Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,224 advisories

Loading
Improper neutralization of input provided by an unauthorized user into changes__reference_id... Critical Unreviewed
CVE-2025-4568 was published Jun 5, 2025
The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6809 was published May 15, 2025
Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component ... Critical Unreviewed
CVE-2024-48072 was published Nov 19, 2024
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at... Critical Unreviewed
CVE-2024-22108 was published Feb 2, 2024
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-3549 was published Jun 11, 2024
llama_index vulnerable to SQL Injection Critical
CVE-2025-1793 was published for llama-index (pip) Jun 5, 2025
Malayke
Credited to Malayke
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-31424 was published Jun 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-31059 was published Jun 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-48281 was published Jun 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-24767 was published Jun 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-48141 was published Jun 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-48122 was published Jun 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-47608 was published Jun 9, 2025
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly... Critical Unreviewed
CVE-2024-6159 was published May 15, 2025
The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise... Critical Unreviewed
CVE-2023-3211 was published Jan 16, 2024
A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was... Critical Unreviewed
CVE-2025-49467 was published Jun 12, 2025
XWiki allows SQL injection in query endpoint of REST API with Oracle Critical
CVE-2024-56158 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 12, 2025
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches... Critical Unreviewed
CVE-2023-0224 was published Jan 16, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource
Credited to paul-gerste-sonarsource
The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection... Critical Unreviewed
CVE-2025-6169 was published Jun 16, 2025
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou... Critical Unreviewed
CVE-2023-51927 was published Jan 20, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-47573 was published Jun 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39479 was published Jun 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-24773 was published Jun 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-48274 was published Jun 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database