GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
3,254 advisories
Filter by severity
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40539
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40541
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40542
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40540
was published
Jul 12, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37933
was published
Jul 12, 2024
SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With...
Critical
Unreviewed
CVE-2024-37870
was published
Jul 9, 2024
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows...
Critical
Unreviewed
CVE-2024-6527
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37112
was published
Jul 9, 2024
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-27709
was published
Jul 5, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection...
Critical
Unreviewed
CVE-2024-3816
was published
Jul 3, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-6172
was published
Jul 2, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL...
Critical
Unreviewed
CVE-2024-1839
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -...
Critical
Unreviewed
CVE-2024-4228
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37252
was published
Jun 26, 2024
SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for...
Critical
Unreviewed
CVE-2024-36681
was published
Jun 25, 2024
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro"...
Critical
Unreviewed
CVE-2024-34988
was published
Jun 25, 2024
In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a...
Critical
Unreviewed
CVE-2024-34989
was published
Jun 22, 2024
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL...
Critical
Unreviewed
CVE-2024-6027
was published
Jun 21, 2024
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a...
Critical
Unreviewed
CVE-2024-36678
was published
Jun 19, 2024
In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest...
Critical
Unreviewed
CVE-2024-34994
was published
Jun 19, 2024
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL...
Critical
Unreviewed
CVE-2024-37802
was published
Jun 18, 2024
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter...
Critical
Unreviewed
CVE-2024-3552
was published
Jun 13, 2024
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to...
Critical
Unreviewed
CVE-2024-36840
was published
Jun 12, 2024
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via...
Critical
Unreviewed
CVE-2024-36673
was published
Jun 7, 2024
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
Critical
Unreviewed
CVE-2024-36779
was published
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API