Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,080 advisories

Loading
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2024-6497 was published Jul 20, 2024
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via... High Unreviewed
CVE-2024-6338 was published Jul 19, 2024
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via... High Unreviewed
CVE-2024-5605 was published Jun 20, 2024
The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term'... High Unreviewed
CVE-2024-3561 was published Jun 20, 2024
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in... High Unreviewed
CVE-2024-22280 was published Jul 11, 2024
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in... High Unreviewed
CVE-2024-6666 was published Jul 11, 2024
SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows... High Unreviewed
CVE-2024-37872 was published Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-37564 was published Jul 12, 2024
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is... High Unreviewed
CVE-2024-6166 was published Jul 9, 2024
SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP... High Unreviewed
CVE-2024-37871 was published Jul 9, 2024
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL... High Unreviewed
CVE-2024-38347 was published Jun 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-37090 was published Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-37494 was published Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-37256 was published Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-37486 was published Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-37225 was published Jul 9, 2024
SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the... High Unreviewed
CVE-2024-39027 was published Jul 5, 2024
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate... High Unreviewed
CVE-2024-5606 was published Jul 2, 2024
SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" ... High Unreviewed
CVE-2024-34992 was published Jun 25, 2024
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System... High Unreviewed
CVE-2024-37840 was published Jun 17, 2024
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can... High Unreviewed
CVE-2024-36680 was published Jun 19, 2024
ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. High Unreviewed
CVE-2024-38293 was published Jun 13, 2024
SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to... High Unreviewed
CVE-2024-37848 was published Jun 17, 2024
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper... High Unreviewed
CVE-2024-37393 was published Jun 10, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... High Unreviewed
CVE-2024-29829 was published May 31, 2024
ProTip! Advisories are also available from the GraphQL API