Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
SQL Injection in usmanhalalit/pixie Critical
CVE-2019-10766 was published for usmanhalalit/pixie (Composer) Nov 20, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
SQL injection in phpMyAdmin Critical
CVE-2019-18622 was published for phpmyadmin/phpmyadmin (Composer) Jan 16, 2020
SQL injection in Centreon Critical
CVE-2019-16194 was published for centreon/centreon (Composer) Feb 11, 2020
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection Critical
CVE-2023-22727 was published for cakephp/cakephp (Composer) Jan 20, 2023
ravage84
SQL Injection in WordPress Zero Spam WordPress plugin Critical
CVE-2022-0254 was published for bmarshall511/wordpress_zero_spam (Composer) Mar 15, 2022
DQL injection through sorting parameters blocked Critical
CVE-2022-24752 was published for sylius/grid-bundle (Composer) Mar 15, 2022
dbalabka
SQL Injection in ImpressCMS Critical
CVE-2021-26599 was published for impresscms/impresscms (Composer) Mar 29, 2022
SQL injection in pagekit/pagekit Critical
CVE-2021-44135 was published for pagekit/pagekit (Composer) Apr 2, 2022
SQL Injection in RosarioSIS Critical
CVE-2022-2067 was published for francoisjacquet/rosariosis (Composer) Jun 14, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
laravel-jqgrid vulnerable to SQL Injection Critical
CVE-2021-4262 was published for mgallegos/laravel-jqgrid (Composer) Dec 19, 2022
SQL Injection in SimpleSAMLphp Critical
CVE-2019-15537 was published for cesnet/simplesamlphp-module-proxystatistics (Composer) Nov 8, 2019
SQL injection in vhs (aka VHS: Fluid ViewHelpers) Critical
CVE-2021-28381 was published for fluidtypo3/vhs (Composer) Mar 29, 2021
SQL Injection in NukeViet Critical
CVE-2019-7726 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
Backport for CVE-2021-21024 Blind SQLi from Magento 2 Critical
CVE-2021-21427 was published for openmage/magento-lts (Composer) Apr 22, 2021
SQL injection in TYPO3 extension Critical
CVE-2021-38302 was published for ecodev/newsletter (Composer) Sep 2, 2021
SQL Injection in topthink/thinkphp Critical
CVE-2020-20120 was published for topthink/thinkphp (Composer) Sep 30, 2021
SQL Injection in rosariosis Critical
CVE-2021-44427 was published for francoisjacquet/rosariosis (Composer) Dec 2, 2021
Centreon vulnerable to SQL Injection Critical
CVE-2022-3827 was published for centreon/centreon (Composer) Nov 2, 2022
phpmyadmin contains SQL Injection vulnerability Critical
CVE-2020-22452 was published for phpmyadmin/phpmyadmin (Composer) Jan 26, 2023
SQL injection in Moodle Critical
CVE-2022-0332 was published for moodle/moodle (Composer) Jan 28, 2022
ProTip! Advisories are also available from the GraphQL API