Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19 advisories

SQL Injection Vulnerability via ActiveRecord comments High
CVE-2023-22794 was published for activerecord (RubyGems) Jan 18, 2023
kurt-r2c
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
update_by_case before 0.1.3 can be vulnerable to sql injection Moderate
CVE-2022-35956 was published for update_by_case (RubyGems) Aug 11, 2022
Fat Free CRM vulnerable to SQL Injection Moderate
CVE-2013-7225 was published for fat_free_crm (RubyGems) May 17, 2022
Katello SQL Injection vulnerabilities High
CVE-2016-3072 was published for katello (RubyGems) May 14, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
SQL injection in blazer High
CVE-2022-29498 was published for blazer (RubyGems) Apr 22, 2022
tdunlap607
SQL Injection in Geocoder Critical
CVE-2020-7981 was published for geocoder (RubyGems) Jun 10, 2020
SQL Injection in marginalia Critical
CVE-2019-1010191 was published for marginalia (RubyGems) Jul 26, 2019
mysql-bunuuid-rails vulnerable to SQL injection Critical
CVE-2018-18476 was published for mysql-binuuid-rails (RubyGems) Oct 30, 2018
tdunlap607
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-2930 was published for activerecord (RubyGems) Oct 24, 2017
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Active Record vulnerable to SQL Injection via nested query parameters Moderate
CVE-2012-2661 was published for activerecord (RubyGems) Oct 24, 2017
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
Array data injection vulnerability in activerecord Moderate
CVE-2014-0080 was published for activerecord (RubyGems) Oct 24, 2017
Active Record contains SQL Injection via improper range quoting High
CVE-2014-3483 was published for activerecord (RubyGems) Oct 24, 2017
SQL Injection in Active Record High
CVE-2014-3482 was published for activerecord (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API