GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Withdrawn Advisory: Nette Database SQL injection
Moderate
CVE-2024-55586
was published
for
nette/database
(Composer)
Dec 10, 2024
•
withdrawn
Shopware vulnerable to blind SQL-injection in DAL aggregations
Moderate
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability
Moderate
CVE-2024-4215
was published
for
pgadmin4
(pip)
May 2, 2024
SQL injection in Tortoise ORM
Moderate
CVE-2020-11010
was published
for
tortoise-orm
(pip)
Apr 20, 2020
Moodle vulnerable to site administration SQL injection via XMLDB editor
Moderate
CVE-2024-43436
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Apache InLong SQL Injection vulnerability
Moderate
CVE-2023-30465
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 6, 2023
Mautic SQL Injection in dynamic Reports
Moderate
CVE-2022-25775
was published
for
mautic/core
(Composer)
Apr 12, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query
Moderate
GHSA-fpgj-cr28-fvpx
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 21, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35181
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35182
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
Apache Superset vulnerable to improper SQL authorization
Moderate
CVE-2024-39887
was published
for
apache-superset
(pip)
Jul 16, 2024
SQL Injection in Hibernate ORM
Moderate
CVE-2019-14900
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 10, 2022
SQL Injection in TYPO3 Frontend Login
Moderate
GHSA-j86x-pjmr-9m6w
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Magento Injection vulnerability via email templates
Moderate
CVE-2019-8143
was published
for
magento/community-edition
(Composer)
May 24, 2022
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
LibreNMS SQL Injection vulnerability
Moderate
CVE-2020-15873
was published
for
librenms/librenms
(Composer)
May 24, 2022
phpMyAdmin SQL injection vulnerability
Moderate
CVE-2020-10803
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Moderate
CVE-2024-32872
was published
for
Plumber.Workflow
(NuGet)
Apr 24, 2024
Moodle vulnerable to SQL Injection
Moderate
CVE-2023-35132
was published
for
moodle/moodle
(Composer)
Jun 22, 2023
SQL injection in Folio Spring Module Core
Moderate
CVE-2022-4963
was published
for
org.folio:spring-module-core
(Maven)
Mar 21, 2024
Blind SQL Injection with privileged Cloud Foundry UAA endpoints
Moderate
CVE-2017-4974
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Apache Derby SQL Injection
Moderate
CVE-2006-7217
was published
for
org.apache.derby:derby
(Maven)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API