Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,628 advisories

Loading
Array data injection vulnerability in activerecord Moderate
CVE-2014-0080 was published for activerecord (RubyGems) Oct 24, 2017
Active Record vulnerable to SQL Injection via nested query parameters Moderate
CVE-2012-2661 was published for activerecord (RubyGems) Oct 24, 2017
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA Moderate
CVE-2019-3797 was published for org.springframework.data:spring-data-jpa (Maven) May 14, 2019
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
Data leakage via SQL Injection in Pimcore Moderate
CVE-2019-10763 was published for pimcore/pimcore (Composer) Dec 2, 2019
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
SQL Injection in Kylin Moderate
CVE-2020-1937 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
SQL Injection in moodle Moderate
CVE-2020-25700 was published for moodle/moodle (Composer) Mar 29, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19026 was published for github.com/goharbor/harbor (Go) May 18, 2021
SQL Injection in tribalsystems/zenario Moderate
CVE-2021-27672 was published for tribalsystems/zenario (Composer) Jun 8, 2021
SQL Injection in gogs.io/gogs Moderate
CVE-2014-8681 was published for github.com/gogits/gogs (Go) Jun 29, 2021
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the... Moderate Unreviewed
CVE-2021-44050 was published Dec 3, 2021
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before... Moderate Unreviewed
CVE-2021-41843 was published Dec 18, 2021
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated... Moderate Unreviewed
CVE-2021-21926 was published Dec 23, 2021
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection... Moderate Unreviewed
CVE-2021-25037 was published Jan 18, 2022
SQL Injection in showdoc Moderate
CVE-2022-0362 was published for showdoc/showdoc (Composer) Jan 27, 2022
SQL injection in github.com/navidrome/navidrome Moderate
CVE-2022-23857 was published for github.com/navidrome/navidrome (Go) Jan 27, 2022
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access... Moderate Unreviewed
CVE-2021-24928 was published Feb 8, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which... Moderate Unreviewed
CVE-2021-42633 was published Feb 8, 2022
SQL Injection in Spring Cloud Task Moderate
CVE-2020-5428 was published for org.springframework.cloud:spring-cloud-task-dependencies (Maven) Feb 9, 2022
SQL Injection in Hibernate ORM Moderate
CVE-2019-14900 was published for org.hibernate:hibernate-core (Maven) Feb 10, 2022
mpihelgas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database