GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Mautic SQL Injection in dynamic Reports
Moderate
CVE-2022-25775
was published
for
mautic/core
(Composer)
Apr 12, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
SQL Injection in the KubeClarity REST API
Moderate
CVE-2024-39909
was published
for
github.com/openclarity/kubeclarity/backend
(Go)
Jul 12, 2024
SQL Injection vulnerability in Reportico Till
Moderate
CVE-2023-47438
was published
for
reportico-web/reportico
(Composer)
Mar 28, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query
Moderate
GHSA-fpgj-cr28-fvpx
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 21, 2024
EGroupware mishandles an ORDER BY clause
Moderate
CVE-2024-40614
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2024
dbt has an implicit override for built-in materializations from installed packages
Moderate
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Moderate
CVE-2024-39677
was published
for
NHibernate
(NuGet)
Jul 8, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35182
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35181
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
Apache Superset vulnerable to improper SQL authorization
Moderate
CVE-2024-39887
was published
for
apache-superset
(pip)
Jul 16, 2024
SQL Injection in Hibernate ORM
Moderate
CVE-2019-14900
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 10, 2022
SQL Injection in TYPO3 Frontend Login
Moderate
GHSA-j86x-pjmr-9m6w
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Magento Injection vulnerability via email templates
Moderate
CVE-2019-8143
was published
for
magento/community-edition
(Composer)
May 24, 2022
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
LibreNMS SQL Injection vulnerability
Moderate
CVE-2020-15873
was published
for
librenms/librenms
(Composer)
May 24, 2022
phpMyAdmin SQL injection vulnerability
Moderate
CVE-2020-10803
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Moderate
CVE-2024-32872
was published
for
Plumber.Workflow
(NuGet)
Apr 24, 2024
Moodle vulnerable to SQL Injection
Moderate
CVE-2023-35132
was published
for
moodle/moodle
(Composer)
Jun 22, 2023
SQL injection in Folio Spring Module Core
Moderate
CVE-2022-4963
was published
for
org.folio:spring-module-core
(Maven)
Mar 21, 2024
Blind SQL Injection with privileged Cloud Foundry UAA endpoints
Moderate
CVE-2017-4974
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Apache Derby SQL Injection
Moderate
CVE-2006-7217
was published
for
org.apache.derby:derby
(Maven)
May 1, 2022
Typo3 Backend History Module Vulnerable to SQL Injection
Moderate
CVE-2012-6144
was published
for
typo3/cms
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API