Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16,777 advisories

Loading
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that... High Unreviewed
CVE-2023-54359 was published Apr 9, 2026
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall... Unknown Unreviewed
CVE-2026-4112 was published Apr 9, 2026
Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input... High Unreviewed
CVE-2026-34185 was published Apr 9, 2026
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the ... High Unreviewed
CVE-2026-3396 was published Apr 8, 2026
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction,... Moderate Unreviewed
CVE-2026-1865 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39496 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39475 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39497 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39495 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39487 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39486 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39466 was published Apr 8, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Unknown Unreviewed
CVE-2026-39479 was published Apr 8, 2026
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow... Moderate Unreviewed
CVE-2026-33088 was published Apr 8, 2026
The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off'... Moderate Unreviewed
CVE-2026-3781 was published Apr 8, 2026
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is... High Unreviewed
CVE-2026-24913 was published Apr 8, 2026
Drizzle ORM has SQL injection via improperly escaped SQL identifiers High
CVE-2026-39356 was published for drizzle-orm (npm) Apr 8, 2026
EthanKim88 Credited to EthanKim88 and 0x90sh 0x90sh 0x90sh
PowerJob vulnerable to SQL injection Moderate
CVE-2026-5736 was published for tech.powerjob:powerjob-server-starter (Maven) Apr 7, 2026
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the... Critical Unreviewed
CVE-2026-23696 was published Apr 7, 2026
The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL... Critical Unreviewed
CVE-2024-36058 was published Apr 7, 2026
An issue that allowed a SQL injection attack vector related to saved queries (introduced in... Moderate Unreviewed
CVE-2026-5372 was published Apr 7, 2026
The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is... Moderate Unreviewed
CVE-2026-4079 was published Apr 7, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-34885 was published Apr 6, 2026
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows... High Unreviewed
CVE-2019-25680 was published Apr 5, 2026
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25684 was published Apr 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database