Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString Critical
CVE-2022-45207 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 25, 2022
SQL injection in Dolibarr Critical
CVE-2022-4093 was published for dolibarr/dolibarr (Composer) Nov 21, 2022
Centreon vulnerable to SQL Injection Critical
CVE-2022-3827 was published for centreon/centreon (Composer) Nov 2, 2022
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering Critical
CVE-2022-29822 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
feathers-sequelize contains improper input validation leading to SQL injection Critical
CVE-2022-2422 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
Moodle Minor SQL injection risk in admin user browsing Critical
CVE-2022-40315 was published for moodle/moodle (Composer) Oct 1, 2022
SQL injection in jflyfox jfinal Critical
CVE-2022-37199 was published for com.jflyfox:jflyfox_jfinal (Maven) Aug 24, 2022
SQL injection in jflyfox jfinal Critical
CVE-2022-37223 was published for com.jflyfox:jflyfox_jfinal (Maven) Aug 24, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter Critical
CVE-2022-36272 was published for net.mingsoft:ms-mcms (Maven) Aug 17, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List Critical
CVE-2022-36599 was published for net.mingsoft:ms-mcms (Maven) Aug 17, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
Dataease v1.11.1 SQL Injection via parameter dataSourceId Critical
CVE-2022-34115 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
SQL injection in typeORM Critical
CVE-2022-33171 was published for typeorm (npm) Jul 5, 2022
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection Critical
CVE-2022-34265 was published for django (pip) Jul 5, 2022
SQL Injection in RosarioSIS Critical
CVE-2022-2067 was published for francoisjacquet/rosariosis (Composer) Jun 14, 2022
Magento 2 Community Edition SQLi Vulnerability Critical
CVE-2019-7139 was published for magento/community-edition (Composer) May 24, 2022
Froxlor SQL injection vulnerability Critical
CVE-2021-42325 was published for froxlor/froxlor (Composer) May 24, 2022
NukeViet SQL Injection vulnerability via topicsid parameter Critical
CVE-2020-21808 was published for nukeviet/nukeviet (Composer) May 24, 2022
NukeViet SQL Injection vulnerability Critical
CVE-2020-21809 was published for nukeviet/nukeviet (Composer) May 24, 2022
qcubed SQL injection vulnerability in profile.php via the strQuery parameter Critical
CVE-2020-24913 was published for qcubed/qcubed (Composer) May 24, 2022
Magento Blind SQL Injection in the Search module Critical
CVE-2021-21024 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API