Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

540 advisories

Loading
llama_index vulnerable to SQL Injection Critical
CVE-2025-1793 was published for llama-index (pip) Jun 5, 2025
Malayke
Apache Superset: Improper authorization bypass on row level security via SQL Injection High
CVE-2025-48912 was published for apache-superset (pip) May 30, 2025
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr
SeaweedFS Vulnerable to SQL Injection Moderate
CVE-2024-40120 was published for github.com/seaweedfs/seaweedfs (Go) May 16, 2025
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Critical
CVE-2025-46337 was published for adodb/adodb-php (Composer) May 1, 2025
mrcnpp dregad
PostHog Plugin Server SQL Injection Vulnerability High
CVE-2025-1520 was published for @posthog/plugin-server (npm) Apr 23, 2025
org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API Critical
CVE-2025-32969 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 23, 2025
madprogrammer
org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API High
CVE-2025-32968 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 23, 2025
OpenMetadata SQL Injection High
CVE-2024-55238 was published for org.open-metadata:openmetadata-service (Maven) Apr 17, 2025
crud-query-parser SQL Injection vulnerability High
CVE-2025-32020 was published for crud-query-parser (npm) Apr 9, 2025
Flowise Vulnerable to SQL Injection via `tableName` Parameter High
CVE-2025-29189 was published for flowise-components (npm) Apr 9, 2025
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
Apache Airflow Common SQL Provider Vulnerable to SQL Injection High
CVE-2025-30473 was published for apache-airflow-providers-common-sql (pip) Apr 7, 2025
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component High
CVE-2025-29085 was published for com.vip.saturn:saturn-console (Maven) Apr 2, 2025
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30217 was published for frappe (pip) Mar 26, 2025
cydave
Frappe has possibility of SQL injection due to improper validations Moderate
CVE-2025-30212 was published for frappe (pip) Mar 25, 2025
yeuchimse
llama-index-packs-finchat SQL Injection vulnerability Critical
CVE-2024-12909 was published for llama-index-packs-finchat (pip) Mar 20, 2025
logan-markewich
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection Critical
CVE-2024-11958 was published for llama-index-retrievers-duckdb-retriever (pip) Mar 20, 2025
DB-GPT Arbitrary File Write vulnerability Critical
CVE-2024-10901 was published for dbgpt (pip) Mar 20, 2025
Apache Airflow MySQL Provider is Vulnerable to SQL Injection Moderate
CVE-2025-27018 was published for apache-airflow-providers-mysql (pip) Mar 19, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition Moderate
CVE-2025-27617 was published for pimcore/pimcore (Composer) Mar 11, 2025
cancan101
Moodle has a SQL injection risk in course search module list filter High
CVE-2025-26533 was published for moodle/moodle (Composer) Feb 24, 2025
AnonySE26
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
SQL injection in JeecgBoot High
CVE-2024-57606 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Feb 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database