Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
Array data injection vulnerability in activerecord Moderate
CVE-2014-0080 was published for activerecord (RubyGems) Oct 24, 2017
Active Record vulnerable to SQL Injection via nested query parameters Moderate
CVE-2012-2661 was published for activerecord (RubyGems) Oct 24, 2017
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA Moderate
CVE-2019-3797 was published for org.springframework.data:spring-data-jpa (Maven) May 14, 2019
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
Data leakage via SQL Injection in Pimcore Moderate
CVE-2019-10763 was published for pimcore/pimcore (Composer) Dec 2, 2019
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
SQL Injection in Kylin Moderate
CVE-2020-1937 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
SQL Injection in moodle Moderate
CVE-2020-25700 was published for moodle/moodle (Composer) Mar 29, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19029 was published for github.com/goharbor/harbor (Go) May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19026 was published for github.com/goharbor/harbor (Go) May 18, 2021
SQL Injection in tribalsystems/zenario Moderate
CVE-2021-27672 was published for tribalsystems/zenario (Composer) Jun 8, 2021
SQL Injection in gogs.io/gogs Moderate
CVE-2014-8681 was published for github.com/gogits/gogs (Go) Jun 29, 2021
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
SQL Injection in showdoc Moderate
CVE-2022-0362 was published for showdoc/showdoc (Composer) Jan 27, 2022
SQL injection in github.com/navidrome/navidrome Moderate
CVE-2022-23857 was published for github.com/navidrome/navidrome (Go) Jan 27, 2022
SQL Injection in Spring Cloud Task Moderate
CVE-2020-5428 was published for org.springframework.cloud:spring-cloud-task-dependencies (Maven) Feb 9, 2022
SQL Injection in Hibernate ORM Moderate
CVE-2019-14900 was published for org.hibernate:hibernate-core (Maven) Feb 10, 2022
mpihelgas
SQL Injection in FreeTAKServer-UI Moderate
CVE-2022-25506 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Apache Derby SQL Injection Moderate
CVE-2006-7217 was published for org.apache.derby:derby (Maven) May 1, 2022
Blind SQL Injection with privileged Cloud Foundry UAA endpoints Moderate
CVE-2017-4974 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
Pimcore SQLi Vulnerability Moderate
CVE-2018-14058 was published for pimcore/pimcore (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API