Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
SQL Injection in the KubeClarity REST API Moderate
CVE-2024-39909 was published for github.com/openclarity/kubeclarity/backend (Go) Jul 12, 2024
b-abderrahmane
EGroupware mishandles an ORDER BY clause Moderate
CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024
blitzdose
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities Moderate
CVE-2024-39677 was published for NHibernate (NuGet) Jul 8, 2024
hazzik fredericDelaporte
SQL Injection in Hibernate ORM Moderate
CVE-2019-14900 was published for org.hibernate:hibernate-core (Maven) Feb 10, 2022
mpihelgas
SQL injection in litellm Moderate
CVE-2024-5225 was published for litellm (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-4890 was published for litellm (pip) Jun 6, 2024
SQL Injection in TYPO3 Frontend Login Moderate
GHSA-j86x-pjmr-9m6w was published for typo3/cms (Composer) Jun 5, 2024
Magento Injection vulnerability via email templates Moderate
CVE-2019-8143 was published for magento/community-edition (Composer) May 24, 2022
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
LibreNMS SQL Injection vulnerability Moderate
CVE-2020-15873 was published for librenms/librenms (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability Moderate
CVE-2020-10803 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Umbraco Workflow's Backoffice users can execute arbitrary SQL Moderate
CVE-2024-32872 was published for Plumber.Workflow (NuGet) Apr 24, 2024
pjez-qestit
Moodle vulnerable to SQL Injection Moderate
CVE-2023-35132 was published for moodle/moodle (Composer) Jun 22, 2023
Mautic SQL Injection in dynamic Reports Moderate
CVE-2022-25775 was published for mautic/core (Composer) Apr 12, 2024
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana/pkg/tsdb/mysql (Go) Jan 31, 2024
SQL injection in Folio Spring Module Core Moderate
CVE-2022-4963 was published for org.folio:spring-module-core (Maven) Mar 21, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow Moderate
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow Moderate
CVE-2024-27304 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Line Comment Creation Moderate
CVE-2024-27289 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
Blind SQL Injection with privileged Cloud Foundry UAA endpoints Moderate
CVE-2017-4974 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Apache Derby SQL Injection Moderate
CVE-2006-7217 was published for org.apache.derby:derby (Maven) May 1, 2022
Typo3 Backend History Module Vulnerable to SQL Injection Moderate
CVE-2012-6144 was published for typo3/cms (Composer) May 17, 2022
Gila CMS SQL Injection Moderate
CVE-2020-26623 was published for gilacms/gila (Composer) Jan 3, 2024
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability Moderate
CVE-2023-30867 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
Apache Superset SQL injection vulnerability Moderate
CVE-2023-49736 was published for apache-superset (pip) Dec 19, 2023
ProTip! Advisories are also available from the GraphQL API