Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

11,523 advisories

Loading
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the... High Unreviewed
CVE-2021-24748 was published Nov 30, 2021
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before... High Unreviewed
CVE-2021-24755 was published Nov 30, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A... High Unreviewed
CVE-2021-36328 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41679 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41678 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41677 was published Dec 1, 2021
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the... Critical Unreviewed
CVE-2021-43451 was published Dec 2, 2021
attendance management system 1.0 is affected by a SQL injection vulnerability in admin... Critical Unreviewed
CVE-2021-44280 was published Dec 2, 2021
SQL Injection in rosariosis Critical
CVE-2021-44427 was published for francoisjacquet/rosariosis (Composer) Dec 2, 2021
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the... Moderate Unreviewed
CVE-2021-44050 was published Dec 3, 2021
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api... Critical Unreviewed
CVE-2021-43679 was published Dec 3, 2021
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before... High Unreviewed
CVE-2020-35012 was published Dec 3, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller... Critical Unreviewed
CVE-2021-44348 was published Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage... Critical Unreviewed
CVE-2021-44349 was published Dec 4, 2021
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main... Critical Unreviewed
CVE-2021-35414 was published Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController... Critical Unreviewed
CVE-2021-44347 was published Dec 4, 2021
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function... High Unreviewed
CVE-2021-25783 was published Dec 4, 2021
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function... High Unreviewed
CVE-2021-25784 was published Dec 4, 2021
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token... High Unreviewed
CVE-2021-40313 was published Dec 7, 2021
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter... Critical Unreviewed
CVE-2021-31632 was published Dec 7, 2021
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and... Critical Unreviewed
CVE-2021-24943 was published Dec 7, 2021
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the... Critical Unreviewed
CVE-2021-24866 was published Dec 7, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated... Critical Unreviewed
CVE-2021-43035 was published Dec 7, 2021
SQL injection in prestashop/prestashop High
CVE-2021-43789 was published for prestashop/prestashop (Composer) Dec 7, 2021
PierreRambaud
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment... High Unreviewed
CVE-2021-40578 was published Dec 8, 2021
ProTip! Advisories are also available from the GraphQL API