GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
113 advisories
Filter by severity
SQL Injection in usmanhalalit/pixie
Critical
CVE-2019-10766
was published
for
usmanhalalit/pixie
(Composer)
Nov 20, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
SQL injection in Centreon
Critical
CVE-2019-16194
was published
for
centreon/centreon
(Composer)
Feb 11, 2020
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Critical
CVE-2023-22727
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
SQL Injection in WordPress Zero Spam WordPress plugin
Critical
CVE-2022-0254
was published
for
bmarshall511/wordpress_zero_spam
(Composer)
Mar 15, 2022
DQL injection through sorting parameters blocked
Critical
CVE-2022-24752
was published
for
sylius/grid-bundle
(Composer)
Mar 15, 2022
SQL Injection in ImpressCMS
Critical
CVE-2021-26599
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
SQL injection in pagekit/pagekit
Critical
CVE-2021-44135
was published
for
pagekit/pagekit
(Composer)
Apr 2, 2022
SQL Injection in RosarioSIS
Critical
CVE-2022-2067
was published
for
francoisjacquet/rosariosis
(Composer)
Jun 14, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
Critical
CVE-2022-35628
was published
for
in2code/lux
(Composer)
Jul 15, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4
Critical
CVE-2022-36408
was published
for
prestashop/prestashop
(Composer)
Jul 23, 2022
•
withdrawn
PrestaShop eval injection possible if shop vulnerable to SQL injection
Critical
CVE-2022-31181
was published
for
prestashop/prestashop
(Composer)
Jul 29, 2022
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Critical
CVE-2014-125051
was published
for
himiklab/yii2-jqgrid-widget
(Composer)
Jan 6, 2023
laravel-jqgrid vulnerable to SQL Injection
Critical
CVE-2021-4262
was published
for
mgallegos/laravel-jqgrid
(Composer)
Dec 19, 2022
SQL Injection in SimpleSAMLphp
Critical
CVE-2019-15537
was published
for
cesnet/simplesamlphp-module-proxystatistics
(Composer)
Nov 8, 2019
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Critical
CVE-2021-28381
was published
for
fluidtypo3/vhs
(Composer)
Mar 29, 2021
SQL Injection in NukeViet
Critical
CVE-2019-7726
was published
for
nukeviet/nukeviet
(Composer)
Jun 22, 2021
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Critical
CVE-2021-21427
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
SQL injection in TYPO3 extension
Critical
CVE-2021-38302
was published
for
ecodev/newsletter
(Composer)
Sep 2, 2021
SQL Injection in topthink/thinkphp
Critical
CVE-2020-20120
was published
for
topthink/thinkphp
(Composer)
Sep 30, 2021
SQL Injection in rosariosis
Critical
CVE-2021-44427
was published
for
francoisjacquet/rosariosis
(Composer)
Dec 2, 2021
Centreon vulnerable to SQL Injection
Critical
CVE-2022-3827
was published
for
centreon/centreon
(Composer)
Nov 2, 2022
phpmyadmin contains SQL Injection vulnerability
Critical
CVE-2020-22452
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 26, 2023
SQL injection in Moodle
Critical
CVE-2022-0332
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
ProTip!
Advisories are also available from the
GraphQL API