Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Navidrome has Multiple SQL Injections and ORM Leak Critical
CVE-2024-47062 was published for github.com/navidrome/navidrome (Go) Sep 20, 2024
snyff
CWA-2024-006: wasmd non-deterministic module_query_safe query Moderate
GHSA-fpgj-cr28-fvpx was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
amimart
LF Edge eKuiper has a SQL Injection in sqlKvStore High
CVE-2024-43406 was published for ekuiper (Go) Aug 20, 2024
leonnewton
SQL injection in github.com/stashapp/stash Critical
CVE-2024-32231 was published for github.com/stashapp/stash (Go) Aug 15, 2024
rudder-server is vulnerable to SQL injection High
CVE-2023-30625 was published for github.com/rudderlabs/rudder-server (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35182 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35181 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Meshery SQL Injection vulnerability High
CVE-2024-29031 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
pREST vulnerable to jwt bypass + sql injection Critical
GHSA-wm25-j4gw-6vr3 was published for github.com/prest/prest (Go) Jul 30, 2024
mihail8531
1Panel has an SQL injection issue related to the orderBy clause Critical
CVE-2024-39907 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2024
xuebibibibibi
SQL Injection in the KubeClarity REST API Moderate
CVE-2024-39909 was published for github.com/openclarity/kubeclarity/backend (Go) Jul 12, 2024
b-abderrahmane
pgproto3 SQL Injection via Protocol Message Size Overflow High
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Line Comment Creation High
CVE-2024-27289 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana (Go) Jan 31, 2024
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) High
CVE-2024-22196 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf
SQL injection vulnerability in Meshery Critical
CVE-2023-46575 was published for github.com/layer5io/meshery (Go) Nov 24, 2023
MarkLee131
Flyte Admin SQL Injection in List Filters Low
CVE-2023-41891 was published for github.com/flyteorg/flyteadmin (Go) Oct 27, 2023
Sanjana-Sarda
SQL injection when using MySQL/PostgreSQL data checking High
CVE-2023-33967 was published for github.com/megaease/easeprobe (Go) Jun 6, 2023
oxeye-gal oxeye-daniel
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File Moderate
CVE-2023-0620 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
oxeye-daniel
rttys SQL Injection vulnerability High
CVE-2022-38867 was published for github.com/zhaojh329/rttys (Go) Feb 16, 2023
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection High
CVE-2022-45786 was published for apache-age-python (Go) Feb 4, 2023
oscerd
Squalor SQL Injection vulnerability Critical
CVE-2020-36645 was published for github.com/square/squalor (Go) Jan 7, 2023
gosqljson SQL Injection vulnerability Critical
CVE-2014-125064 was published for github.com/elgs/gosqljson (Go) Jan 7, 2023
owncast is vulnerable to SQL Injection Critical
CVE-2022-3751 was published for github.com/owncast/owncast (Go) Nov 29, 2022
ProTip! Advisories are also available from the GraphQL API