Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,368 advisories

Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-51637 was published May 22, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php... Critical Unreviewed
CVE-2024-4992 was published May 16, 2024
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php... Critical Unreviewed
CVE-2024-4991 was published May 16, 2024
SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability... Critical Unreviewed
CVE-2024-4826 was published May 16, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to... Critical Unreviewed
CVE-2024-4893 was published May 15, 2024
Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP... Critical Unreviewed
CVE-2024-4824 was published May 14, 2024
SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability... Critical Unreviewed
CVE-2024-4466 was published May 3, 2024
Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution... Critical Unreviewed
CVE-2023-51595 was published May 3, 2024
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability... Critical Unreviewed
CVE-2023-51586 was published May 3, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-33546 was published Apr 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-33544 was published Apr 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-33559 was published Apr 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-33551 was published Apr 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-32709 was published Apr 24, 2024
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-32128 was published Apr 15, 2024
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto)... Critical Unreviewed
CVE-2024-3704 was published Apr 12, 2024
The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup... Critical Unreviewed
CVE-2024-2879 was published Apr 3, 2024
ProTip! Advisories are also available from the GraphQL API