Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

99 advisories

Loading
Mingsoft MCMS vulnerable to SQL Injection Critical
CVE-2022-4375 was published for net.mingsoft:ms-mcms (Maven) Dec 9, 2022
Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin Moderate
CVE-2022-45208 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Jeecg-boot vulnerable to SQL Injection Critical
CVE-2022-45206 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Jeecg-boot vulnerable to SQL Injection Moderate
CVE-2022-45210 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString Critical
CVE-2022-45207 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module Critical
CVE-2022-42122 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module High
CVE-2022-42121 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module Critical
CVE-2022-42120 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
SQL injection in jflyfox jfinal Critical
CVE-2022-37199 was published for com.jflyfox:jflyfox_jfinal (Maven) Aug 24, 2022
SQL injection in jflyfox jfinal Critical
CVE-2022-37223 was published for com.jflyfox:jflyfox_jfinal (Maven) Aug 24, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter Critical
CVE-2022-36272 was published for net.mingsoft:ms-mcms (Maven) Aug 17, 2022
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List Critical
CVE-2022-36599 was published for net.mingsoft:ms-mcms (Maven) Aug 17, 2022
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names High
CVE-2022-31197 was published for org.postgresql:postgresql (Maven) Aug 6, 2022
kato-sho JBrown0x90
SQL Injection found in Dataease High
CVE-2022-34114 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Dataease v1.11.1 SQL Injection via parameter dataSourceId Critical
CVE-2022-34115 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
SQL injection in jflyfox jfinal High
CVE-2022-30500 was published for com.jflyfox:jflyfox_jfinal (Maven) May 27, 2022
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections High
CVE-2021-29053 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
OHDSI WebAPI vulnerable to SQL Injection Critical
CVE-2019-15563 was published for org.ohdsi:WebAPI (Maven) May 24, 2022
tdunlap607
Apache Jetspeed vulnerable to SQL Injection High
CVE-2016-0710 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA Moderate
CVE-2016-6652 was published for org.springframework.data:spring-data-jpa (Maven) May 17, 2022
Apache OpenMeetings vulnerable to SQL injection High
CVE-2017-7681 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Blind SQL Injection with privileged Cloud Foundry UAA endpoints Moderate
CVE-2017-4974 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter Critical
CVE-2022-28111 was published for com.github.pagehelper:pagehelper (Maven) May 5, 2022
Apache Derby SQL Injection Moderate
CVE-2006-7217 was published for org.apache.derby:derby (Maven) May 1, 2022
SQL Injection in elide-datastore-aggregation High
CVE-2022-24827 was published for com.yahoo.elide:elide-datastore-aggregation (Maven) Apr 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database