Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

113 advisories

Loading
Admidio has Blind SQL Injection in ecard_send.php Critical
CVE-2024-37906 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema
Craft CMS SQL injection vulnerability via the GraphQL API endpoint Critical
CVE-2024-37843 was published for craftcms/cms (Composer) Jun 25, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql Critical
GHSA-qf36-fx9f-232x was published for zendframework/zendframework1 (Composer) Jun 7, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
Blind SQL injection in shopware Critical
CVE-2024-22406 was published for shopware/core (Composer) Jan 17, 2024
PrestaShop SQL manager vulnerability Critical
CVE-2023-39526 was published for prestashop/prestashop (Composer) Aug 9, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager" Critical
CVE-2023-30839 was published for prestashop/prestashop (Composer) Apr 25, 2023
truff77
Withdrawn: SQL injection in Yii 2 Critical
CVE-2023-26750 was published for yiisoft/yii2 (Composer) Apr 4, 2023 withdrawn
ccchapman iBotPeaches
Funadmin vulnerable to SQL injection Critical
CVE-2023-24774 was published for funadmin/funadmin (Composer) Mar 10, 2023
SQL Injection in Funadmin Critical
CVE-2023-24777 was published for funadmin/funadmin (Composer) Mar 9, 2023
SQL Injection in Funadmin Critical
CVE-2023-24782 was published for funadmin/funadmin (Composer) Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24773 was published for funadmin/funadmin (Composer) Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24780 was published for funadmin/funadmin (Composer) Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24775 was published for funadmin/funadmin (Composer) Mar 7, 2023
SQL Injection in Funadmin Critical
CVE-2023-24781 was published for funadmin/funadmin (Composer) Mar 7, 2023
Moodle SQL Injection vulnerability Critical
CVE-2021-36392 was published for moodle/moodle (Composer) Mar 6, 2023
ProTip! Advisories are also available from the GraphQL API