Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,243 advisories

Loading
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.... Critical Unreviewed
CVE-2024-33960 was published Aug 6, 2024
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.... Critical Unreviewed
CVE-2024-33959 was published Aug 6, 2024
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit... Critical Unreviewed
CVE-2024-33958 was published Aug 6, 2024
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit... Critical Unreviewed
CVE-2024-33957 was published Aug 6, 2024
rudder-server is vulnerable to SQL injection Critical
CVE-2023-30625 was published for github.com/rudderlabs/rudder-server (Go) Aug 5, 2024
SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an... Critical Unreviewed
CVE-2024-40498 was published Aug 5, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly... Critical Unreviewed
CVE-2024-38889 was published Aug 2, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-6699 was published Jul 30, 2024
pREST vulnerable to jwt bypass + sql injection Critical
GHSA-wm25-j4gw-6vr3 was published for github.com/prest/prest (Go) Jul 30, 2024
mihail8531
Credited to mihail8531
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL... Critical Unreviewed
CVE-2024-41702 was published Jul 30, 2024
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2024-5765 was published Jul 30, 2024
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-5975 was published Jul 30, 2024
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to... Critical Unreviewed
CVE-2024-37858 was published Jul 29, 2024
Admidio has Blind SQL Injection in ecard_send.php Critical
CVE-2024-37906 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema
Credited to UmerAdeemCheema
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation... Critical Unreviewed
CVE-2024-7202 was published Jul 29, 2024
The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation... Critical Unreviewed
CVE-2024-7201 was published Jul 29, 2024
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via... Critical Unreviewed
CVE-2024-41551 was published Jul 24, 2024
SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote... Critical Unreviewed
CVE-2024-40502 was published Jul 22, 2024
EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability... Critical Unreviewed
CVE-2024-39250 was published Jul 22, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-38773 was published Jul 22, 2024
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6205 was published Jul 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-0857 was published Jul 18, 2024
1Panel has an SQL injection issue related to the orderBy clause Critical
CVE-2024-39907 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2024
xuebibibibibi
Credited to xuebibibibibi
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter... Critical Unreviewed
CVE-2024-40456 was published Jul 16, 2024
SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap... Critical Unreviewed
CVE-2024-40392 was published Jul 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database