Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

228 advisories

Loading
Apache Superset: Improper authorization bypass on row level security via SQL Injection High
CVE-2025-48912 was published for apache-superset (pip) May 30, 2025
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections High
CVE-2021-29053 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
Moodle has a SQL injection risk in course search module list filter High
CVE-2025-26533 was published for moodle/moodle (Composer) Feb 24, 2025
AnonySE26
Blind SQL Injection via GridFieldSortableHeader High
CVE-2022-38148 was published for silverstripe/framework (Composer) Nov 22, 2022
OpenMetadata SQL Injection High
CVE-2024-55238 was published for org.open-metadata:openmetadata-service (Maven) Apr 17, 2025
PostHog Plugin Server SQL Injection Vulnerability High
CVE-2025-1520 was published for @posthog/plugin-server (npm) Apr 23, 2025
org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API High
CVE-2025-32968 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 23, 2025
phpMyAdmin SQL injection in user accounts page High
CVE-2020-5504 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Apache Jetspeed vulnerable to SQL Injection High
CVE-2016-0710 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
WEC Map (wec_map) extension for TYPO3 allows SQL Injection High
CVE-2014-6295 was published for jbartels/wec-map (Composer) May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-5322 was published for bednee/cooluri (Composer) May 17, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-4748 was published for georgringer/news (Composer) May 17, 2022
Multishop extension for TYPO3 has SQL Injection vulnerability High
CVE-2013-4682 was published for bvbmedia/multishop (Composer) May 17, 2022
Webkit PDFs for TYPO3 has SQL Injection vulnerability High
CVE-2010-4961 was published for dmk/webkitpdf (Composer) May 17, 2022
powermail extension for TYPO3 vulnerable to SQL Injection High
CVE-2010-3604 was published for in2code/powermail (Composer) May 17, 2022
Moodle vulnerable to SQL injection High
CVE-2010-1615 was published for moodle/moodle (Composer) May 13, 2022
Accessibility Glossary (a21glossary) SQL injection vulnerability High
CVE-2009-4803 was published for svewap/a21glossary (Composer) May 2, 2022
Flowise Vulnerable to SQL Injection via `tableName` Parameter High
CVE-2025-29189 was published for flowise-components (npm) Apr 9, 2025
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors High
CVE-2010-0329 was published for in2code/powermail (Composer) May 2, 2022
AdaptCMS SQL Injection vulnerability High
CVE-2008-4524 was published for adaptcms/adaptcms (Composer) May 2, 2022
snowflake-connector-python vulnerable to SQL Injection in write_pandas High
CVE-2025-24793 was published for snowflake-connector-python (pip) Jan 29, 2025
crud-query-parser SQL Injection vulnerability High
CVE-2025-32020 was published for crud-query-parser (npm) Apr 9, 2025
Apache Airflow Common SQL Provider Vulnerable to SQL Injection High
CVE-2025-30473 was published for apache-airflow-providers-common-sql (pip) Apr 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database