Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

202 advisories

Loading
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
SQL Injection in sequelize Critical
CVE-2019-10748 was published for sequelize (npm) Nov 6, 2019
SQL Injection in usmanhalalit/pixie Critical
CVE-2019-10766 was published for usmanhalalit/pixie (Composer) Nov 20, 2019
SQL Injection in sequelize Critical
CVE-2019-10749 was published for sequelize (npm) Nov 8, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
SQL injection in phpMyAdmin Critical
CVE-2019-18622 was published for phpmyadmin/phpmyadmin (Composer) Jan 16, 2020
SQL injection in Centreon Critical
CVE-2019-16194 was published for centreon/centreon (Composer) Feb 11, 2020
Privilege Escalation due to Blind NoSQL Injection in flintcms Critical
CVE-2018-3783 was published for flintcms (npm) Aug 21, 2018
SQL Injection in Kylin Critical
CVE-2020-13926 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection Critical
CVE-2023-22727 was published for cakephp/cakephp (Composer) Jan 20, 2023
ravage84
Jeecg-boot is vulnerable to SQL injection Critical
CVE-2022-47105 was published for org.jeecgframework.boot:jeecg-boot-base-core (Maven) Jan 19, 2023
SQL Injection in WordPress Zero Spam WordPress plugin Critical
CVE-2022-0254 was published for bmarshall511/wordpress_zero_spam (Composer) Mar 15, 2022
DQL injection through sorting parameters blocked Critical
CVE-2022-24752 was published for sylius/grid-bundle (Composer) Mar 15, 2022
dbalabka
SQL Injection in ImpressCMS Critical
CVE-2021-26599 was published for impresscms/impresscms (Composer) Mar 29, 2022
SQLinjection in falcon-plus Critical
CVE-2022-26245 was published for github.com/open-falcon/falcon-plus (Go) Mar 28, 2022
SQL injection in pagekit/pagekit Critical
CVE-2021-44135 was published for pagekit/pagekit (Composer) Apr 2, 2022
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
SQL Injection in RosarioSIS Critical
CVE-2022-2067 was published for francoisjacquet/rosariosis (Composer) Jun 14, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
SQL Injection in odata4j Critical
CVE-2016-11024 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
SQL Injection in odata4j Critical
CVE-2016-11023 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter Critical
CVE-2022-36272 was published for net.mingsoft:ms-mcms (Maven) Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API