Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
Easy!Appointments SQL injection vulnerability Moderate
CVE-2025-50383 was published for alextselegidis/easyappointments (Composer) Aug 26, 2025
JeecgBoot SQL Injection Vulnerability Moderate
CVE-2025-51825 was published for org.jeecgframework.boot:jeecg-boot-base-core (Maven) Aug 22, 2025
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
MoonShine SQL Injection Vulnerability Moderate
CVE-2025-51510 was published for moonshine/moonshine (Composer) Aug 19, 2025
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions Moderate
CVE-2025-55674 was published for apache-superset (pip) Aug 14, 2025
go-pg SQL injection vulnerability via the component /types/append_value.go Moderate
CVE-2024-44905 was published for github.com/go-pg/pg (Go) Jun 12, 2025
elliotcourant
uptrace pgdriver SQL injection vulnerability Moderate
CVE-2024-44906 was published for github.com/uptrace/bun/driver/pgdriver (Go) Jun 12, 2025
maxfierke Aoang
Jeecg-boot vulnerable to SQL Injection Moderate
CVE-2022-45210 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin Moderate
CVE-2022-45208 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation Moderate
CVE-2025-53549 was published for matrix-sdk (Rust) Jul 10, 2025
poljar
pg-promise SQL Injection vulnerability Moderate
CVE-2025-29744 was published for pg-promise (npm) Jun 12, 2025
MantisBT SQL Injection via mc_project_get_users function Moderate
CVE-2020-28413 was published for mantisbt/mantisbt (Composer) May 24, 2022
SeaweedFS Vulnerable to SQL Injection Moderate
CVE-2024-40120 was published for github.com/seaweedfs/seaweedfs (Go) May 16, 2025
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4292 was published for moodle/moodle (Composer) May 13, 2022
TYPO3 SQL Injection vulnerability Moderate
CVE-2010-5103 was published for typo3/cms (Composer) May 17, 2022
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30217 was published for frappe (pip) Mar 26, 2025
cydave
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30212 was published for frappe (pip) Mar 25, 2025
yeuchimse
Apache Airflow MySQL Provider is Vulnerable to SQL Injection Moderate
CVE-2025-27018 was published for apache-airflow-providers-mysql (pip) Mar 19, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition Moderate
CVE-2025-27617 was published for pimcore/pimcore (Composer) Mar 11, 2025
cancan101
Magento Open Source allows SQL Injection Moderate
CVE-2023-38250 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38249 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38221 was published for magento/community-edition (Composer) Oct 13, 2023
Apache Superset SQL injection vulnerability Moderate
CVE-2023-49736 was published for apache-superset (pip) Dec 19, 2023
pgAdmin is affected by a multi-factor authentication bypass vulnerability Moderate
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database