GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
202 advisories
Filter by severity
OHDSI WebAPI vulnerable to SQL Injection
Critical
CVE-2019-15563
was published
for
org.ohdsi:WebAPI
(Maven)
May 24, 2022
SQL Injection via GeoJSON in sequelize
Critical
CVE-2016-1000225
was published
for
sequelize
(npm)
Sep 1, 2020
SQL Injection in tribalsystems/zenario
Critical
CVE-2021-26830
was published
for
tribalsystems/zenario
(Composer)
Mar 18, 2022
baserCMS SQL Injection vulnerability
Critical
CVE-2017-10842
was published
for
baserproject/basercms
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18530
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18546
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18529
was published
for
topthink/framework
(Composer)
May 14, 2022
Dolibarr ERP and CRM SQLi
Critical
CVE-2017-9435
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Critical
CVE-2022-29822
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Critical
CVE-2022-34265
was published
for
django
(pip)
Jul 5, 2022
mysql-bunuuid-rails vulnerable to SQL injection
Critical
CVE-2018-18476
was published
for
mysql-binuuid-rails
(RubyGems)
Oct 30, 2018
SQL Injection in marginalia
Critical
CVE-2019-1010191
was published
for
marginalia
(RubyGems)
Jul 26, 2019
SQL injection in apache-superset
Critical
CVE-2022-27479
was published
for
apache-superset
(pip)
Apr 14, 2022
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Critical
CVE-2019-7164
was published
for
SQLAlchemy
(pip)
Apr 16, 2019
ADOdb Library SQL Injection
Critical
CVE-2016-7405
was published
for
adodb/adodb-php
(Composer)
May 17, 2022
SQL injection in moodle
Critical
CVE-2022-30599
was published
for
moodle/moodle
(Composer)
May 19, 2022
Centreon allows SNMP trap SQL Injection
Critical
CVE-2018-19281
was published
for
centreon/centreon
(Composer)
May 14, 2022
SQL Injection in Couchbase Sync Gateway
Critical
CVE-2019-9039
was published
for
github.com/couchbase/sync_gateway
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API