Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16,842 advisories

Loading
When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the... High Unreviewed
CVE-2021-24341 was published May 24, 2022
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1,... Moderate Unreviewed
CVE-2021-24345 was published May 24, 2022
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter... Moderate Unreviewed
CVE-2021-24360 was published May 24, 2022
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote... Moderate Unreviewed
CVE-2021-23230 was published May 24, 2022
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker... High Unreviewed
CVE-2021-32932 was published May 24, 2022
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability,... High Unreviewed
CVE-2020-24667 was published May 24, 2022
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability,... High Unreviewed
CVE-2020-24671 was published May 24, 2022
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x... High Unreviewed
CVE-2021-33894 was published May 24, 2022
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST... High Unreviewed
CVE-2021-24336 was published May 24, 2022
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via... High Unreviewed
CVE-2021-24337 was published May 24, 2022
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function... High Unreviewed
CVE-2021-24340 was published May 24, 2022
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and... Moderate Unreviewed
CVE-2021-29099 was published May 24, 2022
AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows... Moderate Unreviewed
CVE-2020-36004 was published May 24, 2022
FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib... Critical Unreviewed
CVE-2020-35441 was published May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-29089 was published May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... High Unreviewed
CVE-2021-29090 was published May 24, 2022
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an... High Unreviewed
CVE-2020-25362 was published May 24, 2022
The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable... High Unreviewed
CVE-2020-24862 was published May 24, 2022
SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing... Critical Unreviewed
CVE-2021-27828 was published May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-33180 was published May 24, 2022
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the... Critical Unreviewed
CVE-2021-24321 was published May 24, 2022
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and... High Unreviewed
CVE-2020-26668 was published May 24, 2022
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a... High Unreviewed
CVE-2020-26677 was published May 24, 2022
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. Critical Unreviewed
CVE-2021-33470 was published May 24, 2022
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over... Critical Unreviewed
CVE-2020-25409 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database