Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
Daylight Studio FUEL-CMS SQLi Vulnerability High
CVE-2020-24950 was published for codeigniter/framework (Composer) Aug 11, 2023
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
ipandlanguageredirect extension vulnerable to SQL Injection High
CVE-2023-35782 was published for in2code/ipandlanguageredirect (Composer) Jun 16, 2023
SpringBlade vulnerable to SQL injection High
CVE-2023-40787 was published for org.springblade:blade-core-tool (Maven) Aug 29, 2023
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query High
CVE-2023-2756 was published for pimcore/customer-management-framework-bundle (Composer) May 17, 2023
JoMC98
SQL injection in Liferay Portal High
CVE-2023-33945 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
FUXA SQL Injection vulnerability High
CVE-2023-31717 was published for fuxa-server (npm) Sep 22, 2023
SQL Injection in Apache InLong High
CVE-2023-43667 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
SQL injection in librenms/librenms High
CVE-2023-5591 was published for librenms/librenms (Composer) Oct 16, 2023
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
DataEase vulnerable to SQL injection High
CVE-2023-40771 was published for io.dataease:dataease-plugin-common (Maven) Sep 1, 2023
Pimcore SQL Injection vulnerability High
CVE-2023-3673 was published for pimcore/pimcore (Composer) Jul 14, 2023
Pimcore vulnerable to SQL Injection in Dataobjects sorting High
CVE-2023-3820 was published for pimcore/pimcore (Composer) Jul 21, 2023
hiu240900
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names High
CVE-2022-31197 was published for org.postgresql:postgresql (Maven) Aug 6, 2022
kato-sho JBrown0x90
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani pmartinat
tdunlap607
Dolibarr ERP and CRM SQLi High
CVE-2019-19209 was published for dolibarr/dolibarr (Composer) May 24, 2022
url_redirect for Typo3 SQLi Vulnerability High
CVE-2019-16682 was published for sfroemken/url_redirect (Composer) May 24, 2022
Pivotal Concourse SQL Injection Vulnerability High
CVE-2019-3792 was published for github.com/concourse/concourse (Go) Feb 15, 2022
Centreon SQL Injection High
CVE-2018-19312 was published for centreon/centreon (Composer) May 14, 2022
Centreon SQL Injection High
CVE-2018-19271 was published for centreon/centreon (Composer) May 14, 2022
SQL Injection in sequelize High
CVE-2016-10556 was published for sequelize (npm) Feb 18, 2019
tdunlap607
Apache Superset SQL Injection when template processing is enabled High
CVE-2021-41971 was published for apache-superset (pip) May 24, 2022
Madge vulnerable to command injection High
CVE-2021-23352 was published for madge (npm) Mar 12, 2021
Django Vulnerable to MySQL Injection High
CVE-2014-0474 was published for django (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API