Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
Admidio has Blind SQL Injection in ecard_send.php Critical
CVE-2024-37906 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema
Craft CMS SQL injection vulnerability via the GraphQL API endpoint Critical
CVE-2024-37843 was published for craftcms/cms (Composer) Jun 25, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql Critical
GHSA-qf36-fx9f-232x was published for zendframework/zendframework1 (Composer) Jun 7, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
ThinkPHP SQL Injection vulnerability Critical
CVE-2018-16385 was published for topthink/framework (Composer) May 14, 2022
Drupal SQL Injection vulnerability Critical
CVE-2011-2715 was published for drupal/core (Composer) Apr 22, 2022
Contao SQL injection in the file manager Critical
CVE-2019-11512 was published for contao/contao (Composer) May 24, 2022
Contao SQL injection in the backend and listing module Critical
CVE-2017-16558 was published for contao/contao (Composer) May 24, 2022
BEdita vulnerable to SQL injection Critical
CVE-2019-15570 was published for bedita/bedita (Composer) May 24, 2022
Froxlor SQL injection vulnerability Critical
CVE-2021-42325 was published for froxlor/froxlor (Composer) May 24, 2022
silverstripe restfulserver and registry modules SQL injection vulnerability Critical
CVE-2019-12149 was published for silverstripe/registry (Composer) May 24, 2022
ThinkPHP5 SQL Injection vulnerability Critical
CVE-2021-44350 was published for topthink/framework (Composer) Dec 17, 2021
ThinkPHP SQL injection vulnerability Critical
CVE-2018-17566 was published for topthink/framework (Composer) May 14, 2022
thinkphp SQL Injection via the index.php s parameter Critical
CVE-2018-10225 was published for topthink/framework (Composer) May 14, 2022
TeamPass SQL injection in users.queries.php Critical
CVE-2017-9436 was published for nilsteampassnet/teampass (Composer) May 17, 2022
Dolibarr SQL Injection vulnerability Critical
CVE-2018-9019 was published for dolibarr/dolibarr (Composer) May 13, 2022
Dolibarr SQL injection vulnerability in product/card.php Critical
CVE-2018-13450 was published for dolibarr/dolibarr (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API