Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6,377 advisories

Loading
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component... High Unreviewed
CVE-2021-46459 was published Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator... High Unreviewed
CVE-2022-24264 was published Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator... High Unreviewed
CVE-2022-24266 was published Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator... High Unreviewed
CVE-2022-24265 was published Feb 1, 2022
Mingsoft MCMS SQL injection vulnerability High
CVE-2021-46383 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability High
CVE-2021-46385 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this... High Unreviewed
CVE-2021-45803 was published Jan 26, 2022
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order... High Unreviewed
CVE-2021-24865 was published Jan 25, 2022
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the... High Unreviewed
CVE-2021-24858 was published Jan 25, 2022
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id... High Unreviewed
CVE-2021-25045 was published Jan 25, 2022
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100,... High Unreviewed
CVE-2021-4088 was published Jan 25, 2022
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution... High Unreviewed
CVE-2021-44593 was published Jan 22, 2022
SQL Injection in dolibarr High
CVE-2022-0224 was published for dolibarr/dolibarr (Composer) Jan 21, 2022
pimcore is vulnerable to SQL Injection High
CVE-2022-0258 was published for pimcore/pimcore (Composer) Jan 21, 2022
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet"... High Unreviewed
CVE-2022-23046 was published Jan 20, 2022
SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. High Unreviewed
CVE-2021-38694 was published Jan 19, 2022
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql'... High Unreviewed
CVE-2021-45406 was published Jan 15, 2022
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a... High Unreviewed
CVE-2021-43971 was published Jan 12, 2022
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its... High Unreviewed
CVE-2021-24862 was published Jan 11, 2022
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and... High Unreviewed
CVE-2021-25054 was published Jan 11, 2022
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build... High Unreviewed
CVE-2020-28679 was published Jan 11, 2022
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the ... High Unreviewed
CVE-2021-24786 was published Jan 4, 2022
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text... High Unreviewed
CVE-2021-25030 was published Jan 4, 2022
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not... High Unreviewed
CVE-2021-25023 was published Jan 4, 2022
Telephony application has a SQL Injection vulnerability.Successful exploitation of this... High Unreviewed
CVE-2021-39978 was published Jan 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database