Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
SQLAlchemy is vulnerable to SQL Injection via group_by parameter High
CVE-2019-7548 was published for SQLAlchemy (pip) Apr 16, 2019
TYPO3 SQL injection vulnerability in the Extbase Framework High
CVE-2013-1842 was published for typo3/cms-core (Composer) May 17, 2022
Shopware SQL Injection High
CVE-2018-20713 was published for shopware/shopware (Composer) May 14, 2022
LibreNMS SQL Injection High
CVE-2018-20678 was published for librenms/librenms (Composer) May 14, 2022
Plone SQL Injection Vulnerability High
CVE-2020-7939 was published for Plone (pip) May 24, 2022
Mingsoft MCMS SQL injection vulnerability High
CVE-2021-46385 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability High
CVE-2021-46383 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
SQL Injection in Zenario 7.1-7.6 High
CVE-2018-5960 was published for tribalsystems/zenario (Composer) May 13, 2022
NotrinosERP vulnerable to SQL Injection High
CVE-2023-24788 was published for notrinos/notrinos-erp (Composer) Mar 23, 2023
SQL injection in blazer High
CVE-2022-29498 was published for blazer (RubyGems) Apr 22, 2022
tdunlap607
Arches vulnerable to execution of arbitrary SQL High
CVE-2022-41892 was published for arches (pip) Nov 11, 2022
sylwia-budzynska tdunlap607
NoSQL Injection in sequelize High
GHSA-wfp9-vr4j-f49j was published for sequelize (npm) Jun 4, 2019
tdunlap607
SQL injection in ImpressCMS High
CVE-2022-26986 was published for impresscms/impresscms (Composer) Apr 6, 2022
Teampass SQL Injection vulnerability High
CVE-2023-1545 was published for nilsteampassnet/teampass (Composer) Mar 21, 2023
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model High
CVE-2023-28108 was published for pimcore/pimcore (Composer) Mar 17, 2023
SQL Injection in Active Record High
CVE-2014-3482 was published for activerecord (RubyGems) Oct 24, 2017
jeecg-boot contains SQL Injection vulnerability High
CVE-2023-24789 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 6, 2023
rttys SQL Injection vulnerability High
CVE-2022-38867 was published for github.com/zhaojh329/rttys (Go) Feb 16, 2023
Katello SQL Injection vulnerabilities High
CVE-2016-3072 was published for katello (RubyGems) May 14, 2022
SQL Injection in Casdoor High
CVE-2022-24124 was published for github.com/casdoor/casdoor (Go) Feb 1, 2022
pimcore is vulnerable to SQL Injection High
CVE-2022-0258 was published for pimcore/pimcore (Composer) Jan 21, 2022
Apache OpenMeetings vulnerable to SQL injection High
CVE-2017-7681 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Strapi mishandles hidden attributes within admin API responses High
CVE-2022-31367 was published for @strapi/strapi (npm) Sep 28, 2022
SQL injection in prestashop/prestashop High
CVE-2021-43789 was published for prestashop/prestashop (Composer) Dec 7, 2021
PierreRambaud
SQL injection in jackalope/jackalope-doctrine-dbal High
CVE-2021-43822 was published for jackalope/jackalope-doctrine-dbal (Composer) Dec 14, 2021
alexander-schranz
ProTip! Advisories are also available from the GraphQL API