GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
184 advisories
Filter by severity
SQL injection in ImpressCMS
High
CVE-2022-26986
was published
for
impresscms/impresscms
(Composer)
Apr 6, 2022
SQL Injection in Dolibarr
High
CVE-2021-36625
was published
for
dolibarr/dolibarr
(Composer)
Apr 1, 2022
SQL Injection in Yeswiki
High
CVE-2021-43091
was published
for
yeswiki/yeswiki
(Composer)
Mar 26, 2022
SQL Injection in Fork CMS
High
CVE-2022-1064
was published
for
forkcms/forkcms
(Composer)
Mar 26, 2022
SQL Injection in Fork CMS
High
CVE-2022-0153
was published
for
forkcms/forkcms
(Composer)
Mar 25, 2022
Moodle Blind SQL injection possible via MNet authentication
High
CVE-2021-32474
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Pivotal Concourse SQL Injection Vulnerability
High
CVE-2019-3792
was published
for
github.com/concourse/concourse
(Go)
Feb 15, 2022
Possible SQL injection in tablelookupwizard Contao Extension
High
GHSA-v3mr-gp7j-pw5w
was published
for
terminal42/contao-tablelookupwizard
(Composer)
Feb 10, 2022
SQL injection in hibernate-core
High
CVE-2020-25638
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 9, 2022
SQL Injection in Casdoor
High
CVE-2022-24124
was published
for
github.com/casdoor/casdoor
(Go)
Feb 1, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46383
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46385
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
SQL Injection in dolibarr
High
CVE-2022-0224
was published
for
dolibarr/dolibarr
(Composer)
Jan 21, 2022
pimcore is vulnerable to SQL Injection
High
CVE-2022-0258
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
SQL injection in jackalope/jackalope-doctrine-dbal
High
CVE-2021-43822
was published
for
jackalope/jackalope-doctrine-dbal
(Composer)
Dec 14, 2021
SQL injection in prestashop/prestashop
High
CVE-2021-43789
was published
for
prestashop/prestashop
(Composer)
Dec 7, 2021
SQL injection in Apache DolphinScheduler
High
CVE-2021-27644
was published
for
org.apache.dolphinscheduler:dolphinscheduler-server
(Maven)
Nov 3, 2021
Content object state fetch functions open to SQL injection
High
GHSA-jpwx-ffjq-wr4w
was published
for
ezsystems/ezpublish-legacy
(Composer)
Sep 7, 2021
Unauthenticated SQL Injection in Cachet
High
CVE-2021-39165
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
SQL injection in pimcore/pimcore
High
CVE-2021-23405
was published
for
pimcore/pimcore
(Composer)
Jul 13, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
High
CVE-2019-19029
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API