GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,124
Composer 5,625
Erlang 49
GitHub Actions 49
Go 3,538
Maven 6,421
npm 5,798
NuGet 914
pip 4,790
Pub 13
RubyGems 1,037
Rust 1,232
Swift 53

Unreviewed advisories

All unreviewed 298,140

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

16,860 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the... High Unreviewed

CVE-2021-24550 was published May 24, 2022

The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes... High Unreviewed

CVE-2021-24555 was published May 24, 2022

SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the... High Unreviewed

CVE-2020-18877 was published May 24, 2022

A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module... High Unreviewed

CVE-2021-36748 was published May 24, 2022

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search... Moderate Unreviewed

CVE-2021-27999 was published May 24, 2022

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php ... Critical Unreviewed

CVE-2021-39302 was published May 24, 2022

SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component... High Unreviewed

CVE-2020-18746 was published May 24, 2022

SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2021-37358 was published May 24, 2022

A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows... High Unreviewed

CVE-2020-22122 was published May 24, 2022

SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill... Critical Unreviewed

CVE-2020-18164 was published May 24, 2022

SQL Injection vulnerability in Hospital Management System due to lack of input validation in... Critical Unreviewed

CVE-2021-38754 was published May 24, 2022

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to... Critical Unreviewed

CVE-2021-28890 was published May 24, 2022

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications... Critical Unreviewed

CVE-2021-37350 was published May 24, 2022

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via... Critical Unreviewed

CVE-2021-38574 was published May 24, 2022

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers... High Unreviewed

CVE-2020-20981 was published May 24, 2022

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename... Critical Unreviewed

CVE-2020-20975 was published May 24, 2022

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is... Critical Unreviewed

CVE-2021-37599 was published May 24, 2022

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access... High Unreviewed

CVE-2020-23150 was published May 24, 2022

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to... High Unreviewed

CVE-2020-23149 was published May 24, 2022

The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing... High Unreviewed

CVE-2021-24520 was published May 24, 2022

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the... Critical Unreviewed

CVE-2021-24507 was published May 24, 2022

A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows... High Unreviewed

CVE-2020-28087 was published May 24, 2022

In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the... Critical Unreviewed

CVE-2021-38159 was published May 24, 2022

Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers. High Unreviewed

CVE-2021-38168 was published May 24, 2022

Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can... Critical Unreviewed

CVE-2021-38167 was published May 24, 2022

Previous 1…394…400 Next

Previous 1 2 … 392 393 394 395 396 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

16,860 advisories