GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
SQL injection vulnerability in the policy admin tool in Apache Ranger
High
CVE-2016-2174
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Rating Script Service expose XWiki to SQL injection
High
CVE-2021-21380
was published
for
org.xwiki.platform:xwiki-platform-ratings-api
(Maven)
Mar 23, 2021
SQL injection in Apache DolphinScheduler
High
CVE-2021-27644
was published
for
org.apache.dolphinscheduler:dolphinscheduler-server
(Maven)
Nov 3, 2021
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46385
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46383
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
SQL injection in hibernate-core
High
CVE-2020-25638
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 9, 2022
SQL Injection in elide-datastore-aggregation
High
CVE-2022-24827
was published
for
com.yahoo.elide:elide-datastore-aggregation
(Maven)
Apr 8, 2022
Apache OpenMeetings vulnerable to SQL injection
High
CVE-2017-7681
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
SQL injection in jflyfox jfinal
High
CVE-2022-30500
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
May 27, 2022
SQL Injection found in Dataease
High
CVE-2022-34114
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jul 23, 2022
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
High
CVE-2022-31197
was published
for
org.postgresql:postgresql
(Maven)
Aug 6, 2022
jeecg-boot contains SQL Injection vulnerability
High
CVE-2023-24789
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 6, 2023
SQL injection in Liferay Portal
High
CVE-2023-33945
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
SpringBlade vulnerable to SQL injection
High
CVE-2023-40787
was published
for
org.springblade:blade-core-tool
(Maven)
Aug 29, 2023
DataEase vulnerable to SQL injection
High
CVE-2023-40771
was published
for
io.dataease:dataease-plugin-common
(Maven)
Sep 1, 2023
OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack
High
CVE-2023-41886
was published
for
org.openrefine:database
(Maven)
Sep 12, 2023
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
Mingsoft MCMS SQL injection
High
CVE-2023-50578
was published
for
net.mingsoft:ms-mcms
(Maven)
Dec 30, 2023
Hazelcast Platform permission checking in CSV File Source connector
High
CVE-2023-45860
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 16, 2024
Apache Submarine Server Core has a SQL Injection Vulnerability
High
CVE-2024-36263
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
JeecgBoot SQL Injection vulnerability
High
CVE-2024-48307
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Oct 31, 2024
Duplicate Advisory: Querydsl SQL/HQL injection
High
GHSA-wpvf-5mc3-hv6m
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
•
withdrawn
Querydsl vulnerable to HQL injection trough orderBy
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 27, 2024
ProTip!
Advisories are also available from the
GraphQL API