GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
SQL Injection in TYPO3 Frontend Login
Moderate
GHSA-j86x-pjmr-9m6w
was published
for
typo3/cms
(Composer)
Jun 5, 2024
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Moderate
CVE-2024-32872
was published
for
Plumber.Workflow
(NuGet)
Apr 24, 2024
Mautic SQL Injection in dynamic Reports
Moderate
CVE-2022-25775
was published
for
mautic/core
(Composer)
Apr 12, 2024
SQL injection in Folio Spring Module Core
Moderate
CVE-2022-4963
was published
for
org.folio:spring-module-core
(Maven)
Mar 21, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
Moderate
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Protocol Message Size Overflow
Moderate
CVE-2024-27304
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Line Comment Creation
Moderate
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana/pkg/tsdb/mysql
(Go)
Jan 31, 2024
Gila CMS SQL Injection
Moderate
CVE-2020-26623
was published
for
gilacms/gila
(Composer)
Jan 3, 2024
Apache Superset SQL injection vulnerability
Moderate
CVE-2023-49736
was published
for
apache-superset
(pip)
Dec 19, 2023
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability
Moderate
CVE-2023-30867
was published
for
org.apache.streampark:streampark
(Maven)
Dec 15, 2023
nocodb SQL Injection vulnerability
Moderate
CVE-2023-43794
was published
for
nocodb
(npm)
Oct 17, 2023
Jeecg-boot SQL Injection vulnerability
Moderate
CVE-2023-38905
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Aug 17, 2023
PrestaShop boolean SQL injection
Moderate
CVE-2023-39524
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Apache InLong SQL Injection vulnerability
Moderate
CVE-2023-30465
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 6, 2023
Moodle vulnerable to SQL Injection
Moderate
CVE-2023-35132
was published
for
moodle/moodle
(Composer)
Jun 22, 2023
JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode
Moderate
CVE-2023-34602
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 19, 2023
JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo
Moderate
CVE-2023-34603
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 19, 2023
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
Moderate
CVE-2023-0620
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
Pimcore vulnerable to improper quoting of filters in Custom Reports
Moderate
CVE-2023-28438
was published
for
pimcore/pimcore
(Composer)
Mar 22, 2023
Pimcore Remote Code Execution vulnerability in Search function
Moderate
CVE-2023-1578
was published
for
pimcore/pimcore
(Composer)
Mar 22, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
Moderate
CVE-2022-41703
was published
for
apache-superset
(pip)
Jan 16, 2023
ProTip!
Advisories are also available from the
GraphQL API