Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation Critical
CVE-2024-1597 was published for org.postgresql:postgresql (Maven) Feb 21, 2024
paul-gerste-sonarsource
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
Jeecg Boot SQL injection vulnerability Critical
CVE-2023-41542 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Jeecg Boot SQL Injection Critical
CVE-2023-41543 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
RuoYi vulnerable to SQL injection vulnerability Critical
CVE-2023-49371 was published for com.ruoyi:ruoyi (Maven) Dec 1, 2023
Apache Cocoon SQL Injection vulnerability Critical
CVE-2022-45135 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
SQL injection in jeecgboot Critical
CVE-2023-40989 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Sep 22, 2023
MarkLee131
OpenRefine Remote Code execution in project import with mysql jdbc url attack Critical
CVE-2023-41887 was published for org.openrefine:database (Maven) Sep 12, 2023
nbxiglk0
Jeecg boot SQL Injection vulnerability Critical
CVE-2023-42268 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
SQL injection in jeecg-boot Critical
CVE-2023-38992 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Jul 28, 2023
SQL injection in audit endpoint Critical
CVE-2023-35088 was published for org.apache.inlong:manager-service (Maven) Jul 25, 2023
jeecg-boot SQL injection vulnerability Critical
CVE-2023-34659 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 16, 2023
MyBatis-Plus vulnerable to SQL injection via TenantPlugin Critical
CVE-2023-25330 was published for com.baomidou:mybatis-plus (Maven) Apr 5, 2023
Ming-Soft MCMS vulnerable to SQL injection Critical
CVE-2020-20913 was published for net.mingsoft:ms-mcms (Maven) Apr 4, 2023
jeecg-boot vulnerable to SQL injection Critical
CVE-2023-1741 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
jeecg-boot SQL Injection vulnerability Critical
CVE-2023-1454 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Mar 17, 2023
GeoTools OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25158 was published for org.geotools:gt-jdbc (Maven) Feb 22, 2023
sikeoka
GeoServer OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25157 was published for org.geoserver.community:gs-jdbcconfig (Maven) Feb 22, 2023
sikeoka
Dromara hutool vulnerable to SQL Injection Critical
CVE-2023-24163 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
liangyueliangyue andrewpollock
Jeecg-boot is vulnerable to SQL injection Critical
CVE-2022-47105 was published for org.jeecgframework.boot:jeecg-boot-base-core (Maven) Jan 19, 2023
Mingsoft MCMS vulnerable to SQL Injection Critical
CVE-2022-4375 was published for net.mingsoft:ms-mcms (Maven) Dec 9, 2022
Jeecg-boot vulnerable to SQL Injection Critical
CVE-2022-45206 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 25, 2022
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString Critical
CVE-2022-45207 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 25, 2022
SQL injection in jflyfox jfinal Critical
CVE-2022-37223 was published for com.jflyfox:jflyfox_jfinal (Maven) Aug 24, 2022
ProTip! Advisories are also available from the GraphQL API