GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
TeamPass SQL injection in users.queries.php
Critical
CVE-2017-9436
was published
for
nilsteampassnet/teampass
(Composer)
May 17, 2022
thinkphp SQL Injection via the index.php s parameter
Critical
CVE-2018-10225
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP SQL injection vulnerability
Critical
CVE-2018-17566
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP5 SQL Injection vulnerability
Critical
CVE-2021-44350
was published
for
topthink/framework
(Composer)
Dec 17, 2021
silverstripe restfulserver and registry modules SQL injection vulnerability
Critical
CVE-2019-12149
was published
for
silverstripe/registry
(Composer)
May 24, 2022
Froxlor SQL injection vulnerability
Critical
CVE-2021-42325
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
BEdita vulnerable to SQL injection
Critical
CVE-2019-15570
was published
for
bedita/bedita
(Composer)
May 24, 2022
Contao SQL injection in the backend and listing module
Critical
CVE-2017-16558
was published
for
contao/contao
(Composer)
May 24, 2022
Contao SQL injection in the file manager
Critical
CVE-2019-11512
was published
for
contao/contao
(Composer)
May 24, 2022
Drupal SQL Injection vulnerability
Critical
CVE-2011-2715
was published
for
drupal/core
(Composer)
Apr 22, 2022
ThinkPHP SQL Injection vulnerability
Critical
CVE-2018-16385
was published
for
topthink/framework
(Composer)
May 14, 2022
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
ADOdb SQL injection vulnerability
Critical
GHSA-h63c-xvpf-264j
was published
for
adodb/adodb-php
(Composer)
May 15, 2024
Dromara hutool vulnerable to SQL Injection
Critical
CVE-2023-24163
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Propel2 SQL injection possible with limit() on MySQL
Critical
GHSA-7vw7-qx38-37vr
was published
for
propel/propel
(Composer)
May 20, 2024
propel/propel1 SQL injection possible with limit() on MySQL
Critical
GHSA-7g7c-qhf3-x59p
was published
for
propel/propel1
(Composer)
May 20, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical
CVE-2024-35374
was published
for
mocodo
(pip)
May 28, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Critical
CVE-2023-25330
was published
for
com.baomidou:mybatis-plus
(Maven)
Apr 5, 2023
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API