Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,534 advisories

Loading
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. High Unreviewed
CVE-2021-45793 was published Mar 18, 2022
SQL Injection in tribalsystems/zenario Critical
CVE-2021-26830 was published for tribalsystems/zenario (Composer) Mar 18, 2022
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV... High Unreviewed
CVE-2022-25607 was published Mar 19, 2022
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability,... Critical Unreviewed
CVE-2022-0757 was published Mar 19, 2022
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which... Critical Unreviewed
CVE-2021-44088 was published Mar 19, 2022
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. High Unreviewed
CVE-2022-26266 was published Mar 20, 2022
Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is... High Unreviewed
CVE-2021-44345 was published Mar 21, 2022
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id... Critical Unreviewed
CVE-2022-0747 was published Mar 22, 2022
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id... Critical Unreviewed
CVE-2022-0760 was published Mar 22, 2022
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST... Critical Unreviewed
CVE-2022-0739 was published Mar 22, 2022
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the... Critical Unreviewed
CVE-2022-0694 was published Mar 22, 2022
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in ... Critical Unreviewed
CVE-2022-25505 was published Mar 22, 2022
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column... Critical Unreviewed
CVE-2022-25517 was published Mar 23, 2022
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username... Critical Unreviewed
CVE-2021-43650 was published Mar 23, 2022
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated... High Unreviewed
CVE-2022-0386 was published Mar 23, 2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2022-26283 was published Mar 23, 2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2022-26285 was published Mar 23, 2022
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via... Critical Unreviewed
CVE-2022-26284 was published Mar 23, 2022
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries... Critical Unreviewed
CVE-2022-25222 was published Mar 24, 2022
Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries... Moderate Unreviewed
CVE-2022-25223 was published Mar 24, 2022
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier... Critical Unreviewed
CVE-2021-27468 was published Mar 24, 2022
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation... Critical Unreviewed
CVE-2021-27472 was published Mar 24, 2022
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier... Critical Unreviewed
CVE-2021-27464 was published Mar 24, 2022
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. Critical Unreviewed
CVE-2021-43735 was published Mar 24, 2022
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed
CVE-2022-0842 was published Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database