GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
SQL Injection in medoo
Critical
CVE-2019-10762
was published
for
catfan/medoo
(Composer)
Oct 12, 2021
SQL Injection in Subrion CMS
Critical
CVE-2020-18155
was published
for
intelliants/subrion
(Composer)
Sep 8, 2021
Symfony Service IDs Allow Injection
Critical
CVE-2019-10910
was published
for
symfony/dependency-injection
(Composer)
Nov 18, 2019
Bacula-web SQL Injection Vulnerabilities
Critical
CVE-2017-15367
was published
for
bacula-web/bacula-web
(Composer)
May 14, 2022
PaginationServiceProvider SQL Injection vulnerability
Critical
CVE-2014-125029
was published
for
ttskch/pagination-service-provider
(Composer)
Jan 8, 2023
DBRisinajumi d2files SQL Injection vulnerability
Critical
CVE-2015-10018
was published
for
dbrisinajumi/d2files
(Composer)
Jan 6, 2023
curupira is vulnerable to SQL injection
Critical
CVE-2015-10053
was published
for
curupira
(RubyGems)
Jan 16, 2023
SQL injection in webbuilders-group silverstripe-kapost-bridge
Critical
CVE-2015-10077
was published
for
webbuilders-group/silverstripe-kapost-bridge
(Composer)
Feb 10, 2023
SQL Injection in liftkit/database
Critical
CVE-2016-15020
was published
for
liftkit/database
(Composer)
Jan 16, 2023
nodebatis SQL Injection vulnerability
Critical
CVE-2018-25066
was published
for
nodebatis
(npm)
Jan 6, 2023
WebPA SQL Injection vulnerability
Critical
CVE-2021-4308
was published
for
webpa/webpa
(Composer)
Jan 8, 2023
New Relic .NET Agent contains SQL Injection
Critical
CVE-2017-9246
was published
for
NewRelic.Agent
(NuGet)
May 17, 2022
SQL Injection in Log4j 1.2.x
Critical
CVE-2022-23305
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
Zend Framework Allows SQL Injection
Critical
CVE-2016-4861
was published
for
zendframework/zendframework
(Composer)
May 14, 2022
Jeecg boot SQL Injection vulnerability
Critical
CVE-2023-42268
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Sep 8, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
SQL injection in jeecg-boot
Critical
CVE-2023-38992
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Jul 28, 2023
FUXA SQL Injection vulnerability
Critical
CVE-2023-31719
was published
for
fuxa-server
(npm)
Sep 22, 2023
SQL Injection in Apache SkyWalking
Critical
CVE-2020-13921
was published
for
org.apache.skywalking:oap-server
(Maven)
May 7, 2021
jeecg-boot SQL injection vulnerability
Critical
CVE-2023-34659
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 16, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Critical
CVE-2023-30839
was published
for
prestashop/prestashop
(Composer)
Apr 25, 2023
OpenRefine Remote Code execution in project import with mysql jdbc url attack
Critical
CVE-2023-41887
was published
for
org.openrefine:database
(Maven)
Sep 12, 2023
PrestaShop SQL manager vulnerability
Critical
CVE-2023-39526
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
SQL injection in jeecgboot
Critical
CVE-2023-40989
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Sep 22, 2023
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
ProTip!
Advisories are also available from the
GraphQL API