Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

14,509 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39496 was published Aug 28, 2025
The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via... Moderate Unreviewed
CVE-2025-8977 was published Aug 28, 2025
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que... Critical Unreviewed
CVE-2025-34162 was published Aug 28, 2025
A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows... Critical Unreviewed
CVE-2024-13979 was published Aug 28, 2025
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API... High Unreviewed
CVE-2025-50983 was published Aug 27, 2025
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection... Moderate Unreviewed
CVE-2025-50984 was published Aug 27, 2025
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute... Critical Unreviewed
CVE-2025-50972 was published Aug 27, 2025
In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL... Moderate Unreviewed
CVE-2025-30059 was published Aug 27, 2025
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability... Moderate Unreviewed
CVE-2025-30061 was published Aug 27, 2025
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection... Moderate Unreviewed
CVE-2025-30060 was published Aug 27, 2025
In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL... Moderate Unreviewed
CVE-2025-30058 was published Aug 27, 2025
The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’... High Unreviewed
CVE-2025-9172 was published Aug 26, 2025
SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive... Critical Unreviewed
CVE-2025-55575 was published Aug 26, 2025
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the... Critical Unreviewed
CVE-2025-56214 was published Aug 26, 2025
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the... Moderate Unreviewed
CVE-2025-56215 was published Aug 26, 2025
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via... Critical Unreviewed
CVE-2025-56212 was published Aug 26, 2025
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the... High Unreviewed
CVE-2025-56216 was published Aug 26, 2025
A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the... Moderate Unreviewed
CVE-2025-9391 was published Aug 24, 2025
User with high privileges is able to introduce a SQLi using the Meta Service indicator page.... High Unreviewed
CVE-2025-4650 was published Aug 22, 2025
On the monitoring event logs page, it is possible to alter the http request to insert a payload... High Unreviewed
CVE-2025-6791 was published Aug 22, 2025
The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe... Critical Unreviewed
CVE-2025-51092 was published Aug 22, 2025
SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1... High Unreviewed
CVE-2024-48988 was published Aug 22, 2025
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject... High Unreviewed
CVE-2025-52085 was published Aug 22, 2025
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. Critical Unreviewed
CVE-2024-53499 was published Aug 22, 2025
WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote... High Unreviewed
CVE-2025-9255 was published Aug 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database