Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,082 advisories

Loading
SQL injection in hibernate-core High
CVE-2020-25638 was published for org.hibernate:hibernate-core (Maven) Feb 9, 2022
vmvarga mpihelgas
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to... High Unreviewed
CVE-2022-23873 was published Feb 9, 2022
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an... High Unreviewed
CVE-2022-24121 was published Feb 9, 2022
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id... High Unreviewed
CVE-2021-24919 was published Feb 2, 2022
SQL Injection in Casdoor High
CVE-2022-24124 was published for github.com/casdoor/casdoor (Go) Feb 1, 2022
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component... High Unreviewed
CVE-2021-46459 was published Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator... High Unreviewed
CVE-2022-24264 was published Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator... High Unreviewed
CVE-2022-24266 was published Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator... High Unreviewed
CVE-2022-24265 was published Feb 1, 2022
Mingsoft MCMS SQL injection vulnerability High
CVE-2021-46383 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability High
CVE-2021-46385 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this... High Unreviewed
CVE-2021-45803 was published Jan 26, 2022
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the... High Unreviewed
CVE-2021-24858 was published Jan 25, 2022
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order... High Unreviewed
CVE-2021-24865 was published Jan 25, 2022
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id... High Unreviewed
CVE-2021-25045 was published Jan 25, 2022
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100,... High Unreviewed
CVE-2021-4088 was published Jan 25, 2022
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution... High Unreviewed
CVE-2021-44593 was published Jan 22, 2022
SQL Injection in dolibarr High
CVE-2022-0224 was published for dolibarr/dolibarr (Composer) Jan 21, 2022
pimcore is vulnerable to SQL Injection High
CVE-2022-0258 was published for pimcore/pimcore (Composer) Jan 21, 2022
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet"... High Unreviewed
CVE-2022-23046 was published Jan 20, 2022
SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. High Unreviewed
CVE-2021-38694 was published Jan 19, 2022
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql'... High Unreviewed
CVE-2021-45406 was published Jan 15, 2022
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a... High Unreviewed
CVE-2021-43971 was published Jan 12, 2022
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and... High Unreviewed
CVE-2021-25054 was published Jan 11, 2022
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its... High Unreviewed
CVE-2021-24862 was published Jan 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database