Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

202 advisories

Loading
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function Critical
CVE-2019-1010259 was published for salt (pip) May 24, 2022
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
SQL Injection in hive-jdbc Critical
CVE-2018-1282 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
SQL injection in typeORM Critical
CVE-2022-33171 was published for typeorm (npm) Jul 5, 2022
Withdrawn: SQL injection in Yii 2 Critical
CVE-2023-26750 was published for yiisoft/yii2 (Composer) Apr 4, 2023 withdrawn
ccchapman iBotPeaches
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection Critical
CVE-2024-27298 was published for parse-server (npm) Mar 1, 2024
mtrezza EhsanParsania
postgraas-server vulnerable to SQL injection Critical
CVE-2018-25088 was published for postgraas-server (pip) Jul 18, 2023
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation Critical
CVE-2024-1597 was published for org.postgresql:postgresql (Maven) Feb 21, 2024
paul-gerste-sonarsource
SQLAlchemyDA unauthenticated arbitrary SQL query execution Critical
CVE-2024-24811 was published for Products.SQLAlchemyDA (pip) Feb 7, 2024
perrinjerome dataflake
Magento 2 Community Edition SQLi Vulnerability Critical
CVE-2019-7139 was published for magento/community-edition (Composer) May 24, 2022
Zend Framework Allows SQL Injection Critical
CVE-2015-0270 was published for zendframework/zend-db (Composer) May 24, 2022
Zend Framework Allows SQL Injection Critical
CVE-2016-6233 was published for zendframework/zendframework (Composer) May 14, 2022
Silverstripe Framework SQLi Vulnerability Critical
CVE-2019-5715 was published for silverstripe/framework (Composer) May 14, 2022
DBAL 3 SQL Injection Security Vulnerability Critical
CVE-2021-43608 was published for doctrine/dbal (Composer) Nov 16, 2021
SQL injection in llama-index Critical
CVE-2024-23751 was published for llama-index (pip) Jan 22, 2024
Blind SQL injection in shopware Critical
CVE-2024-22406 was published for shopware/core (Composer) Jan 17, 2024
Typo3 SQL injection due to faulty prepared statements Critical
CVE-2011-3583 was published for typo3/cms (Composer) Apr 22, 2022
Magento Blind SQL Injection in the Search module Critical
CVE-2021-21024 was published for magento/community-edition (Composer) May 24, 2022
Jeecg Boot SQL Injection Critical
CVE-2023-41543 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Jeecg Boot SQL injection vulnerability Critical
CVE-2023-41542 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
RuoYi vulnerable to SQL injection vulnerability Critical
CVE-2023-49371 was published for com.ruoyi:ruoyi (Maven) Dec 1, 2023
Apache Cocoon SQL Injection vulnerability Critical
CVE-2022-45135 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
ProTip! Advisories are also available from the GraphQL API