GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,225
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
6,043 advisories
Filter by severity
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping...
High
Unreviewed
CVE-2022-0651
was published
Feb 25, 2022
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for...
High
Unreviewed
CVE-2022-24407
was published
Feb 25, 2022
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated...
High
Unreviewed
CVE-2022-23986
was published
Feb 25, 2022
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id...
High
Unreviewed
CVE-2022-0411
was published
Mar 1, 2022
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the...
High
Unreviewed
CVE-2022-23911
was published
Mar 1, 2022
The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter...
High
Unreviewed
CVE-2022-0383
was published
Mar 1, 2022
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter...
High
Unreviewed
CVE-2021-24864
was published
Mar 1, 2022
A improper neutralization of special elements used in an sql command ('sql injection') in...
High
Unreviewed
CVE-2021-43077
was published
Mar 2, 2022
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database...
High
Unreviewed
CVE-2022-23387
was published
Mar 2, 2022
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action...
High
Unreviewed
CVE-2022-23380
was published
Mar 2, 2022
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract...
High
Unreviewed
CVE-2021-40636
was published
Mar 4, 2022
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An...
High
Unreviewed
CVE-2021-40635
was published
Mar 4, 2022
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via...
High
Unreviewed
CVE-2022-25393
was published
Mar 4, 2022
When the server is configured to use trust authentication with a clientcert requirement or to use...
High
Unreviewed
CVE-2021-23214
was published
Mar 5, 2022
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the ...
High
Unreviewed
CVE-2022-0439
was published
Mar 8, 2022
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id...
High
Unreviewed
CVE-2022-0420
was published
Mar 8, 2022
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and...
High
Unreviewed
CVE-2022-0410
was published
Mar 8, 2022
The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action...
High
Unreviewed
CVE-2022-0267
was published
Mar 8, 2022
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a...
High
Unreviewed
CVE-2021-24777
was published
Mar 8, 2022
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the...
High
Unreviewed
CVE-2021-24952
was published
Mar 8, 2022
A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated...
High
Unreviewed
CVE-2022-24281
was published
Mar 9, 2022
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api...
High
Unreviewed
CVE-2022-25225
was published
Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain...
High
Unreviewed
CVE-2022-24601
was published
Mar 11, 2022
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version...
High
Unreviewed
CVE-2022-0507
was published
Mar 11, 2022
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection...
High
Unreviewed
CVE-2021-43969
was published
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API