GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
174 advisories
Filter by severity
SQL injection in opencart
High
CVE-2024-21514
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Apache Submarine Server Core has a SQL Injection Vulnerability
High
CVE-2024-36263
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
High
GHSA-x2f4-8wxf-w3vf
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 CMS Privilege Escalation and SQL Injection
High
GHSA-45wj-jv2h-jwrf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
High
GHSA-xc69-p8fc-m6m5
was published
for
silverstripe/subsites
(Composer)
May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability
High
GHSA-p2v5-xcqm-4fv6
was published
for
silverstripe/taxonomy
(Composer)
May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
High
GHSA-265q-222x-52m6
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework SQL injection in full text search
High
GHSA-xx4r-5265-48j6
was published
for
silverstripe/framework
(Composer)
May 27, 2024
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
High
CVE-2024-32480
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS vulnerable to SQL injection time-based leads to database extraction
High
CVE-2024-32461
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23115
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23119
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-0637
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23116
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23118
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23117
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
phpMyFAQ SQL injections at insertentry & saveentry
High
CVE-2024-28107
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ SQL Injection at "Save News"
High
CVE-2024-27299
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
SQL Injection in Admin download files as zip
High
CVE-2024-23646
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
High
CVE-2024-22196
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Mingsoft MCMS SQL injection
High
CVE-2023-50578
was published
for
net.mingsoft:ms-mcms
(Maven)
Dec 30, 2023
MainWP Dashboard SQL Command Injection vulnerability
High
CVE-2023-38519
was published
for
mainwp/mainwp
(Composer)
Dec 20, 2023
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
High
CVE-2023-47637
was published
for
pimcore/pimcore
(Composer)
Nov 15, 2023
ProTip!
Advisories are also available from the
GraphQL API