Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter High
CVE-2025-65103 was published for devcode-it/openstamanager (Composer) Nov 19, 2025
XY20130630
Credited to XY20130630
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality High
CVE-2025-62519 was published for phpmyfaq/phpmyfaq (Composer) Nov 17, 2025
XY20130630
Credited to XY20130630
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter High
CVE-2025-64519 was published for torrentpier/torrentpier (Composer) Nov 10, 2025
XY20130630
Credited to XY20130630
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
Bacula-web SQL Injection Vulnerability High
CVE-2025-45346 was published for bacula-web/bacula-web (Composer) Jul 29, 2025
z-push/z-push-dev SQL Injection Vulnerability High
CVE-2025-8264 was published for z-push/z-push-dev (Composer) Jul 29, 2025
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability High
CVE-2020-24950 was published for codeigniter/framework (Composer) Aug 11, 2023 withdrawn
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
Moodle has a SQL injection risk in course search module list filter High
CVE-2025-26533 was published for moodle/moodle (Composer) Feb 24, 2025
AnonySE26
Credited to AnonySE26
Blind SQL Injection via GridFieldSortableHeader High
CVE-2022-38148 was published for silverstripe/framework (Composer) Nov 22, 2022
phpMyAdmin SQL injection in user accounts page High
CVE-2020-5504 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
WEC Map (wec_map) extension for TYPO3 allows SQL Injection High
CVE-2014-6295 was published for jbartels/wec-map (Composer) May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-5322 was published for bednee/cooluri (Composer) May 17, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-4748 was published for georgringer/news (Composer) May 17, 2022
Multishop extension for TYPO3 has SQL Injection vulnerability High
CVE-2013-4682 was published for bvbmedia/multishop (Composer) May 17, 2022
Webkit PDFs for TYPO3 has SQL Injection vulnerability High
CVE-2010-4961 was published for dmk/webkitpdf (Composer) May 17, 2022
powermail extension for TYPO3 vulnerable to SQL Injection High
CVE-2010-3604 was published for in2code/powermail (Composer) May 17, 2022
Moodle vulnerable to SQL injection High
CVE-2010-1615 was published for moodle/moodle (Composer) May 13, 2022
Accessibility Glossary (a21glossary) SQL injection vulnerability High
CVE-2009-4803 was published for svewap/a21glossary (Composer) May 2, 2022
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors High
CVE-2010-0329 was published for in2code/powermail (Composer) May 2, 2022
AdaptCMS SQL Injection vulnerability High
CVE-2008-4524 was published for adaptcms/adaptcms (Composer) May 2, 2022
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
Credited to 0xROI
EGroupware mishandles an ORDER BY clause High
CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024
blitzdose
Credited to blitzdose
SQL Injection vulnerability in Reportico Till High
CVE-2023-47438 was published for reportico-web/reportico (Composer) Mar 28, 2024
SQL injection in funadmin High
CVE-2024-48230 was published for funadmin/funadmin (Composer) Oct 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database