GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
pgproto3 SQL Injection via Protocol Message Size Overflow
Moderate
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Protocol Message Size Overflow
Moderate
CVE-2024-27304
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Line Comment Creation
Moderate
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana/pkg/tsdb/mysql
(Go)
Jan 31, 2024
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
High
CVE-2024-22196
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
SQL injection vulnerability in Meshery
Critical
CVE-2023-46575
was published
for
github.com/layer5io/meshery
(Go)
Nov 24, 2023
Flyte Admin SQL Injection in List Filters
Low
CVE-2023-41891
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 27, 2023
SQL injection when using MySQL/PostgreSQL data checking
High
CVE-2023-33967
was published
for
github.com/megaease/easeprobe
(Go)
Jun 6, 2023
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
Moderate
CVE-2023-0620
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
rttys SQL Injection vulnerability
High
CVE-2022-38867
was published
for
github.com/zhaojh329/rttys
(Go)
Feb 16, 2023
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
High
CVE-2022-45786
was published
for
apache-age-python
(Go)
Feb 4, 2023
Squalor SQL Injection vulnerability
Critical
CVE-2020-36645
was published
for
github.com/square/squalor
(Go)
Jan 7, 2023
gosqljson SQL Injection vulnerability
Critical
CVE-2014-125064
was published
for
github.com/elgs/gosqljson
(Go)
Jan 7, 2023
owncast is vulnerable to SQL Injection
Critical
CVE-2022-3751
was published
for
github.com/owncast/owncast
(Go)
Nov 29, 2022
IBAX go-ibax vulnerable to SQL injection
High
CVE-2022-3799
was published
for
github.com/IBAX-io/go-ibax
(Go)
Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection
High
CVE-2022-3798
was published
for
github.com/IBAX-io/go-ibax
(Go)
Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection
High
CVE-2022-3800
was published
for
github.com/IBAX-io/go-ibax
(Go)
Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection
High
CVE-2022-3801
was published
for
github.com/IBAX-io/go-ibax
(Go)
Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection
High
CVE-2022-3802
was published
for
github.com/IBAX-io/go-ibax
(Go)
Nov 1, 2022
SQLinjection in falcon-plus
Critical
CVE-2022-26245
was published
for
github.com/open-falcon/falcon-plus
(Go)
Mar 28, 2022
Pivotal Concourse SQL Injection Vulnerability
High
CVE-2019-3792
was published
for
github.com/concourse/concourse
(Go)
Feb 15, 2022
SQL Injection in Couchbase Sync Gateway
Critical
CVE-2019-9039
was published
for
github.com/couchbase/sync_gateway
(Go)
Feb 15, 2022
SQL Injection in Casdoor
High
CVE-2022-24124
was published
for
github.com/casdoor/casdoor
(Go)
Feb 1, 2022
SQL injection in github.com/navidrome/navidrome
Moderate
CVE-2022-23857
was published
for
github.com/navidrome/navidrome
(Go)
Jan 27, 2022
ProTip!
Advisories are also available from the
GraphQL API