Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

11,277 advisories

SQL Injection in sequelize High
CVE-2015-1369 was published for sequelize (npm) Oct 24, 2017
SQL Injection in Active Record High
CVE-2014-3482 was published for activerecord (RubyGems) Oct 24, 2017
Array data injection vulnerability in activerecord Moderate
CVE-2014-0080 was published for activerecord (RubyGems) Oct 24, 2017
Active Record contains SQL Injection via improper range quoting High
CVE-2014-3483 was published for activerecord (RubyGems) Oct 24, 2017
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-2930 was published for activerecord (RubyGems) Oct 24, 2017
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Active Record vulnerable to SQL Injection via nested query parameters Moderate
CVE-2012-2661 was published for activerecord (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
SQL Injection in pycsw Critical
CVE-2016-8640 was published for pycsw (pip) Aug 15, 2018
Privilege Escalation due to Blind NoSQL Injection in flintcms Critical
CVE-2018-3783 was published for flintcms (npm) Aug 21, 2018
SQL Injection in query-mysql High
CVE-2018-3754 was published for query-mysql (npm) Sep 10, 2018
SQL injection vulnerability in the policy admin tool in Apache Ranger High
CVE-2016-2174 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
mysql-bunuuid-rails vulnerable to SQL injection Critical
CVE-2018-18476 was published for mysql-binuuid-rails (RubyGems) Oct 30, 2018
tdunlap607
SQL Injection in hive-jdbc Critical
CVE-2018-1282 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
SQL Injection in sequelize High
CVE-2016-10556 was published for sequelize (npm) Feb 18, 2019
tdunlap607
SQL Injection in waterline-sequel High
CVE-2016-10551 was published for waterline-sequel (npm) Feb 18, 2019
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
Potential SQL Injection in sequelize High
CVE-2016-10553 was published for sequelize (npm) Feb 18, 2019
SQL Injection in sequelize High
CVE-2016-10550 was published for sequelize (npm) Feb 18, 2019
SQLAlchemy is vulnerable to SQL Injection via group_by parameter High
CVE-2019-7548 was published for SQLAlchemy (pip) Apr 16, 2019
SQLAlchemy vulnerable to SQL Injection via order_by parameter Critical
CVE-2019-7164 was published for SQLAlchemy (pip) Apr 16, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA Moderate
CVE-2019-3797 was published for org.springframework.data:spring-data-jpa (Maven) May 14, 2019
NoSQL Injection in loopback-connector-mongodb High
GHSA-m734-r4g6-34f9 was published for loopback-connector-mongodb (npm) Jun 4, 2019
ProTip! Advisories are also available from the GraphQL API