Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,538
Maven
5,000+
npm
5,000+
NuGet
914
pip
4,790
Pub
13
RubyGems
1,037
Rust
1,232
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16,860 advisories

Loading
PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2026-29861 was published Apr 10, 2026
A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online... Critical Unreviewed
CVE-2026-36235 was published Apr 10, 2026
A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode... Critical Unreviewed
CVE-2026-36233 was published Apr 10, 2026
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php... Critical Unreviewed
CVE-2026-36236 was published Apr 10, 2026
A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online... Critical Unreviewed
CVE-2026-36232 was published Apr 10, 2026
itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse... Critical Unreviewed
CVE-2026-36234 was published Apr 10, 2026
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability... High Unreviewed
CVE-2026-23780 was published Apr 10, 2026
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that... High Unreviewed
CVE-2023-54359 was published Apr 9, 2026
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall... Unknown Unreviewed
CVE-2026-4112 was published Apr 9, 2026
Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input... High Unreviewed
CVE-2026-34185 was published Apr 9, 2026
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the ... High Unreviewed
CVE-2026-3396 was published Apr 8, 2026
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction,... Moderate Unreviewed
CVE-2026-1865 was published Apr 8, 2026
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow... Moderate Unreviewed
CVE-2026-33088 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-39495 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39486 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-39497 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-39496 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-39466 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-39475 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-39479 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-39487 was published Apr 8, 2026
The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off'... Moderate Unreviewed
CVE-2026-3781 was published Apr 8, 2026
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is... High Unreviewed
CVE-2026-24913 was published Apr 8, 2026
Drizzle ORM has SQL injection via improperly escaped SQL identifiers High
CVE-2026-39356 was published for drizzle-orm (npm) Apr 8, 2026
EthanKim88 Credited to EthanKim88 and 0x90sh 0x90sh 0x90sh
PowerJob vulnerable to SQL injection Moderate
CVE-2026-5736 was published for tech.powerjob:powerjob-server-starter (Maven) Apr 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database