Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,982
Pub
10
RubyGems
826
Rust
770
Swift
34
Unreviewed advisories
All unreviewed
5,000+

425 advisories

PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
laravel framework SQL Injection via limit and offset functions High
GHSA-wq8p-mqvg-2p5h was published for laravel/framework (Composer) May 15, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
Umbraco Workflow's Backoffice users can execute arbitrary SQL Moderate
CVE-2024-32872 was published for Plumber.Workflow (NuGet) Apr 24, 2024
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction High
CVE-2024-32480 was published for librenms/librenms (Composer) Apr 22, 2024
sco4x0
LibreNMS vulnerable to SQL injection time-based leads to database extraction High
CVE-2024-32461 was published for librenms/librenms (Composer) Apr 22, 2024
Louhan-dev
Mautic SQL Injection in dynamic Reports Moderate
CVE-2022-25775 was published for mautic/core (Composer) Apr 12, 2024
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23119 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23115 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23118 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23117 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability High
CVE-2024-0637 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23116 was published for centreon/centreon (Composer) Apr 2, 2024
phpMyFAQ SQL injections at insertentry & saveentry High
CVE-2024-28107 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
phpMyFAQ SQL Injection at "Save News" High
CVE-2024-27299 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
SQL injection in Folio Spring Module Core Moderate
CVE-2022-4963 was published for org.folio:spring-module-core (Maven) Mar 21, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow Moderate
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow Moderate
CVE-2024-27304 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Line Comment Creation Moderate
CVE-2024-27289 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
ProTip! Advisories are also available from the GraphQL API