GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,080 advisories
Filter by severity
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
High
Unreviewed
CVE-2024-6497
was published
Jul 20, 2024
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via...
High
Unreviewed
CVE-2024-6338
was published
Jul 19, 2024
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via...
High
Unreviewed
CVE-2024-5605
was published
Jun 20, 2024
The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term'...
High
Unreviewed
CVE-2024-3561
was published
Jun 20, 2024
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in...
High
Unreviewed
CVE-2024-22280
was published
Jul 11, 2024
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in...
High
Unreviewed
CVE-2024-6666
was published
Jul 11, 2024
SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows...
High
Unreviewed
CVE-2024-37872
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-37564
was published
Jul 12, 2024
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is...
High
Unreviewed
CVE-2024-6166
was published
Jul 9, 2024
SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP...
High
Unreviewed
CVE-2024-37871
was published
Jul 9, 2024
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL...
High
Unreviewed
CVE-2024-38347
was published
Jun 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-37090
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-37494
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-37256
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-37486
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-37225
was published
Jul 9, 2024
SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the...
High
Unreviewed
CVE-2024-39027
was published
Jul 5, 2024
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate...
High
Unreviewed
CVE-2024-5606
was published
Jul 2, 2024
SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" ...
High
Unreviewed
CVE-2024-34992
was published
Jun 25, 2024
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System...
High
Unreviewed
CVE-2024-37840
was published
Jun 17, 2024
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can...
High
Unreviewed
CVE-2024-36680
was published
Jun 19, 2024
ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.
High
Unreviewed
CVE-2024-38293
was published
Jun 13, 2024
SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to...
High
Unreviewed
CVE-2024-37848
was published
Jun 17, 2024
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper...
High
Unreviewed
CVE-2024-37393
was published
Jun 10, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29829
was published
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API