Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

6,843 advisories

Loading
The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons... High Unreviewed
CVE-2022-0887 was published Apr 5, 2022
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for... High Unreviewed
CVE-2021-32957 was published Apr 3, 2022
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. High Unreviewed
CVE-2021-44581 was published Mar 30, 2022
An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021... High Unreviewed
CVE-2021-43109 was published Mar 30, 2022
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did'... High Unreviewed
CVE-2021-25064 was published Mar 29, 2022
The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the ... High Unreviewed
CVE-2021-25068 was published Mar 29, 2022
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated... High Unreviewed
CVE-2022-0386 was published Mar 23, 2022
Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is... High Unreviewed
CVE-2021-44345 was published Mar 21, 2022
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. High Unreviewed
CVE-2022-26266 was published Mar 20, 2022
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV... High Unreviewed
CVE-2022-25607 was published Mar 19, 2022
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. High Unreviewed
CVE-2021-45793 was published Mar 18, 2022
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin... High Unreviewed
CVE-2021-45791 was published Mar 18, 2022
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data... High Unreviewed
CVE-2021-45794 was published Mar 18, 2022
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat... High Unreviewed
CVE-2021-45821 was published Mar 17, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in... High Unreviewed
CVE-2022-25491 was published Mar 16, 2022
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the... High Unreviewed
CVE-2021-24959 was published Mar 15, 2022
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not... High Unreviewed
CVE-2022-0478 was published Mar 15, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks... High Unreviewed
CVE-2022-22735 was published Mar 15, 2022
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection... High Unreviewed
CVE-2021-43969 was published Mar 11, 2022
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version... High Unreviewed
CVE-2022-0507 was published Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain... High Unreviewed
CVE-2022-24601 was published Mar 11, 2022
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api... High Unreviewed
CVE-2022-25225 was published Mar 11, 2022
A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated... High Unreviewed
CVE-2022-24281 was published Mar 9, 2022
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a... High Unreviewed
CVE-2021-24777 was published Mar 8, 2022
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the... High Unreviewed
CVE-2021-24952 was published Mar 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database