Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,182 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-49059 was published Aug 14, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54707 was published Aug 14, 2025
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function,... Critical Unreviewed
CVE-2025-50567 was published Aug 19, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54048 was published Aug 20, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54726 was published Aug 20, 2025
The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe... Critical Unreviewed
CVE-2025-51092 was published Aug 22, 2025
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the... Critical Unreviewed
CVE-2025-56214 was published Aug 26, 2025
SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive... Critical Unreviewed
CVE-2025-55575 was published Aug 26, 2025
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via... Critical Unreviewed
CVE-2025-56212 was published Aug 26, 2025
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. Critical Unreviewed
CVE-2024-53499 was published Aug 22, 2025
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute... Critical Unreviewed
CVE-2025-50972 was published Aug 27, 2025
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que... Critical Unreviewed
CVE-2025-34162 was published Aug 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39496 was published Aug 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54720 was published Aug 28, 2025
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-44033 was published Aug 29, 2025
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. Critical Unreviewed
CVE-2025-57140 was published Sep 2, 2025
Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL... Critical Unreviewed
CVE-2025-7385 was published Sep 4, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-58628 was published Sep 5, 2025
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module Critical
CVE-2022-42120 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module Critical
CVE-2022-42122 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-47569 was published Sep 9, 2025
A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows... Critical Unreviewed
CVE-2024-13979 was published Aug 28, 2025
OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via... Critical Unreviewed
CVE-2025-58462 was published Sep 9, 2025
pREST has a Systemic SQL Injection Vulnerability Critical
CVE-2025-58450 was published for github.com/prest/prest/v2 (Go) Sep 8, 2025
v1ktor0t
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response... Critical Unreviewed
CVE-2025-9943 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database