GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
SQL injection in opencart
High
CVE-2024-21514
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
High
GHSA-x2f4-8wxf-w3vf
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 CMS Privilege Escalation and SQL Injection
High
GHSA-45wj-jv2h-jwrf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
High
GHSA-xc69-p8fc-m6m5
was published
for
silverstripe/subsites
(Composer)
May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability
High
GHSA-p2v5-xcqm-4fv6
was published
for
silverstripe/taxonomy
(Composer)
May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
High
GHSA-265q-222x-52m6
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework SQL injection in full text search
High
GHSA-xx4r-5265-48j6
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Magento SQL injection via marketing account with access to email templates variables
High
CVE-2019-8134
was published
for
magento/community-edition
(Composer)
May 24, 2022
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
Magento SQL injection vulnerability
High
CVE-2019-8130
was published
for
magento/community-edition
(Composer)
May 24, 2022
Contao core SQL Injection Vulnerability
High
CVE-2012-4383
was published
for
contao/core
(Composer)
Apr 23, 2022
GeniXCMS SQL injection vulnerability
High
CVE-2017-5346
was published
for
genix/cms
(Composer)
May 14, 2022
GeniXCMS SQL injection vulnerability
High
CVE-2016-10096
was published
for
genix/cms
(Composer)
May 17, 2022
MunkiReport reportdata module SQL injection vulnerability
High
CVE-2020-15886
was published
for
munkireport/reportdata
(Composer)
May 24, 2022
MunkiReport Software Update module is vulnerable to SQL injection
High
CVE-2020-15887
was published
for
munkireport/softwareupdate
(Composer)
May 24, 2022
Dolibarr SQL injection vulnerability in user/card.php
High
CVE-2018-19998
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr error-based SQL injection vulnerability in product/card.php
High
CVE-2018-19994
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability
High
CVE-2017-18260
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection via type parameter in product/stats/card.php
High
CVE-2017-9839
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability in accountancy/customer/card.php
High
CVE-2020-14443
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
phpMyAdmin SQL Injection
High
CVE-2020-10804
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
phpMyAdmin SQL injection vulnerability
High
CVE-2020-10802
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
phpMyAdmin SQL injection in user accounts page
High
CVE-2020-5504
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Moodle Blind SQL injection possible via MNet authentication
High
CVE-2021-32474
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
ProTip!
Advisories are also available from the
GraphQL API