Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,527 advisories

Loading
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. Critical Unreviewed
CVE-2019-15571 was published May 24, 2022
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. Critical Unreviewed
CVE-2019-15573 was published May 24, 2022
The link-log plugin before 2.1 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9344 was published May 24, 2022
The wp-polls plugin before 2.72 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9352 was published May 24, 2022
The buddyforms plugin before 2.2.8 for WordPress has SQL injection. Critical Unreviewed
CVE-2018-21003 was published May 24, 2022
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE... Critical Unreviewed
CVE-2019-15659 was published May 24, 2022
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different... High Unreviewed
CVE-2015-9353 was published May 24, 2022
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers... High Unreviewed
CVE-2019-11363 was published May 24, 2022
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. Critical Unreviewed
CVE-2019-15872 was published May 24, 2022
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated... High Unreviewed
CVE-2019-5991 was published May 24, 2022
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote... High Unreviewed
CVE-2019-5996 was published May 24, 2022
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. High Unreviewed
CVE-2016-10950 was published May 24, 2022
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant... High Unreviewed
CVE-2016-10949 was published May 24, 2022
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. High Unreviewed
CVE-2016-10951 was published May 24, 2022
The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order... High Unreviewed
CVE-2017-18614 was published May 24, 2022
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. Critical Unreviewed
CVE-2019-16309 was published May 24, 2022
In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)... Critical Unreviewed
CVE-2019-16264 was published May 24, 2022
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well... Critical Unreviewed
CVE-2019-14254 was published May 24, 2022
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm... Critical Unreviewed
CVE-2019-15301 was published May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table... Critical Unreviewed
CVE-2019-16692 was published May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when... Critical Unreviewed
CVE-2019-16696 was published May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter... Critical Unreviewed
CVE-2019-16694 was published May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when... Critical Unreviewed
CVE-2019-16695 was published May 24, 2022
eBrigade before 5.0 has evenements.php cid SQL Injection. High Unreviewed
CVE-2019-16744 was published May 24, 2022
eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. High Unreviewed
CVE-2019-16743 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database