Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,527 advisories

Loading
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter... Critical Unreviewed
CVE-2019-10687 was published May 24, 2022
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. Critical Unreviewed
CVE-2015-9335 was published May 24, 2022
The email-newsletter plugin through 20.15 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9334 was published May 24, 2022
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search... Critical Unreviewed
CVE-2016-10917 was published May 24, 2022
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a... Critical Unreviewed
CVE-2016-10916 was published May 24, 2022
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. Critical Unreviewed
CVE-2016-10921 was published May 24, 2022
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete... Critical Unreviewed
CVE-2017-18570 was published May 24, 2022
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4... Critical Unreviewed
CVE-2017-18571 was published May 24, 2022
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL... High Unreviewed
CVE-2019-12385 was published May 24, 2022
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. Critical Unreviewed
CVE-2019-15536 was published May 24, 2022
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. Critical Unreviewed
CVE-2019-15533 was published May 24, 2022
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php,... Critical Unreviewed
CVE-2019-15555 was published May 24, 2022
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java,... Critical Unreviewed
CVE-2019-15558 was published May 24, 2022
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. Critical Unreviewed
CVE-2019-15557 was published May 24, 2022
DianoxDragon Hawn before 2019-07-10 allows SQL injection. Critical Unreviewed
CVE-2019-15559 was published May 24, 2022
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. Critical Unreviewed
CVE-2019-15560 was published May 24, 2022
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. Critical Unreviewed
CVE-2019-15561 was published May 24, 2022
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models... Critical Unreviewed
CVE-2019-15564 was published May 24, 2022
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider... Critical Unreviewed
CVE-2019-15566 was published May 24, 2022
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. Critical Unreviewed
CVE-2019-15565 was published May 24, 2022
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection... Critical Unreviewed
CVE-2019-15568 was published May 24, 2022
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. Critical Unreviewed
CVE-2019-15572 was published May 24, 2022
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to... Critical Unreviewed
CVE-2019-15569 was published May 24, 2022
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. Critical Unreviewed
CVE-2019-15567 was published May 24, 2022
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. Critical Unreviewed
CVE-2019-15574 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database