GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Privilege Escalation due to Blind NoSQL Injection in flintcms
Critical
CVE-2018-3783
was published
for
flintcms
(npm)
Aug 21, 2018
SQL Injection and Cross-site Scripting in class-validator
Critical
CVE-2019-18413
was published
for
class-validator
(npm)
Oct 12, 2021
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Critical
CVE-2022-35942
was published
for
loopback-connector-postgresql
(npm)
Aug 11, 2022
Sequelize vulnerable to SQL Injection via replacements
Critical
CVE-2023-25813
was published
for
sequelize
(npm)
Feb 22, 2023
feathers-sequelize contains improper input validation leading to SQL injection
Critical
CVE-2022-2422
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
SQL Injection via GeoJSON in sequelize
Critical
CVE-2016-1000225
was published
for
sequelize
(npm)
Sep 1, 2020
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Critical
CVE-2022-29822
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
nodebatis SQL Injection vulnerability
Critical
CVE-2018-25066
was published
for
nodebatis
(npm)
Jan 6, 2023
FUXA SQL Injection vulnerability
Critical
CVE-2023-31719
was published
for
fuxa-server
(npm)
Sep 22, 2023
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Critical
CVE-2024-27298
was published
for
parse-server
(npm)
Mar 1, 2024
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
ProTip!
Advisories are also available from the
GraphQL API