Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

63 advisories

SQL injection in litellm Moderate
CVE-2024-4890 was published for litellm (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-5225 was published for litellm (pip) Jun 6, 2024
SQL Injection in TYPO3 Frontend Login Moderate
GHSA-j86x-pjmr-9m6w was published for typo3/cms (Composer) Jun 5, 2024
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Umbraco Workflow's Backoffice users can execute arbitrary SQL Moderate
CVE-2024-32872 was published for Plumber.Workflow (NuGet) Apr 24, 2024
pjez-qestit
Mautic SQL Injection in dynamic Reports Moderate
CVE-2022-25775 was published for mautic/core (Composer) Apr 12, 2024
SQL injection in Folio Spring Module Core Moderate
CVE-2022-4963 was published for org.folio:spring-module-core (Maven) Mar 21, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow Moderate
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow Moderate
CVE-2024-27304 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Line Comment Creation Moderate
CVE-2024-27289 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana/pkg/tsdb/mysql (Go) Jan 31, 2024
Gila CMS SQL Injection Moderate
CVE-2020-26623 was published for gilacms/gila (Composer) Jan 3, 2024
Apache Superset SQL injection vulnerability Moderate
CVE-2023-49736 was published for apache-superset (pip) Dec 19, 2023
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability Moderate
CVE-2023-30867 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
nocodb SQL Injection vulnerability Moderate
CVE-2023-43794 was published for nocodb (npm) Oct 17, 2023
sylwia-budzynska
Jeecg-boot SQL Injection vulnerability Moderate
CVE-2023-38905 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Aug 17, 2023
PrestaShop boolean SQL injection Moderate
CVE-2023-39524 was published for prestashop/prestashop (Composer) Aug 9, 2023
Apache InLong SQL Injection vulnerability Moderate
CVE-2023-30465 was published for org.apache.inlong:manager-pojo (Maven) Jul 6, 2023
Moodle vulnerable to SQL Injection Moderate
CVE-2023-35132 was published for moodle/moodle (Composer) Jun 22, 2023
JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode Moderate
CVE-2023-34602 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 19, 2023
JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo Moderate
CVE-2023-34603 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 19, 2023
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File Moderate
CVE-2023-0620 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
oxeye-daniel
Pimcore vulnerable to improper quoting of filters in Custom Reports Moderate
CVE-2023-28438 was published for pimcore/pimcore (Composer) Mar 22, 2023
Pimcore Remote Code Execution vulnerability in Search function Moderate
CVE-2023-1578 was published for pimcore/pimcore (Composer) Mar 22, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API