Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,531 advisories

Loading
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via... Critical Unreviewed
CVE-2022-25405 was published Feb 25, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. Critical Unreviewed
CVE-2022-25403 was published Feb 25, 2022
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via... Critical Unreviewed
CVE-2022-25406 was published Feb 25, 2022
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the... Critical Unreviewed
CVE-2022-25404 was published Feb 25, 2022
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated... High Unreviewed
CVE-2022-23986 was published Feb 25, 2022
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for... High Unreviewed
CVE-2022-24407 was published Feb 25, 2022
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2)... Critical Unreviewed
CVE-2021-44610 was published Feb 25, 2022
SQL injection in francoisjacquet/rosariosis Critical
CVE-2021-44567 was published for francoisjacquet/rosariosis (Composer) Feb 25, 2022
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2022-25096 was published Feb 27, 2022
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id... High Unreviewed
CVE-2022-0411 was published Mar 1, 2022
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the... High Unreviewed
CVE-2022-23911 was published Mar 1, 2022
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An... Critical Unreviewed
CVE-2022-24571 was published Mar 1, 2022
The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter... High Unreviewed
CVE-2022-0383 was published Mar 1, 2022
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress... Critical Unreviewed
CVE-2022-0412 was published Mar 1, 2022
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter... High Unreviewed
CVE-2021-24864 was published Mar 1, 2022
A improper neutralization of special elements used in an sql command ('sql injection') in... High Unreviewed
CVE-2021-43077 was published Mar 2, 2022
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database... High Unreviewed
CVE-2022-23387 was published Mar 2, 2022
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action... High Unreviewed
CVE-2022-23380 was published Mar 2, 2022
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2022-25029 was published Mar 2, 2022
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file ... Critical Unreviewed
CVE-2022-25125 was published Mar 4, 2022
SQL injection in net.mingsoft:ms-mcms Critical
CVE-2022-23898 was published for net.mingsoft:ms-mcms (Maven) Mar 4, 2022
SQL injection in net.mingsoft:ms-mcms Critical
CVE-2022-23899 was published for net.mingsoft:ms-mcms (Maven) Mar 4, 2022
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract... High Unreviewed
CVE-2021-40636 was published Mar 4, 2022
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An... High Unreviewed
CVE-2021-40635 was published Mar 4, 2022
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via... Critical Unreviewed
CVE-2022-26170 was published Mar 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database