Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,080 advisories

Loading
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the... High Unreviewed
CVE-2022-23911 was published Mar 1, 2022
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated... High Unreviewed
CVE-2022-23986 was published Feb 25, 2022
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for... High Unreviewed
CVE-2022-24407 was published Feb 25, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping... High Unreviewed
CVE-2022-0651 was published Feb 25, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping... High Unreviewed
CVE-2022-25148 was published Feb 25, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping... High Unreviewed
CVE-2022-25149 was published Feb 25, 2022
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids... High Unreviewed
CVE-2021-25069 was published Feb 22, 2022
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST... High Unreviewed
CVE-2021-4208 was published Feb 22, 2022
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the... High Unreviewed
CVE-2022-0255 was published Feb 22, 2022
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby... High Unreviewed
CVE-2022-0228 was published Feb 22, 2022
BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the... High Unreviewed
CVE-2021-44302 was published Feb 20, 2022
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL... High Unreviewed
CVE-2020-8242 was published Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... High Unreviewed
CVE-2022-21176 was published Feb 19, 2022
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping... High Unreviewed
CVE-2022-0513 was published Feb 17, 2022
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via... High Unreviewed
CVE-2022-24226 was published Feb 16, 2022
SQL Injection High Unreviewed
CVE-2020-25695 was published Feb 15, 2022
Pivotal Concourse SQL Injection Vulnerability High
CVE-2019-3792 was published for github.com/concourse/concourse (Go) Feb 15, 2022
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL... High Unreviewed
CVE-2022-0190 was published Feb 15, 2022
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in ... High Unreviewed
CVE-2022-24646 was published Feb 12, 2022
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753,... High Unreviewed
CVE-2022-22540 was published Feb 11, 2022
Possible SQL injection in tablelookupwizard Contao Extension High
GHSA-v3mr-gp7j-pw5w was published for terminal42/contao-tablelookupwizard (Composer) Feb 10, 2022
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of... High Unreviewed
CVE-2021-37197 was published Feb 10, 2022
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not... High Unreviewed
CVE-2021-44866 was published Feb 10, 2022
SQL injection in hibernate-core High
CVE-2020-25638 was published for org.hibernate:hibernate-core (Maven) Feb 9, 2022
vmvarga mpihelgas
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to... High Unreviewed
CVE-2022-23873 was published Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database