GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
210 advisories
Filter by severity
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Critical
CVE-2022-34265
was published
for
Django
(pip)
Jul 5, 2022
SQL injection in github.com/stashapp/stash
Critical
CVE-2024-32231
was published
for
github.com/stashapp/stash
(Go)
Aug 15, 2024
Django SQL injection vulnerability
Critical
CVE-2024-42005
was published
for
Django
(pip)
Aug 7, 2024
Jeecg Boot SQL injection vulnerability
Critical
CVE-2023-41542
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
Admidio has Blind SQL Injection in ecard_send.php
Critical
CVE-2024-37906
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Critical
CVE-2024-37843
was published
for
craftcms/cms
(Composer)
Jun 25, 2024
NASA AIT-Core vulnerable to SQL Injection
Critical
CVE-2024-35056
was published
for
ait-core
(pip)
May 21, 2024
PyMySQL SQL Injection vulnerability
Critical
CVE-2024-36039
was published
for
pymysql
(pip)
May 21, 2024
Duplicate Advisory: SQL injection in pgjdbc
Critical
GHSA-xfg6-62px-cxc2
was published
for
org.postgresql:postgresql
(Maven)
Feb 19, 2024
•
withdrawn
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Critical
CVE-2023-25330
was published
for
com.baomidou:mybatis-plus
(Maven)
Apr 5, 2023
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API