Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,666
Maven
5,000+
npm
4,294
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,246 advisories

Loading
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker... Critical Unreviewed
CVE-2025-59742 was published Oct 2, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-13150 was published Sep 29, 2025
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an... Critical Unreviewed
CVE-2025-8868 was published Sep 29, 2025
This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and... Critical Unreviewed
CVE-2025-59814 was published Sep 25, 2025
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows... Critical Unreviewed
CVE-2025-54946 was published Sep 25, 2025
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of... Critical Unreviewed
CVE-2025-56074 was published Sep 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10439 was published Sep 17, 2025
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-57631 was published Sep 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -... Critical Unreviewed
CVE-2024-13149 was published Sep 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-7744 was published Sep 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-4688 was published Sep 16, 2025
NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-10266 was published Sep 12, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40687 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40691 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40689 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40690 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40692 was published Sep 11, 2025
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response... Critical Unreviewed
CVE-2025-9943 was published Sep 10, 2025
OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via... Critical Unreviewed
CVE-2025-58462 was published Sep 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-47569 was published Sep 9, 2025
pREST has a Systemic SQL Injection Vulnerability Critical
CVE-2025-58450 was published for github.com/prest/prest/v2 (Go) Sep 8, 2025
v1ktor0t
Credited to v1ktor0t
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-58628 was published Sep 5, 2025
Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL... Critical Unreviewed
CVE-2025-7385 was published Sep 4, 2025
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. Critical Unreviewed
CVE-2025-57140 was published Sep 2, 2025
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-44033 was published Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database