GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
204 advisories
Filter by severity
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
Critical
CVE-2022-45207
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 25, 2022
SQL injection in Dolibarr
Critical
CVE-2022-4093
was published
for
dolibarr/dolibarr
(Composer)
Nov 21, 2022
Centreon vulnerable to SQL Injection
Critical
CVE-2022-3827
was published
for
centreon/centreon
(Composer)
Nov 2, 2022
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Critical
CVE-2022-29822
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
feathers-sequelize contains improper input validation leading to SQL injection
Critical
CVE-2022-2422
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
Moodle Minor SQL injection risk in admin user browsing
Critical
CVE-2022-40315
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
SQL injection in jflyfox jfinal
Critical
CVE-2022-37199
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Aug 24, 2022
SQL injection in jflyfox jfinal
Critical
CVE-2022-37223
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Aug 24, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter
Critical
CVE-2022-36272
was published
for
net.mingsoft:ms-mcms
(Maven)
Aug 17, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List
Critical
CVE-2022-36599
was published
for
net.mingsoft:ms-mcms
(Maven)
Aug 17, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Critical
CVE-2022-35942
was published
for
loopback-connector-postgresql
(npm)
Aug 11, 2022
PrestaShop eval injection possible if shop vulnerable to SQL injection
Critical
CVE-2022-31181
was published
for
prestashop/prestashop
(Composer)
Jul 29, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4
Critical
CVE-2022-36408
was published
for
prestashop/prestashop
(Composer)
Jul 23, 2022
•
withdrawn
Dataease v1.11.1 SQL Injection via parameter dataSourceId
Critical
CVE-2022-34115
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jul 23, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
Critical
CVE-2022-35628
was published
for
in2code/lux
(Composer)
Jul 15, 2022
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Critical
CVE-2022-34265
was published
for
django
(pip)
Jul 5, 2022
SQL Injection in RosarioSIS
Critical
CVE-2022-2067
was published
for
francoisjacquet/rosariosis
(Composer)
Jun 14, 2022
Magento 2 Community Edition SQLi Vulnerability
Critical
CVE-2019-7139
was published
for
magento/community-edition
(Composer)
May 24, 2022
Froxlor SQL injection vulnerability
Critical
CVE-2021-42325
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
NukeViet SQL Injection vulnerability via topicsid parameter
Critical
CVE-2020-21808
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
NukeViet SQL Injection vulnerability
Critical
CVE-2020-21809
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
qcubed SQL injection vulnerability in profile.php via the strQuery parameter
Critical
CVE-2020-24913
was published
for
qcubed/qcubed
(Composer)
May 24, 2022
Magento Blind SQL Injection in the Search module
Critical
CVE-2021-21024
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API