Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+

208 advisories

Loading
SQL Injection in medoo Critical
CVE-2019-10762 was published for catfan/medoo (Composer) Oct 12, 2021
SQL Injection in Subrion CMS Critical
CVE-2020-18155 was published for intelliants/subrion (Composer) Sep 8, 2021
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
Bacula-web SQL Injection Vulnerabilities Critical
CVE-2017-15367 was published for bacula-web/bacula-web (Composer) May 14, 2022
PaginationServiceProvider SQL Injection vulnerability Critical
CVE-2014-125029 was published for ttskch/pagination-service-provider (Composer) Jan 8, 2023
DBRisinajumi d2files SQL Injection vulnerability Critical
CVE-2015-10018 was published for dbrisinajumi/d2files (Composer) Jan 6, 2023
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
SQL injection in webbuilders-group silverstripe-kapost-bridge Critical
CVE-2015-10077 was published for webbuilders-group/silverstripe-kapost-bridge (Composer) Feb 10, 2023
SQL Injection in liftkit/database Critical
CVE-2016-15020 was published for liftkit/database (Composer) Jan 16, 2023
nodebatis SQL Injection vulnerability Critical
CVE-2018-25066 was published for nodebatis (npm) Jan 6, 2023
WebPA SQL Injection vulnerability Critical
CVE-2021-4308 was published for webpa/webpa (Composer) Jan 8, 2023
New Relic .NET Agent contains SQL Injection Critical
CVE-2017-9246 was published for NewRelic.Agent (NuGet) May 17, 2022
SQL Injection in Log4j 1.2.x Critical
CVE-2022-23305 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
Zend Framework Allows SQL Injection Critical
CVE-2016-4861 was published for zendframework/zendframework (Composer) May 14, 2022
Jeecg boot SQL Injection vulnerability Critical
CVE-2023-42268 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
SQL injection in audit endpoint Critical
CVE-2023-35088 was published for org.apache.inlong:manager-service (Maven) Jul 25, 2023
SQL injection in jeecg-boot Critical
CVE-2023-38992 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Jul 28, 2023
FUXA SQL Injection vulnerability Critical
CVE-2023-31719 was published for fuxa-server (npm) Sep 22, 2023
SQL Injection in Apache SkyWalking Critical
CVE-2020-13921 was published for org.apache.skywalking:oap-server (Maven) May 7, 2021
jeecg-boot SQL injection vulnerability Critical
CVE-2023-34659 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 16, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager" Critical
CVE-2023-30839 was published for prestashop/prestashop (Composer) Apr 25, 2023
truff77
OpenRefine Remote Code execution in project import with mysql jdbc url attack Critical
CVE-2023-41887 was published for org.openrefine:database (Maven) Sep 12, 2023
nbxiglk0
PrestaShop SQL manager vulnerability Critical
CVE-2023-39526 was published for prestashop/prestashop (Composer) Aug 9, 2023
SQL injection in jeecgboot Critical
CVE-2023-40989 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Sep 22, 2023
MarkLee131
piccolo SQL Injection via named transaction savepoints Critical
CVE-2023-47128 was published for piccolo (pip) Nov 12, 2023
Skelmis
ProTip! Advisories are also available from the GraphQL API