GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,638
Composer 5,007
Erlang 39
GitHub Actions 38
Go 2,645
Maven 6,108
npm 4,271
NuGet 760
pip 4,065
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,136

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

4,243 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist... Critical Unreviewed

CVE-2018-19558 was published May 14, 2022

HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded... Critical Unreviewed

CVE-2018-19468 was published May 14, 2022

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL... Critical Unreviewed

CVE-2018-13350 was published May 14, 2022

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html... Critical Unreviewed

CVE-2018-19893 was published May 14, 2022

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL... Critical Unreviewed

CVE-2018-18619 was published May 14, 2022

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo... Critical Unreviewed

CVE-2018-20479 was published May 14, 2022

An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. Critical Unreviewed

CVE-2018-20477 was published May 14, 2022

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. Critical Unreviewed

CVE-2018-20480 was published May 14, 2022

AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters... Critical Unreviewed

CVE-2018-18923 was published May 14, 2022

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in ... Critical Unreviewed

CVE-2018-1000871 was published May 14, 2022

phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that... Critical Unreviewed

CVE-2018-1000869 was published May 14, 2022

CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex... Critical Unreviewed

CVE-2018-20508 was published May 14, 2022

SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier... Critical Unreviewed

CVE-2018-13045 was published May 14, 2022

SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in... Critical Unreviewed

CVE-2018-18399 was published May 14, 2022

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m... Critical Unreviewed

CVE-2018-20572 was published May 14, 2022

user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows... Critical Unreviewed

CVE-2018-20569 was published May 14, 2022

Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially... Critical Unreviewed

CVE-2018-1000631 was published May 14, 2022

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has... Critical Unreviewed

CVE-2018-19925 was published May 14, 2022

Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute... Critical Unreviewed

CVE-2018-19415 was published May 14, 2022

An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article... Critical Unreviewed

CVE-2019-6259 was published May 14, 2022

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter. Critical Unreviewed

CVE-2019-5893 was published May 14, 2022

Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. Critical Unreviewed

CVE-2019-6295 was published May 14, 2022

Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. Critical Unreviewed

CVE-2019-6296 was published May 14, 2022

Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username... Critical Unreviewed

CVE-2019-6497 was published May 14, 2022

CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my... Critical Unreviewed

CVE-2018-20716 was published May 14, 2022

Previous 1…144…170 Next

Previous 1 2 … 142 143 144 145 146 … 169 170 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

4,243 advisories