GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
Data leakage via SQL Injection in Pimcore
Moderate
CVE-2019-10763
was published
for
pimcore/pimcore
(Composer)
Dec 2, 2019
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
Moderate
CVE-2022-41703
was published
for
apache-superset
(pip)
Jan 16, 2023
SQL Injection in FreeTAKServer-UI
Moderate
CVE-2022-25506
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA
Moderate
CVE-2016-6652
was published
for
org.springframework.data:spring-data-jpa
(Maven)
May 17, 2022
update_by_case before 0.1.3 can be vulnerable to sql injection
Moderate
CVE-2022-35956
was published
for
update_by_case
(RubyGems)
Aug 11, 2022
Matrix-appservice-irc vulnerable to sql injection via roomIds argument
Moderate
CVE-2022-3971
was published
for
matrix-appservice-irc
(npm)
Nov 13, 2022
a12nserver vulnerable to potential SQL Injections via Knex dependency
Moderate
GHSA-crhg-xgrg-vvcc
was published
for
@curveball/a12n-server
(npm)
Jan 13, 2023
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
Moderate
CVE-2019-3797
was published
for
org.springframework.data:spring-data-jpa
(Maven)
May 14, 2019
SQL Injection in Kylin
Moderate
CVE-2020-1937
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
SQL Injection in Spring Cloud Task
Moderate
CVE-2020-5428
was published
for
org.springframework.cloud:spring-cloud-task-dependencies
(Maven)
Feb 9, 2022
SQL Injection in tribalsystems/zenario
Moderate
CVE-2021-27672
was published
for
tribalsystems/zenario
(Composer)
Jun 8, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19026
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Jeecg-boot vulnerable to SQL Injection
Moderate
CVE-2022-45210
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 25, 2022
Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin
Moderate
CVE-2022-45208
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 25, 2022
SQL Injection in showdoc
Moderate
CVE-2022-0362
was published
for
showdoc/showdoc
(Composer)
Jan 27, 2022
SQL injection in github.com/navidrome/navidrome
Moderate
CVE-2022-23857
was published
for
github.com/navidrome/navidrome
(Go)
Jan 27, 2022
katello SQL Injection vulnerability
Moderate
CVE-2018-14623
was published
for
katello
(RubyGems)
May 13, 2022
Pimcore Remote Code Execution vulnerability in Search function
Moderate
CVE-2023-1578
was published
for
pimcore/pimcore
(Composer)
Mar 22, 2023
Pimcore vulnerable to improper quoting of filters in Custom Reports
Moderate
CVE-2023-28438
was published
for
pimcore/pimcore
(Composer)
Mar 22, 2023
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
Moderate
CVE-2023-0620
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
ProTip!
Advisories are also available from the
GraphQL API