Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,314
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
674
pip
3,433
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,827 advisories

Loading
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the... Critical Unreviewed
CVE-2021-24866 was published Dec 7, 2021
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and... Critical Unreviewed
CVE-2021-24943 was published Dec 7, 2021
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter... Critical Unreviewed
CVE-2021-31632 was published Dec 7, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController... Critical Unreviewed
CVE-2021-44347 was published Dec 4, 2021
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main... Critical Unreviewed
CVE-2021-35414 was published Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage... Critical Unreviewed
CVE-2021-44349 was published Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller... Critical Unreviewed
CVE-2021-44348 was published Dec 4, 2021
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api... Critical Unreviewed
CVE-2021-43679 was published Dec 3, 2021
SQL Injection in rosariosis Critical
CVE-2021-44427 was published for francoisjacquet/rosariosis (Composer) Dec 2, 2021
attendance management system 1.0 is affected by a SQL injection vulnerability in admin... Critical Unreviewed
CVE-2021-44280 was published Dec 2, 2021
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the... Critical Unreviewed
CVE-2021-43451 was published Dec 2, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41677 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41678 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41679 was published Dec 1, 2021
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not... Critical Unreviewed
CVE-2021-24915 was published Nov 30, 2021
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is... Critical Unreviewed
CVE-2021-36916 was published Nov 25, 2021
DBAL 3 SQL Injection Security Vulnerability Critical
CVE-2021-43608 was published for doctrine/dbal (Composer) Nov 16, 2021
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
SQL Injection in medoo Critical
CVE-2019-10762 was published for catfan/medoo (Composer) Oct 12, 2021
SQL Injection in topthink/thinkphp Critical
CVE-2020-20120 was published for topthink/thinkphp (Composer) Sep 30, 2021
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
SQL Injection in Subrion CMS Critical
CVE-2020-18155 was published for intelliants/subrion (Composer) Sep 8, 2021
SQL injection in TYPO3 extension Critical
CVE-2021-38302 was published for ecodev/newsletter (Composer) Sep 2, 2021
SQL Injection in NukeViet Critical
CVE-2019-7726 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
SQL Injection in Apache SkyWalking Critical
CVE-2020-13921 was published for org.apache.skywalking:oap-server (Maven) May 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database