GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,680
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
235 advisories
Filter by severity
SQL injection in funadmin
High
CVE-2024-48231
was published
for
funadmin/funadmin
(Composer)
Oct 21, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations
High
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
Admidio has Blind SQL Injection in ecard_send.php
Critical
CVE-2024-37906
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
EGroupware mishandles an ORDER BY clause
Moderate
CVE-2024-40614
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Critical
CVE-2024-37843
was published
for
craftcms/cms
(Composer)
Jun 25, 2024
SQL injection in opencart
High
CVE-2024-21514
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
High
GHSA-x2f4-8wxf-w3vf
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
SQL Injection in TYPO3 Frontend Login
Moderate
GHSA-j86x-pjmr-9m6w
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 CMS Privilege Escalation and SQL Injection
High
GHSA-45wj-jv2h-jwrf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
High
GHSA-xc69-p8fc-m6m5
was published
for
silverstripe/subsites
(Composer)
May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability
High
GHSA-p2v5-xcqm-4fv6
was published
for
silverstripe/taxonomy
(Composer)
May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
High
GHSA-265q-222x-52m6
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework SQL injection in full text search
High
GHSA-xx4r-5265-48j6
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
propel/propel1 SQL injection possible with limit() on MySQL
Critical
GHSA-7g7c-qhf3-x59p
was published
for
propel/propel1
(Composer)
May 20, 2024
Propel2 SQL injection possible with limit() on MySQL
Critical
GHSA-7vw7-qx38-37vr
was published
for
propel/propel
(Composer)
May 20, 2024
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
ADOdb SQL injection vulnerability
Critical
GHSA-h63c-xvpf-264j
was published
for
adodb/adodb-php
(Composer)
May 15, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
ProTip!
Advisories are also available from the
GraphQL API