GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,889 advisories
Filter by severity
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate...
High
Unreviewed
CVE-2024-5606
was published
Jul 2, 2024
SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" ...
High
Unreviewed
CVE-2024-34992
was published
Jun 25, 2024
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System...
High
Unreviewed
CVE-2024-37840
was published
Jun 17, 2024
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can...
High
Unreviewed
CVE-2024-36680
was published
Jun 19, 2024
ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.
High
Unreviewed
CVE-2024-38293
was published
Jun 13, 2024
SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to...
High
Unreviewed
CVE-2024-37848
was published
Jun 17, 2024
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper...
High
Unreviewed
CVE-2024-37393
was published
Jun 10, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29830
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29829
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29846
was published
May 31, 2024
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote...
High
Unreviewed
CVE-2024-22059
was published
May 31, 2024
A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web...
High
Unreviewed
CVE-2024-34928
was published
May 23, 2024
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports...
High
Unreviewed
CVE-2023-49331
was published
May 20, 2024
Zoho ManageEngine ADAudit Plus through 7251 allows SQL Injection while getting aggregate report...
High
Unreviewed
CVE-2023-49330
was published
May 20, 2024
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
High
Unreviewed
CVE-2023-49333
was published
May 20, 2024
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full...
High
Unreviewed
CVE-2023-49334
was published
May 20, 2024
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
High
Unreviewed
CVE-2023-49332
was published
May 20, 2024
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
High
Unreviewed
CVE-2023-49335
was published
May 20, 2024
The access control in CemiPark software does not properly validate user-entered data, which...
High
Unreviewed
CVE-2024-4423
was published
May 14, 2024
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave...
High
Unreviewed
CVE-2024-34220
was published
May 14, 2024
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An...
High
Unreviewed
CVE-2024-32738
was published
May 14, 2024
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An...
High
Unreviewed
CVE-2024-32737
was published
May 14, 2024
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka...
High
Unreviewed
CVE-2024-34534
was published
May 6, 2024
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.
High
Unreviewed
CVE-2024-28279
was published
May 14, 2024
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the...
High
Unreviewed
CVE-2024-25526
was published
May 8, 2024
ProTip!
Advisories are also available from the
GraphQL API