Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
pgAdmin is affected by a multi-factor authentication bypass vulnerability Moderate
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
Umbraco Workflow's Backoffice users can execute arbitrary SQL Moderate
CVE-2024-32872 was published for Plumber.Workflow (NuGet) Apr 24, 2024
pjez-qestit
Mautic SQL Injection in dynamic Reports Moderate
CVE-2022-25775 was published for mautic/core (Composer) Apr 12, 2024
SQL injection in Folio Spring Module Core Moderate
CVE-2022-4963 was published for org.folio:spring-module-core (Maven) Mar 21, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana (Go) Jan 31, 2024
Gila CMS SQL Injection Moderate
CVE-2020-26623 was published for gilacms/gila (Composer) Jan 3, 2024
Apache Superset SQL injection vulnerability Moderate
CVE-2023-49736 was published for apache-superset (pip) Dec 19, 2023
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability Moderate
CVE-2023-30867 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
nocodb SQL Injection vulnerability Moderate
CVE-2023-43794 was published for nocodb (npm) Oct 17, 2023
sylwia-budzynska
Magento Open Source allows SQL Injection Moderate
CVE-2023-38250 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38249 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38221 was published for magento/community-edition (Composer) Oct 13, 2023
Jeecg-boot SQL Injection vulnerability Moderate
CVE-2023-38905 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Aug 17, 2023
PrestaShop boolean SQL injection Moderate
CVE-2023-39524 was published for prestashop/prestashop (Composer) Aug 9, 2023
Apache InLong SQL Injection vulnerability Moderate
CVE-2023-30465 was published for org.apache.inlong:manager-pojo (Maven) Jul 6, 2023
Moodle vulnerable to SQL Injection Moderate
CVE-2023-35132 was published for moodle/moodle (Composer) Jun 22, 2023
JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode Moderate
CVE-2023-34602 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 19, 2023
JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo Moderate
CVE-2023-34603 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 19, 2023
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File Moderate
CVE-2023-0620 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
oxeye-daniel
Pimcore vulnerable to improper quoting of filters in Custom Reports Moderate
CVE-2023-28438 was published for pimcore/pimcore (Composer) Mar 22, 2023
Pimcore Remote Code Execution vulnerability in Search function Moderate
CVE-2023-1578 was published for pimcore/pimcore (Composer) Mar 22, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
a12nserver vulnerable to potential SQL Injections via Knex dependency Moderate
GHSA-crhg-xgrg-vvcc was published for @curveball/a12n-server (npm) Jan 13, 2023
Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin Moderate
CVE-2022-45208 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database