GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
485 advisories
Filter by severity
Querydsl SQL/HQL injection
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
Decidim-Awesome has SQL injection in AdminAccountability
High
CVE-2024-43415
was published
for
decidim-decidim_awesome
(RubyGems)
Nov 12, 2024
Devtron has SQL Injection in CreateUser API
High
CVE-2024-45794
was published
for
github.com/devtron-labs/devtron
(Go)
Nov 7, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor
Moderate
CVE-2024-43436
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
JeecgBoot SQL Injection vulnerability
High
CVE-2024-48307
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Oct 31, 2024
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
@langchain/community SQL Injection vulnerability
Low
CVE-2024-7042
was published
for
@langchain/community
(npm)
Oct 29, 2024
SQL injection in funadmin
High
CVE-2024-48229
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48230
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48223
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48222
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48226
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48218
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48225
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48224
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48231
was published
for
funadmin/funadmin
(Composer)
Oct 21, 2024
MySQL Connector/Python connector takeover vulnerability
High
CVE-2024-21272
was published
for
mysql-connector-python
(pip)
Oct 15, 2024
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
High
GHSA-wq9x-qwcq-mmgf
was published
for
diesel
(Rust)
Aug 23, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query
Moderate
GHSA-fpgj-cr28-fvpx
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 21, 2024
LF Edge eKuiper has a SQL Injection in sqlKvStore
High
CVE-2024-43406
was published
for
ekuiper
(Go)
Aug 20, 2024
SQL injection in github.com/stashapp/stash
Critical
CVE-2024-32231
was published
for
github.com/stashapp/stash
(Go)
Aug 15, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations
Moderate
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
Django SQL injection vulnerability
Critical
CVE-2024-42005
was published
for
Django
(pip)
Aug 7, 2024
rudder-server is vulnerable to SQL injection
Critical
CVE-2023-30625
was published
for
github.com/rudderlabs/rudder-server
(Go)
Aug 5, 2024
ProTip!
Advisories are also available from the
GraphQL API