GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
174 advisories
Filter by severity
SQLAlchemy is vulnerable to SQL Injection via group_by parameter
High
CVE-2019-7548
was published
for
SQLAlchemy
(pip)
Apr 16, 2019
TYPO3 SQL injection vulnerability in the Extbase Framework
High
CVE-2013-1842
was published
for
typo3/cms-core
(Composer)
May 17, 2022
Shopware SQL Injection
High
CVE-2018-20713
was published
for
shopware/shopware
(Composer)
May 14, 2022
LibreNMS SQL Injection
High
CVE-2018-20678
was published
for
librenms/librenms
(Composer)
May 14, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46385
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46383
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
SQL Injection in Zenario 7.1-7.6
High
CVE-2018-5960
was published
for
tribalsystems/zenario
(Composer)
May 13, 2022
NotrinosERP vulnerable to SQL Injection
High
CVE-2023-24788
was published
for
notrinos/notrinos-erp
(Composer)
Mar 23, 2023
Arches vulnerable to execution of arbitrary SQL
High
CVE-2022-41892
was published
for
arches
(pip)
Nov 11, 2022
SQL injection in ImpressCMS
High
CVE-2022-26986
was published
for
impresscms/impresscms
(Composer)
Apr 6, 2022
Teampass SQL Injection vulnerability
High
CVE-2023-1545
was published
for
nilsteampassnet/teampass
(Composer)
Mar 21, 2023
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model
High
CVE-2023-28108
was published
for
pimcore/pimcore
(Composer)
Mar 17, 2023
SQL Injection in Active Record
High
CVE-2014-3482
was published
for
activerecord
(RubyGems)
Oct 24, 2017
jeecg-boot contains SQL Injection vulnerability
High
CVE-2023-24789
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 6, 2023
rttys SQL Injection vulnerability
High
CVE-2022-38867
was published
for
github.com/zhaojh329/rttys
(Go)
Feb 16, 2023
Katello SQL Injection vulnerabilities
High
CVE-2016-3072
was published
for
katello
(RubyGems)
May 14, 2022
SQL Injection in Casdoor
High
CVE-2022-24124
was published
for
github.com/casdoor/casdoor
(Go)
Feb 1, 2022
pimcore is vulnerable to SQL Injection
High
CVE-2022-0258
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
Apache OpenMeetings vulnerable to SQL injection
High
CVE-2017-7681
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Strapi mishandles hidden attributes within admin API responses
High
CVE-2022-31367
was published
for
@strapi/strapi
(npm)
Sep 28, 2022
SQL injection in prestashop/prestashop
High
CVE-2021-43789
was published
for
prestashop/prestashop
(Composer)
Dec 7, 2021
SQL injection in jackalope/jackalope-doctrine-dbal
High
CVE-2021-43822
was published
for
jackalope/jackalope-doctrine-dbal
(Composer)
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API