Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,243 advisories

Loading
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or... Critical Unreviewed
CVE-2018-20715 was published May 14, 2022
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Critical Unreviewed
CVE-2019-6805 was published May 14, 2022
phpMyAdmin SQL injection in Designer feature Critical
CVE-2019-6798 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04... Critical Unreviewed
CVE-2018-20568 was published May 14, 2022
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability... Critical Unreviewed
CVE-2019-5720 was published May 14, 2022
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. Critical Unreviewed
CVE-2019-6523 was published May 14, 2022
OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier... Critical Unreviewed
CVE-2019-1000023 was published May 14, 2022
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get... Critical Unreviewed
CVE-2019-7568 was published May 14, 2022
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to... Critical Unreviewed
CVE-2018-16188 was published May 14, 2022
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID... Critical Unreviewed
CVE-2019-7587 was published May 14, 2022
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php... Critical Unreviewed
CVE-2019-7585 was published May 14, 2022
Traq 3.7.1 allows SQL Injection via a tickets?search= URI. Critical Unreviewed
CVE-2018-20779 was published May 14, 2022
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i,... Critical Unreviewed
CVE-2018-20770 was published May 14, 2022
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php... Critical Unreviewed
CVE-2019-3577 was published May 14, 2022
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information... Critical Unreviewed
CVE-2019-3576 was published May 14, 2022
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized... Critical Unreviewed
CVE-2015-4615 was published May 14, 2022
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj]... Critical Unreviewed
CVE-2019-8429 was published May 14, 2022
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql... Critical Unreviewed
CVE-2019-8428 was published May 14, 2022
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query]... Critical Unreviewed
CVE-2019-8423 was published May 14, 2022
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. Critical Unreviewed
CVE-2019-8424 was published May 14, 2022
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login... Critical Unreviewed
CVE-2019-8393 was published May 14, 2022
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php... Critical Unreviewed
CVE-2019-8360 was published May 14, 2022
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to... Critical Unreviewed
CVE-2017-18362 was published May 14, 2022
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an... Critical Unreviewed
CVE-2016-1000271 was published May 14, 2022
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. Critical Unreviewed
CVE-2019-9047 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database