Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,162 advisories

Loading
Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations... High Unreviewed
CVE-2024-8055 was published Mar 20, 2025
Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting... High Unreviewed
CVE-2024-7764 was published Mar 20, 2025
LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions High
CVE-2024-12911 was published for llama-index (pip) Mar 20, 2025
Improper neutralization of special elements used in an SQL command ('SQL Injection')... High Unreviewed
CVE-2024-50631 was published Mar 19, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26976 was published Mar 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26978 was published Mar 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-27281 was published Mar 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26886 was published Mar 16, 2025
Saved search functionality contains a blind SQL injection that can be exploited by authenticated... High Unreviewed
CVE-2024-54447 was published Mar 14, 2025
Logout functionality contains a blind SQL injection that can be exploited by unauthenticated... High Unreviewed
CVE-2024-12245 was published Mar 14, 2025
Login functionality contains a blind SQL injection that can be exploited by unauthenticated... High Unreviewed
CVE-2024-54445 was published Mar 14, 2025
Document history functionality contains a blind SQL injection that can be exploited by... High Unreviewed
CVE-2024-54446 was published Mar 14, 2025
The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ... High Unreviewed
CVE-2025-2221 was published Mar 14, 2025
The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql'... High Unreviewed
CVE-2024-13321 was published Mar 14, 2025
The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text'... High Unreviewed
CVE-2025-2106 was published Mar 13, 2025
The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id'... High Unreviewed
CVE-2025-2107 was published Mar 13, 2025
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2025-1323 was published Mar 8, 2025
The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2025-0959 was published Mar 7, 2025
The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13320 was published Mar 7, 2025
Improper Validation of Syntactic Correctness of Input vulnerability in Finder Fire Safety Finder... High Unreviewed
CVE-2024-12146 was published Mar 6, 2025
A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232.... High Unreviewed
CVE-2024-42844 was published Mar 6, 2025
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... High Unreviewed
CVE-2025-1702 was published Mar 5, 2025
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. High Unreviewed
CVE-2025-25426 was published Mar 5, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-9149 was published Mar 4, 2025
A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column... High Unreviewed
CVE-2024-51962 was published Mar 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database