GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
High
CVE-2021-29053
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
May 24, 2022
Shopware Vulnerable to Blind SQL-injection in DAL aggregations
High
CVE-2025-27892
was published
for
shopware/core
(Composer)
Apr 8, 2025
Moodle has a SQL injection risk in course search module list filter
High
CVE-2025-26533
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Blind SQL Injection via GridFieldSortableHeader
High
CVE-2022-38148
was published
for
silverstripe/framework
(Composer)
Nov 22, 2022
OpenMetadata SQL Injection
High
CVE-2024-55238
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 17, 2025
PostHog Plugin Server SQL Injection Vulnerability
High
CVE-2025-1520
was published
for
@posthog/plugin-server
(npm)
Apr 23, 2025
org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API
High
CVE-2025-32968
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 23, 2025
phpMyAdmin SQL injection in user accounts page
High
CVE-2020-5504
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Apache Jetspeed vulnerable to SQL Injection
High
CVE-2016-0710
was published
for
org.apache.portals.jetspeed-2:jetspeed
(Maven)
May 17, 2022
WEC Map (wec_map) extension for TYPO3 allows SQL Injection
High
CVE-2014-6295
was published
for
jbartels/wec-map
(Composer)
May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-5322
was published
for
bednee/cooluri
(Composer)
May 17, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-4748
was published
for
georgringer/news
(Composer)
May 17, 2022
Multishop extension for TYPO3 has SQL Injection vulnerability
High
CVE-2013-4682
was published
for
bvbmedia/multishop
(Composer)
May 17, 2022
Webkit PDFs for TYPO3 has SQL Injection vulnerability
High
CVE-2010-4961
was published
for
dmk/webkitpdf
(Composer)
May 17, 2022
powermail extension for TYPO3 vulnerable to SQL Injection
High
CVE-2010-3604
was published
for
in2code/powermail
(Composer)
May 17, 2022
Moodle vulnerable to SQL injection
High
CVE-2010-1615
was published
for
moodle/moodle
(Composer)
May 13, 2022
Accessibility Glossary (a21glossary) SQL injection vulnerability
High
CVE-2009-4803
was published
for
svewap/a21glossary
(Composer)
May 2, 2022
Flowise Vulnerable to SQL Injection via `tableName` Parameter
High
CVE-2025-29189
was published
for
flowise-components
(npm)
Apr 9, 2025
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors
High
CVE-2010-0329
was published
for
in2code/powermail
(Composer)
May 2, 2022
AdaptCMS SQL Injection vulnerability
High
CVE-2008-4524
was published
for
adaptcms/adaptcms
(Composer)
May 2, 2022
snowflake-connector-python vulnerable to SQL Injection in write_pandas
High
CVE-2025-24793
was published
for
snowflake-connector-python
(pip)
Jan 29, 2025
crud-query-parser SQL Injection vulnerability
High
CVE-2025-32020
was published
for
crud-query-parser
(npm)
Apr 9, 2025
Apache Airflow Common SQL Provider Vulnerable to SQL Injection
High
CVE-2025-30473
was published
for
apache-airflow-providers-common-sql
(pip)
Apr 7, 2025
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
High
CVE-2025-29085
was published
for
com.vip.saturn:saturn-console
(Maven)
Apr 2, 2025
rttys SQL Injection vulnerability
High
CVE-2022-38867
was published
for
github.com/zhaojh329/rttys
(Go)
Feb 16, 2023
ProTip!
Advisories are also available from the
GraphQL API