Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

579 advisories

Loading
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection High
CVE-2022-45786 was published for apache-age-python (Go) Feb 4, 2023
oscerd
Credited to oscerd
Dromara hutool vulnerable to SQL Injection Critical
CVE-2023-24163 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
liangyueliangyue andrewpollock
Credited to liangyueliangyue and andrewpollock
phpmyadmin contains SQL Injection vulnerability Critical
CVE-2020-22452 was published for phpmyadmin/phpmyadmin (Composer) Jan 26, 2023
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection Critical
CVE-2023-22727 was published for cakephp/cakephp (Composer) Jan 20, 2023
ravage84
Credited to ravage84
Jeecg-boot is vulnerable to SQL injection Critical
CVE-2022-47105 was published for org.jeecgframework.boot:jeecg-boot-base-core (Maven) Jan 19, 2023
SQL Injection Vulnerability via ActiveRecord comments High
CVE-2023-22794 was published for activerecord (RubyGems) Jan 18, 2023
kurt-r2c
Credited to kurt-r2c
SQL Injection in liftkit/database Critical
CVE-2016-15020 was published for liftkit/database (Composer) Jan 16, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
a12nserver vulnerable to potential SQL Injections via Knex dependency Moderate
GHSA-crhg-xgrg-vvcc was published for @curveball/a12n-server (npm) Jan 13, 2023
WebPA SQL Injection vulnerability Critical
CVE-2021-4308 was published for webpa/webpa (Composer) Jan 8, 2023
PaginationServiceProvider SQL Injection vulnerability Critical
CVE-2014-125029 was published for ttskch/pagination-service-provider (Composer) Jan 8, 2023
Squalor SQL Injection vulnerability Critical
CVE-2020-36645 was published for github.com/square/squalor (Go) Jan 7, 2023
gosqljson SQL Injection vulnerability Critical
CVE-2014-125064 was published for github.com/elgs/gosqljson (Go) Jan 7, 2023
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
DBRisinajumi d2files SQL Injection vulnerability Critical
CVE-2015-10018 was published for dbrisinajumi/d2files (Composer) Jan 6, 2023
nodebatis SQL Injection vulnerability Critical
CVE-2018-25066 was published for nodebatis (npm) Jan 6, 2023
laravel-jqgrid vulnerable to SQL Injection Critical
CVE-2021-4262 was published for mgallegos/laravel-jqgrid (Composer) Dec 19, 2022
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani pmartinat
tdunlap607
Credited to alokmenghrajani, pmartinat, and tdunlap607
@cubejs-backend/api-gateway row level security bypass High
CVE-2022-23510 was published for @cubejs-backend/api-gateway (npm) Dec 12, 2022
Mingsoft MCMS vulnerable to SQL Injection Critical
CVE-2022-4375 was published for net.mingsoft:ms-mcms (Maven) Dec 9, 2022
owncast is vulnerable to SQL Injection Critical
CVE-2022-3751 was published for github.com/owncast/owncast (Go) Nov 29, 2022
Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin Moderate
CVE-2022-45208 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Credited to achibear
Jeecg-boot vulnerable to SQL Injection Moderate
CVE-2022-45210 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Credited to achibear
Jeecg-boot vulnerable to SQL Injection Critical
CVE-2022-45206 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Credited to achibear
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database