Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,527 advisories

Loading
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). High Unreviewed
CVE-2017-18406 was published May 24, 2022
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete... Critical Unreviewed
CVE-2019-14348 was published May 24, 2022
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL... Critical Unreviewed
CVE-2019-14702 was published May 24, 2022
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students... Critical Unreviewed
CVE-2019-14754 was published May 24, 2022
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription... Critical Unreviewed
CVE-2019-14801 was published May 24, 2022
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Critical Unreviewed
CVE-2019-13462 was published May 24, 2022
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an... High Unreviewed
CVE-2019-14966 was published May 24, 2022
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in... Critical Unreviewed
CVE-2019-14968 was published May 24, 2022
The liveforms plugin before 3.2.0 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9301 was published May 24, 2022
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL... Critical Unreviewed
CVE-2015-9310 was published May 24, 2022
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. Critical Unreviewed
CVE-2015-9313 was published May 24, 2022
The newstatpress plugin before 1.0.1 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9315 was published May 24, 2022
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax... Critical Unreviewed
CVE-2015-9316 was published May 24, 2022
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL... Critical Unreviewed
CVE-2016-10887 was published May 24, 2022
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL... Critical Unreviewed
CVE-2016-10888 was published May 24, 2022
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. Critical Unreviewed
CVE-2016-10889 was published May 24, 2022
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. Critical Unreviewed
CVE-2017-18515 was published May 24, 2022
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on... Critical Unreviewed
CVE-2019-15025 was published May 24, 2022
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9326 was published May 24, 2022
The visitors-online plugin before 0.4 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9325 was published May 24, 2022
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection... High Unreviewed
CVE-2019-15104 was published May 24, 2022
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL... High Unreviewed
CVE-2019-15105 was published May 24, 2022
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id... High Unreviewed
CVE-2019-14937 was published May 24, 2022
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. Critical Unreviewed
CVE-2015-9330 was published May 24, 2022
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. Moderate Unreviewed
CVE-2019-14430 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database