GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
467 advisories
Filter by severity
OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack
High
CVE-2023-41886
was published
for
org.openrefine:database
(Maven)
Sep 12, 2023
Jeecg boot SQL Injection vulnerability
Critical
CVE-2023-42268
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Sep 8, 2023
DataEase vulnerable to SQL injection
High
CVE-2023-40771
was published
for
io.dataease:dataease-plugin-common
(Maven)
Sep 1, 2023
SpringBlade vulnerable to SQL injection
High
CVE-2023-40787
was published
for
org.springblade:blade-core-tool
(Maven)
Aug 29, 2023
Jeecg-boot SQL Injection vulnerability
Moderate
CVE-2023-38905
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Aug 17, 2023
Daylight Studio FUEL-CMS SQLi Vulnerability
High
CVE-2020-24950
was published
for
codeigniter/framework
(Composer)
Aug 11, 2023
PrestaShop SQL manager vulnerability
Critical
CVE-2023-39526
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop boolean SQL injection
Moderate
CVE-2023-39524
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
SQL injection in jeecg-boot
Critical
CVE-2023-38992
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Jul 28, 2023
SQL injection in audit endpoint
Critical
CVE-2023-35088
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 25, 2023
Pimcore vulnerable to SQL Injection in Dataobjects sorting
High
CVE-2023-3820
was published
for
pimcore/pimcore
(Composer)
Jul 21, 2023
postgraas-server vulnerable to SQL injection
Critical
CVE-2018-25088
was published
for
postgraas-server
(pip)
Jul 18, 2023
Pimcore SQL Injection vulnerability
High
CVE-2023-3673
was published
for
pimcore/pimcore
(Composer)
Jul 14, 2023
Apache InLong SQL Injection vulnerability
Moderate
CVE-2023-30465
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 6, 2023
langchain SQL Injection vulnerability
High
CVE-2023-36189
was published
for
langchain
(pip)
Jul 6, 2023
Moodle vulnerable to SQL Injection
Moderate
CVE-2023-35132
was published
for
moodle/moodle
(Composer)
Jun 22, 2023
JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode
Moderate
CVE-2023-34602
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 19, 2023
JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo
Moderate
CVE-2023-34603
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 19, 2023
jeecg-boot SQL injection vulnerability
Critical
CVE-2023-34659
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 16, 2023
ipandlanguageredirect extension vulnerable to SQL Injection
High
CVE-2023-35782
was published
for
in2code/ipandlanguageredirect
(Composer)
Jun 16, 2023
RuoYi Uncontrolled Resource Consumption vulnerability
Low
CVE-2023-3163
was published
for
com.ruoyi:ruoyi
(Maven)
Jun 8, 2023
SQL injection when using MySQL/PostgreSQL data checking
High
CVE-2023-33967
was published
for
github.com/megaease/easeprobe
(Go)
Jun 6, 2023
SQL injection in Liferay Portal
High
CVE-2023-33945
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
High
CVE-2023-2756
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 17, 2023
Moodle SQL Injection vulnerability
High
CVE-2023-30944
was published
for
moodle/moodle
(Composer)
May 2, 2023
ProTip!
Advisories are also available from the
GraphQL API