Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
Mocodo vulnerable to SQL injection in `/web/generate.php` Critical
CVE-2024-35374 was published for mocodo (pip) May 28, 2024
NASA AIT-Core vulnerable to SQL Injection Critical
CVE-2024-35056 was published for ait-core (pip) May 21, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability Moderate
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd
SQLAlchemyDA unauthenticated arbitrary SQL query execution Critical
CVE-2024-24811 was published for Products.SQLAlchemyDA (pip) Feb 7, 2024
perrinjerome dataflake
SQL injection in llama-index Critical
CVE-2024-23751 was published for llama-index (pip) Jan 22, 2024
Apache Superset SQL injection vulnerability Moderate
CVE-2023-49736 was published for apache-superset (pip) Dec 19, 2023
SQL injection in Apache Submarine Critical
CVE-2023-37924 was published for apache-submarine (pip) Nov 22, 2023
r3kumar
piccolo SQL Injection via named transaction savepoints Critical
CVE-2023-47128 was published for piccolo (pip) Nov 12, 2023
Skelmis
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
bertuxdeveloper
postgraas-server vulnerable to SQL injection Critical
CVE-2018-25088 was published for postgraas-server (pip) Jul 18, 2023
langchain SQL Injection vulnerability High
CVE-2023-36189 was published for langchain (pip) Jul 6, 2023
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection High
CVE-2022-45786 was published for apache-age-python (Go) Feb 4, 2023
oscerd
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
Arches vulnerable to execution of arbitrary SQL High
CVE-2022-41892 was published for arches (pip) Nov 11, 2022
sylwia-budzynska tdunlap607
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection Critical
CVE-2022-34265 was published for Django (pip) Jul 5, 2022
Apache Superset SQL Injection when template processing is enabled High
CVE-2021-41971 was published for apache-superset (pip) May 24, 2022
Plone SQL Injection Vulnerability High
CVE-2020-7939 was published for Plone (pip) May 24, 2022
Openstack ironic-inspector has SQL injection vulnerability in node_cache High
CVE-2019-10141 was published for ironic-inspector (pip) May 24, 2022
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function Critical
CVE-2019-1010259 was published for salt (pip) May 24, 2022
PyWebDAV SQL Injection vulnerability Critical
CVE-2011-0432 was published for pywebdav (pip) May 17, 2022
Django Vulnerable to MySQL Injection High
CVE-2014-0474 was published for Django (pip) May 17, 2022
SQL injection in calibreweb Critical
CVE-2022-30765 was published for calibreweb (pip) May 17, 2022
SQLAlchemy vulnerable to SQL injection Critical
CVE-2012-0805 was published for SQLAlchemy (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database