Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

15,073 advisories

Loading
An input sanitization flaw was found in the id field in the dashboard controller of Foreman... Moderate Unreviewed
CVE-2018-1096 was published May 13, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not... Critical Unreviewed
CVE-2019-9918 was published May 13, 2022
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield... High Unreviewed
CVE-2022-42143 was published Oct 18, 2022
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an... High Unreviewed
CVE-2019-7001 was published May 13, 2022
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of... High Unreviewed
CVE-2022-1358 was published May 18, 2022
Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to... High Unreviewed
CVE-2014-2736 was published May 13, 2022
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6,... High Unreviewed
CVE-2018-1819 was published May 13, 2022
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component... Critical Unreviewed
CVE-2018-1132 was published May 13, 2022
** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post... High Unreviewed
CVE-2018-6393 was published May 13, 2022
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Critical Unreviewed
CVE-2016-1000113 was published May 13, 2022
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior,... High Unreviewed
CVE-2018-7501 was published May 13, 2022
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL... High Unreviewed
CVE-2018-1674 was published May 13, 2022
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4... Critical Unreviewed
CVE-2018-8914 was published May 13, 2022
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1... High Unreviewed
CVE-2011-0467 was published May 13, 2022
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute... High Unreviewed
CVE-2010-4897 was published May 13, 2022
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via... Critical Unreviewed
CVE-2018-16659 was published May 13, 2022
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. Critical Unreviewed
CVE-2018-17410 was published May 13, 2022
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey... Critical Unreviewed
CVE-2017-7991 was published May 13, 2022
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. Critical Unreviewed
CVE-2018-5986 was published May 13, 2022
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. Critical Unreviewed
CVE-2018-18761 was published May 13, 2022
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. Critical Unreviewed
CVE-2018-16803 was published May 13, 2022
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows... High Unreviewed
CVE-2014-4928 was published May 13, 2022
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32,... Moderate Unreviewed
CVE-2018-6494 was published May 13, 2022
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote... Moderate Unreviewed
CVE-2014-5387 was published May 13, 2022
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL... Critical Unreviewed
CVE-2016-9488 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database