Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,518 advisories

Loading
PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via... Critical Unreviewed
CVE-2023-31671 was published Jun 14, 2023
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax... Critical Unreviewed
CVE-2023-30150 was published Jun 14, 2023
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. Moderate Unreviewed
CVE-2023-34626 was published Jun 15, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-2080 was published Jun 16, 2023
Thinking Software Efence login function has insufficient validation for user input. An... Critical Unreviewed
CVE-2023-32754 was published Jun 16, 2023
Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. Critical Unreviewed
CVE-2023-34548 was published Jun 16, 2023
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL... High Unreviewed
CVE-2023-35811 was published Jun 18, 2023
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a... High Unreviewed
CVE-2023-2221 was published Jun 19, 2023
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not... Moderate Unreviewed
CVE-2023-2527 was published Jun 19, 2023
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and... High Unreviewed
CVE-2023-2492 was published Jun 19, 2023
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id`... High Unreviewed
CVE-2023-2719 was published Jun 19, 2023
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[]... High Unreviewed
CVE-2023-2805 was published Jun 19, 2023
Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin ... Critical Unreviewed
CVE-2022-47586 was published Jun 19, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-2907 was published Jun 19, 2023
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute... Critical Unreviewed
CVE-2020-20413 was published Jun 20, 2023
SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access... High Unreviewed
CVE-2020-20636 was published Jun 20, 2023
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute... High Unreviewed
CVE-2020-20491 was published Jun 20, 2023
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2020-21486 was published Jun 20, 2023
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. Critical Unreviewed
CVE-2023-34600 was published Jun 20, 2023
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute... High Unreviewed
CVE-2020-21400 was published Jun 20, 2023
Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-34601 was published Jun 22, 2023
Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions. High Unreviewed
CVE-2022-47614 was published Jun 23, 2023
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the ... Critical Unreviewed
CVE-2023-3197 was published Jun 24, 2023
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by... High Unreviewed
CVE-2023-36663 was published Jun 25, 2023
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data... High Unreviewed
CVE-2023-34418 was published Jun 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database