
for
doctrine/dbal
(Composer)
Nov 16, 2021
SQL injection in llama-index
Critical
CVE-2024-23751
was published
for
llama-index
(pip)
Jan 22, 2024
Blind SQL injection in shopware
Critical
CVE-2024-22406
was published
for
shopware/core
(Composer)
Jan 17, 2024
Typo3 SQL injection due to faulty prepared statements
Critical
CVE-2011-3583
was published
for
typo3/cms
(Composer)
Apr 22, 2022
Magento Blind SQL Injection in the Search module
Critical
CVE-2021-21024
was published
for
magento/community-edition
(Composer)
May 24, 2022
Jeecg Boot SQL Injection
Critical
CVE-2023-41543
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
Jeecg Boot SQL injection vulnerability
Critical
CVE-2023-41542
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
RuoYi vulnerable to SQL injection vulnerability
Critical
CVE-2023-49371
was published
for
com.ruoyi:ruoyi
(Maven)
Dec 1, 2023
Apache Cocoon SQL Injection vulnerability
Critical
CVE-2022-45135
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
ProTip!
Advisories are also available from the
GraphQL API