Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,182 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39501 was published May 23, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-46539 was published May 23, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-46455 was published May 23, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-46460 was published May 23, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39504 was published May 23, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-47640 was published May 23, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-48283 was published May 23, 2025
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Critical
CVE-2025-46337 was published for adodb/adodb-php (Composer) May 1, 2025
mrcnpp dregad
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6847 was published Aug 20, 2024
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2024-5765 was published Jul 30, 2024
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-5975 was published Jul 30, 2024
PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a... Critical Unreviewed
CVE-2024-51101 was published May 23, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-2812 was published May 2, 2025
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection Critical
CVE-2024-11958 was published for llama-index-retrievers-duckdb-retriever (pip) Mar 20, 2025
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
decsecre583
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL... Critical Unreviewed
CVE-2022-34909 was published Feb 27, 2023
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama... Critical Unreviewed
CVE-2025-1750 was published Jun 2, 2025
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5... Critical Unreviewed
CVE-2023-39336 was published Jan 9, 2024
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a... Critical Unreviewed
CVE-2025-4578 was published Jun 4, 2025
Improper neutralization of input provided by an unauthorized user into changes__reference_id... Critical Unreviewed
CVE-2025-4568 was published Jun 5, 2025
The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6809 was published May 15, 2025
Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component ... Critical Unreviewed
CVE-2024-48072 was published Nov 19, 2024
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at... Critical Unreviewed
CVE-2024-22108 was published Feb 2, 2024
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-3549 was published Jun 11, 2024
llama_index vulnerable to SQL Injection Critical
CVE-2025-1793 was published for llama-index (pip) Jun 5, 2025
Malayke
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database