GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
443 advisories
Filter by severity
Moodle SQL Injection vulnerability
High
CVE-2023-30944
was published
for
moodle/moodle
(Composer)
May 2, 2023
SQL Injection in AssetController
High
CVE-2023-2338
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
SQL Injection in Admin Translations API
High
CVE-2023-30850
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
SQL Injection in Translation Export API
High
CVE-2023-30849
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
SQL Injection in Admin Search Find API
High
CVE-2023-30848
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
Arbitrary file read via SQL injection
High
CVE-2023-30545
was published
for
prestashop/prestashop
(Composer)
Apr 26, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Critical
CVE-2023-30839
was published
for
prestashop/prestashop
(Composer)
Apr 25, 2023
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Critical
CVE-2023-25330
was published
for
com.baomidou:mybatis-plus
(Maven)
Apr 5, 2023
Ming-Soft MCMS vulnerable to SQL injection
Critical
CVE-2020-20913
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 4, 2023
Withdrawn: SQL injection in Yii 2
Critical
CVE-2023-26750
was published
for
yiisoft/yii2
(Composer)
Apr 4, 2023
•
withdrawn
jeecg-boot vulnerable to SQL injection
Critical
CVE-2023-1741
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 31, 2023
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
Moderate
CVE-2023-0620
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
NotrinosERP vulnerable to SQL Injection
High
CVE-2023-24788
was published
for
notrinos/notrinos-erp
(Composer)
Mar 23, 2023
Moodle SQL Injection vulnerability
High
CVE-2023-28329
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Pimcore vulnerable to improper quoting of filters in Custom Reports
Moderate
CVE-2023-28438
was published
for
pimcore/pimcore
(Composer)
Mar 22, 2023
Pimcore Remote Code Execution vulnerability in Search function
Moderate
CVE-2023-1578
was published
for
pimcore/pimcore
(Composer)
Mar 22, 2023
Teampass SQL Injection vulnerability
High
CVE-2023-1545
was published
for
nilsteampassnet/teampass
(Composer)
Mar 21, 2023
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model
High
CVE-2023-28108
was published
for
pimcore/pimcore
(Composer)
Mar 17, 2023
jeecg-boot SQL Injection vulnerability
Critical
CVE-2023-1454
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Mar 17, 2023
Funadmin vulnerable to SQL injection
Critical
CVE-2023-24774
was published
for
funadmin/funadmin
(Composer)
Mar 10, 2023
SQL Injection in Funadmin
Critical
CVE-2023-24777
was published
for
funadmin/funadmin
(Composer)
Mar 9, 2023
SQL Injection in Funadmin
Critical
CVE-2023-24782
was published
for
funadmin/funadmin
(Composer)
Mar 8, 2023
SQL Injection in Funadmin
Critical
CVE-2023-24773
was published
for
funadmin/funadmin
(Composer)
Mar 8, 2023
SQL Injection in Funadmin
Critical
CVE-2023-24780
was published
for
funadmin/funadmin
(Composer)
Mar 8, 2023
SQL Injection in Funadmin
Critical
CVE-2023-24775
was published
for
funadmin/funadmin
(Composer)
Mar 7, 2023
ProTip!
Advisories are also available from the
GraphQL API