GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
184 advisories
Filter by severity
phpMyFAQ SQL Injection at "Save News"
High
CVE-2024-27299
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
High
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Protocol Message Size Overflow
High
CVE-2024-27304
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
pgx SQL Injection via Line Comment Creation
High
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
SQL Injection in Admin download files as zip
High
CVE-2024-23646
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
High
CVE-2024-22196
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Mingsoft MCMS SQL injection
High
CVE-2023-50578
was published
for
net.mingsoft:ms-mcms
(Maven)
Dec 30, 2023
MainWP Dashboard SQL Command Injection vulnerability
High
CVE-2023-38519
was published
for
mainwp/mainwp
(Composer)
Dec 20, 2023
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
High
CVE-2023-47637
was published
for
pimcore/pimcore
(Composer)
Nov 15, 2023
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
SQL injection in librenms/librenms
High
CVE-2023-5591
was published
for
librenms/librenms
(Composer)
Oct 16, 2023
FUXA SQL Injection vulnerability
High
CVE-2023-31717
was published
for
fuxa-server
(npm)
Sep 22, 2023
OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack
High
CVE-2023-41886
was published
for
org.openrefine:database
(Maven)
Sep 12, 2023
DataEase vulnerable to SQL injection
High
CVE-2023-40771
was published
for
io.dataease:dataease-plugin-common
(Maven)
Sep 1, 2023
SpringBlade vulnerable to SQL injection
High
CVE-2023-40787
was published
for
org.springblade:blade-core-tool
(Maven)
Aug 29, 2023
Daylight Studio FUEL-CMS SQLi Vulnerability
High
CVE-2020-24950
was published
for
codeigniter/framework
(Composer)
Aug 11, 2023
Pimcore vulnerable to SQL Injection in Dataobjects sorting
High
CVE-2023-3820
was published
for
pimcore/pimcore
(Composer)
Jul 21, 2023
Pimcore SQL Injection vulnerability
High
CVE-2023-3673
was published
for
pimcore/pimcore
(Composer)
Jul 14, 2023
langchain SQL Injection vulnerability
High
CVE-2023-36189
was published
for
langchain
(pip)
Jul 6, 2023
ipandlanguageredirect extension vulnerable to SQL Injection
High
CVE-2023-35782
was published
for
in2code/ipandlanguageredirect
(Composer)
Jun 16, 2023
SQL injection when using MySQL/PostgreSQL data checking
High
CVE-2023-33967
was published
for
github.com/megaease/easeprobe
(Go)
Jun 6, 2023
SQL injection in Liferay Portal
High
CVE-2023-33945
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
High
CVE-2023-2756
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 17, 2023
Moodle SQL Injection vulnerability
High
CVE-2023-30944
was published
for
moodle/moodle
(Composer)
May 2, 2023
SQL Injection in AssetController
High
CVE-2023-2338
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
ProTip!
Advisories are also available from the
GraphQL API