Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,532 advisories

Loading
Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. Critical Unreviewed
CVE-2022-24602 was published Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. Critical Unreviewed
CVE-2022-24604 was published Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. Critical Unreviewed
CVE-2022-24607 was published Mar 11, 2022
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the... Critical Unreviewed
CVE-2022-24600 was published Mar 11, 2022
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version... High Unreviewed
CVE-2022-0507 was published Mar 11, 2022
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection... High Unreviewed
CVE-2021-43969 was published Mar 11, 2022
Moodle Blind SQL injection possible via MNet authentication High
CVE-2021-32474 was published for moodle/moodle (Composer) Mar 12, 2022
SQL Injection in FreeTAKServer-UI Moderate
CVE-2022-25506 was published for FreeTAKServer-UI (pip) Mar 12, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks... High Unreviewed
CVE-2022-22735 was published Mar 15, 2022
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location... Critical Unreviewed
CVE-2022-0658 was published Mar 15, 2022
SQL Injection in WordPress Zero Spam WordPress plugin Critical
CVE-2022-0254 was published for bmarshall511/wordpress_zero_spam (Composer) Mar 15, 2022
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not... High Unreviewed
CVE-2022-0478 was published Mar 15, 2022
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the... Critical Unreviewed
CVE-2022-0169 was published Mar 15, 2022
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using... Critical Unreviewed
CVE-2021-25007 was published Mar 15, 2022
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the... High Unreviewed
CVE-2021-24959 was published Mar 15, 2022
DQL injection through sorting parameters blocked Critical
CVE-2022-24752 was published for sylius/grid-bundle (Composer) Mar 15, 2022
dbalabka
Credited to dbalabka
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via... Critical Unreviewed
CVE-2022-25494 was published Mar 16, 2022
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in ... Critical Unreviewed
CVE-2022-25488 was published Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in... Critical Unreviewed
CVE-2022-25490 was published Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in... High Unreviewed
CVE-2022-25491 was published Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in... Critical Unreviewed
CVE-2022-25492 was published Mar 16, 2022
Online Project Time Management System v1.0 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2022-26293 was published Mar 17, 2022
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat... High Unreviewed
CVE-2021-45821 was published Mar 17, 2022
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data... High Unreviewed
CVE-2021-45794 was published Mar 18, 2022
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. High Unreviewed
CVE-2021-45793 was published Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database