GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,225
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
6,043 advisories
Filter by severity
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated...
High
Unreviewed
CVE-2021-21919
was published
Dec 23, 2021
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated...
High
Unreviewed
CVE-2021-21921
was published
Dec 23, 2021
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R...
High
Unreviewed
CVE-2021-21917
was published
Dec 23, 2021
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R...
High
Unreviewed
CVE-2021-21915
was published
Dec 23, 2021
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple...
High
Unreviewed
CVE-2021-43630
was published
Dec 23, 2021
The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be...
High
Unreviewed
CVE-2021-44600
was published
Dec 24, 2021
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to...
High
Unreviewed
CVE-2021-44599
was published
Dec 24, 2021
The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby...
High
Unreviewed
CVE-2021-24753
was published
Dec 28, 2021
Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient...
High
Unreviewed
CVE-2021-44161
was published
Dec 30, 2021
Telephony application has a SQL Injection vulnerability.Successful exploitation of this...
High
Unreviewed
CVE-2021-39978
was published
Jan 4, 2022
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text...
High
Unreviewed
CVE-2021-25030
was published
Jan 4, 2022
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not...
High
Unreviewed
CVE-2021-25023
was published
Jan 4, 2022
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the ...
High
Unreviewed
CVE-2021-24786
was published
Jan 4, 2022
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build...
High
Unreviewed
CVE-2020-28679
was published
Jan 11, 2022
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and...
High
Unreviewed
CVE-2021-25054
was published
Jan 11, 2022
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its...
High
Unreviewed
CVE-2021-24862
was published
Jan 11, 2022
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a...
High
Unreviewed
CVE-2021-43971
was published
Jan 12, 2022
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql'...
High
Unreviewed
CVE-2021-45406
was published
Jan 15, 2022
SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.
High
Unreviewed
CVE-2021-38694
was published
Jan 19, 2022
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet"...
High
Unreviewed
CVE-2022-23046
was published
Jan 20, 2022
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution...
High
Unreviewed
CVE-2021-44593
was published
Jan 22, 2022
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100,...
High
Unreviewed
CVE-2021-4088
was published
Jan 25, 2022
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id...
High
Unreviewed
CVE-2021-25045
was published
Jan 25, 2022
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order...
High
Unreviewed
CVE-2021-24865
was published
Jan 25, 2022
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the...
High
Unreviewed
CVE-2021-24858
was published
Jan 25, 2022
ProTip!
Advisories are also available from the
GraphQL API