GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
244 advisories
Filter by severity
SQL Injection in usmanhalalit/pixie
Critical
CVE-2019-10766
was published
for
usmanhalalit/pixie
(Composer)
Nov 20, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Data leakage via SQL Injection in Pimcore
Moderate
CVE-2019-10763
was published
for
pimcore/pimcore
(Composer)
Dec 2, 2019
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
SQL injection in Centreon
Critical
CVE-2019-16194
was published
for
centreon/centreon
(Composer)
Feb 11, 2020
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
High
GHSA-4mg9-vhxq-vm7j
was published
for
illuminate/database
(Composer)
Apr 29, 2021
Content object state fetch functions open to SQL injection
High
GHSA-jpwx-ffjq-wr4w
was published
for
ezsystems/ezpublish-legacy
(Composer)
Sep 7, 2021
Possible SQL injection in tablelookupwizard Contao Extension
High
GHSA-v3mr-gp7j-pw5w
was published
for
terminal42/contao-tablelookupwizard
(Composer)
Feb 10, 2022
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Critical
CVE-2023-22727
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
SQL Injection in WordPress Zero Spam WordPress plugin
Critical
CVE-2022-0254
was published
for
bmarshall511/wordpress_zero_spam
(Composer)
Mar 15, 2022
DQL injection through sorting parameters blocked
Critical
CVE-2022-24752
was published
for
sylius/grid-bundle
(Composer)
Mar 15, 2022
SQL Injection in Yeswiki
High
CVE-2021-43091
was published
for
yeswiki/yeswiki
(Composer)
Mar 26, 2022
SQL Injection in Fork CMS
High
CVE-2022-0153
was published
for
forkcms/forkcms
(Composer)
Mar 25, 2022
SQL Injection in ImpressCMS
Critical
CVE-2021-26599
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
SQL Injection in Fork CMS
High
CVE-2022-1064
was published
for
forkcms/forkcms
(Composer)
Mar 26, 2022
SQL Injection in Dolibarr
High
CVE-2021-36625
was published
for
dolibarr/dolibarr
(Composer)
Apr 1, 2022
SQL injection in pagekit/pagekit
Critical
CVE-2021-44135
was published
for
pagekit/pagekit
(Composer)
Apr 2, 2022
SQL Injection in Pimcore
High
CVE-2022-1219
was published
for
pimcore/pimcore
(Composer)
Apr 9, 2022
SQL Injection in Pimcore
High
CVE-2022-1339
was published
for
pimcore/pimcore
(Composer)
Apr 14, 2022
SQL Injection found in Pimcore
High
CVE-2022-1429
was published
for
pimcore/pimcore
(Composer)
Apr 23, 2022
SQL injection in helloxz/imgurl
High
CVE-2022-29305
was published
for
helloxz/imgurl
(Composer)
May 25, 2022
exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability
High
CVE-2022-37333
was published
for
exceedone/exment
(Composer)
Aug 25, 2022
SQL Injection in RosarioSIS
Critical
CVE-2022-2067
was published
for
francoisjacquet/rosariosis
(Composer)
Jun 14, 2022
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore
High
CVE-2022-31092
was published
for
pimcore/pimcore
(Composer)
Jun 22, 2022
ProTip!
Advisories are also available from the
GraphQL API