GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
467 advisories
Filter by severity
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
High
GHSA-wq9x-qwcq-mmgf
was published
for
diesel
(Rust)
Aug 23, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query
Moderate
GHSA-fpgj-cr28-fvpx
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 21, 2024
LF Edge eKuiper has a SQL Injection in sqlKvStore
High
CVE-2024-43406
was published
for
ekuiper
(Go)
Aug 20, 2024
SQL injection in github.com/stashapp/stash
Critical
CVE-2024-32231
was published
for
github.com/stashapp/stash
(Go)
Aug 15, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations
High
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
Django SQL injection vulnerability
Critical
CVE-2024-42005
was published
for
Django
(pip)
Aug 7, 2024
rudder-server is vulnerable to SQL injection
High
CVE-2023-30625
was published
for
github.com/rudderlabs/rudder-server
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35181
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35182
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
High
CVE-2024-29031
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Admidio has Blind SQL Injection in ecard_send.php
Critical
CVE-2024-37906
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
dbt has an implicit override for built-in materializations from installed packages
Moderate
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Apache Superset vulnerable to improper SQL authorization
Moderate
CVE-2024-39887
was published
for
apache-superset
(pip)
Jul 16, 2024
SQL Injection in the KubeClarity REST API
Moderate
CVE-2024-39909
was published
for
github.com/openclarity/kubeclarity/backend
(Go)
Jul 12, 2024
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Moderate
CVE-2024-39677
was published
for
NHibernate
(NuGet)
Jul 8, 2024
EGroupware mishandles an ORDER BY clause
Moderate
CVE-2024-40614
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Critical
CVE-2024-37843
was published
for
craftcms/cms
(Composer)
Jun 25, 2024
SQL injection in opencart
High
CVE-2024-21514
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Apache Submarine Server Core has a SQL Injection Vulnerability
High
CVE-2024-36263
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API