GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,465 advisories
Filter by severity
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a...
Critical
Unreviewed
CVE-2024-6205
was published
Jul 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-0857
was published
Jul 18, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
AguardNet's Space Management System does not properly validate user input, allowing...
Critical
Unreviewed
CVE-2024-6743
was published
Jul 15, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40539
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40541
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40542
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40540
was published
Jul 12, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37933
was published
Jul 12, 2024
SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With...
Critical
Unreviewed
CVE-2024-37870
was published
Jul 9, 2024
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows...
Critical
Unreviewed
CVE-2024-6527
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37112
was published
Jul 9, 2024
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-27709
was published
Jul 5, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection...
Critical
Unreviewed
CVE-2024-3816
was published
Jul 3, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-6172
was published
Jul 2, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL...
Critical
Unreviewed
CVE-2024-1839
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -...
Critical
Unreviewed
CVE-2024-4228
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37252
was published
Jun 26, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Critical
CVE-2024-37843
was published
for
craftcms/cms
(Composer)
Jun 25, 2024
SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for...
Critical
Unreviewed
CVE-2024-36681
was published
Jun 25, 2024
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro"...
Critical
Unreviewed
CVE-2024-34988
was published
Jun 25, 2024
In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a...
Critical
Unreviewed
CVE-2024-34989
was published
Jun 22, 2024
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL...
Critical
Unreviewed
CVE-2024-6027
was published
Jun 21, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-5756
was published
Jun 21, 2024
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type'...
Critical
Unreviewed
CVE-2024-3605
was published
Jun 20, 2024
ProTip!
Advisories are also available from the
GraphQL API