GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
174 advisories
Filter by severity
SQL injection in hibernate-core
High
CVE-2020-25638
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 9, 2022
SQL Injection in Casdoor
High
CVE-2022-24124
was published
for
github.com/casdoor/casdoor
(Go)
Feb 1, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46383
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46385
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
SQL Injection in dolibarr
High
CVE-2022-0224
was published
for
dolibarr/dolibarr
(Composer)
Jan 21, 2022
pimcore is vulnerable to SQL Injection
High
CVE-2022-0258
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
SQL injection in jackalope/jackalope-doctrine-dbal
High
CVE-2021-43822
was published
for
jackalope/jackalope-doctrine-dbal
(Composer)
Dec 14, 2021
SQL injection in prestashop/prestashop
High
CVE-2021-43789
was published
for
prestashop/prestashop
(Composer)
Dec 7, 2021
SQL injection in Apache DolphinScheduler
High
CVE-2021-27644
was published
for
org.apache.dolphinscheduler:dolphinscheduler-server
(Maven)
Nov 3, 2021
Content object state fetch functions open to SQL injection
High
GHSA-jpwx-ffjq-wr4w
was published
for
ezsystems/ezpublish-legacy
(Composer)
Sep 7, 2021
Unauthenticated SQL Injection in Cachet
High
CVE-2021-39165
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
SQL injection in pimcore/pimcore
High
CVE-2021-23405
was published
for
pimcore/pimcore
(Composer)
Jul 13, 2021
SQL Injection in pimcore
High
CVE-2020-7759
was published
for
pimcore/pimcore
(Composer)
May 6, 2021
SQL Injection in librenms
High
CVE-2020-35700
was published
for
librenms/librenms
(Composer)
May 6, 2021
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
High
GHSA-4mg9-vhxq-vm7j
was published
for
illuminate/database
(Composer)
Apr 29, 2021
SQL Injection via in django-debug-toolbar
High
CVE-2021-30459
was published
for
django-debug-toolbar
(pip)
Apr 16, 2021
Rating Script Service expose XWiki to SQL injection
High
CVE-2021-21380
was published
for
org.xwiki.platform:xwiki-platform-ratings-api
(Maven)
Mar 23, 2021
Madge vulnerable to command injection
High
CVE-2021-23352
was published
for
madge
(npm)
Mar 12, 2021
Query Binding Exploitation
High
CVE-2021-21263
was published
for
illuminate/database
(Composer)
Jan 19, 2021
SQL Injection in untitled-model
High
GHSA-hq8g-qq57-5275
was published
for
untitled-model
(npm)
Sep 11, 2020
SQL Injection in sails-mysql
High
GHSA-hx5x-49mm-vmhw
was published
for
sails-mysql
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API