Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
Data leakage via SQL Injection in Pimcore Moderate
CVE-2019-10763 was published for pimcore/pimcore (Composer) Dec 2, 2019
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
Fat Free CRM vulnerable to SQL Injection Moderate
CVE-2013-7225 was published for fat_free_crm (RubyGems) May 17, 2022
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
SQL Injection in FreeTAKServer-UI Moderate
CVE-2022-25506 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA Moderate
CVE-2016-6652 was published for org.springframework.data:spring-data-jpa (Maven) May 17, 2022
update_by_case before 0.1.3 can be vulnerable to sql injection Moderate
CVE-2022-35956 was published for update_by_case (RubyGems) Aug 11, 2022
Matrix-appservice-irc vulnerable to sql injection via roomIds argument Moderate
CVE-2022-3971 was published for matrix-appservice-irc (npm) Nov 13, 2022
a12nserver vulnerable to potential SQL Injections via Knex dependency Moderate
GHSA-crhg-xgrg-vvcc was published for @curveball/a12n-server (npm) Jan 13, 2023
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA Moderate
CVE-2019-3797 was published for org.springframework.data:spring-data-jpa (Maven) May 14, 2019
SQL Injection in Kylin Moderate
CVE-2020-1937 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
SQL Injection in Spring Cloud Task Moderate
CVE-2020-5428 was published for org.springframework.cloud:spring-cloud-task-dependencies (Maven) Feb 9, 2022
SQL Injection in tribalsystems/zenario Moderate
CVE-2021-27672 was published for tribalsystems/zenario (Composer) Jun 8, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19029 was published for github.com/goharbor/harbor (Go) May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19026 was published for github.com/goharbor/harbor (Go) May 18, 2021
Jeecg-boot vulnerable to SQL Injection Moderate
CVE-2022-45210 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 25, 2022
Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin Moderate
CVE-2022-45208 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 25, 2022
SQL Injection in showdoc Moderate
CVE-2022-0362 was published for showdoc/showdoc (Composer) Jan 27, 2022
SQL injection in github.com/navidrome/navidrome Moderate
CVE-2022-23857 was published for github.com/navidrome/navidrome (Go) Jan 27, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
Pimcore Remote Code Execution vulnerability in Search function Moderate
CVE-2023-1578 was published for pimcore/pimcore (Composer) Mar 22, 2023
ProTip! Advisories are also available from the GraphQL API