Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

202 advisories

Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql Critical
GHSA-qf36-fx9f-232x was published for zendframework/zendframework1 (Composer) Jun 7, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php` Critical
CVE-2024-35374 was published for mocodo (pip) May 28, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection Critical
CVE-2024-27298 was published for parse-server (npm) Mar 1, 2024
mtrezza EhsanParsania
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation Critical
CVE-2024-1597 was published for org.postgresql:postgresql (Maven) Feb 21, 2024
paul-gerste-sonarsource
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
SQLAlchemyDA unauthenticated arbitrary SQL query execution Critical
CVE-2024-24811 was published for Products.SQLAlchemyDA (pip) Feb 7, 2024
perrinjerome dataflake
SQL injection in llama-index Critical
CVE-2024-23751 was published for llama-index (pip) Jan 22, 2024
Blind SQL injection in shopware Critical
CVE-2024-22406 was published for shopware/core (Composer) Jan 17, 2024
Jeecg Boot SQL injection vulnerability Critical
CVE-2023-41542 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Jeecg Boot SQL Injection Critical
CVE-2023-41543 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
RuoYi vulnerable to SQL injection vulnerability Critical
CVE-2023-49371 was published for com.ruoyi:ruoyi (Maven) Dec 1, 2023
Apache Cocoon SQL Injection vulnerability Critical
CVE-2022-45135 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
SQL injection vulnerability in Meshery Critical
CVE-2023-46575 was published for github.com/layer5io/meshery (Go) Nov 24, 2023
MarkLee131
ProTip! Advisories are also available from the GraphQL API