Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
SQL Injection in Translation Export API High
CVE-2023-30849 was published for pimcore/pimcore (Composer) Apr 27, 2023
SQL Injection in Admin Search Find API High
CVE-2023-30848 was published for pimcore/pimcore (Composer) Apr 27, 2023
Arbitrary file read via SQL injection High
CVE-2023-30545 was published for prestashop/prestashop (Composer) Apr 26, 2023
truff77
Credited to truff77
NotrinosERP vulnerable to SQL Injection High
CVE-2023-24788 was published for notrinos/notrinos-erp (Composer) Mar 23, 2023
Moodle SQL Injection vulnerability High
CVE-2023-28329 was published for moodle/moodle (Composer) Mar 23, 2023
Teampass SQL Injection vulnerability High
CVE-2023-1545 was published for nilsteampassnet/teampass (Composer) Mar 21, 2023
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model High
CVE-2023-28108 was published for pimcore/pimcore (Composer) Mar 17, 2023
Blind SQL Injection via GridFieldSortableHeader High
CVE-2022-38148 was published for silverstripe/framework (Composer) Nov 22, 2022
Centreon SQL Injection vulnerability via esc_name parameter High
CVE-2022-40043 was published for centreon/centreon (Composer) Sep 27, 2022
exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability High
CVE-2022-37333 was published for exceedone/exment (Composer) Aug 25, 2022
BlockWishList SQL Injection vulnerability High
CVE-2022-31101 was published for prestashop/blockwishlist (Composer) Jun 25, 2022
haidv35
Credited to haidv35
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore High
CVE-2022-31092 was published for pimcore/pimcore (Composer) Jun 22, 2022
SQL injection in helloxz/imgurl High
CVE-2022-29305 was published for helloxz/imgurl (Composer) May 25, 2022
Magento SQL Injection vulnerability High
CVE-2020-24400 was published for magento/community-edition (Composer) May 24, 2022
MunkiReport Software Update module is vulnerable to SQL injection High
CVE-2020-15887 was published for munkireport/softwareupdate (Composer) May 24, 2022
MunkiReport reportdata module SQL injection vulnerability High
CVE-2020-15886 was published for munkireport/reportdata (Composer) May 24, 2022
Dolibarr SQL injection vulnerability in accountancy/customer/card.php High
CVE-2020-14443 was published for dolibarr/dolibarr (Composer) May 24, 2022
phpMyAdmin SQL Injection High
CVE-2020-10804 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability High
CVE-2020-10802 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Dolibarr ERP and CRM SQLi High
CVE-2019-19209 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento sql injection vulnerability High
CVE-2020-3719 was published for magento/community-edition (Composer) May 24, 2022
phpMyAdmin SQL injection in user accounts page High
CVE-2020-5504 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Magento SQL injection via marketing account with access to email templates variables High
CVE-2019-8134 was published for magento/community-edition (Composer) May 24, 2022
Magento SQL injection vulnerability High
CVE-2019-8130 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition SQLi Vulnerability High
CVE-2019-8127 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database