Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,063 advisories

Loading
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. Critical Unreviewed
CVE-2022-24606 was published Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. Critical Unreviewed
CVE-2022-24605 was published Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. Critical Unreviewed
CVE-2022-24604 was published Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. Critical Unreviewed
CVE-2022-24607 was published Mar 11, 2022
SQL Injection in WordPress Zero Spam WordPress plugin Critical
CVE-2022-0254 was published for bmarshall511/wordpress_zero_spam (Composer) Mar 15, 2022
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the... Critical Unreviewed
CVE-2022-0169 was published Mar 15, 2022
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location... Critical Unreviewed
CVE-2022-0658 was published Mar 15, 2022
DQL injection through sorting parameters blocked Critical
CVE-2022-24752 was published for sylius/grid-bundle (Composer) Mar 15, 2022
dbalabka
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via... Critical Unreviewed
CVE-2022-25494 was published Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in... Critical Unreviewed
CVE-2022-25490 was published Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in... Critical Unreviewed
CVE-2022-25492 was published Mar 16, 2022
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in ... Critical Unreviewed
CVE-2022-25488 was published Mar 16, 2022
Online Project Time Management System v1.0 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2022-26293 was published Mar 17, 2022
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using... Critical Unreviewed
CVE-2021-25007 was published Mar 15, 2022
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST... Critical Unreviewed
CVE-2022-0739 was published Mar 22, 2022
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in ... Critical Unreviewed
CVE-2022-25505 was published Mar 22, 2022
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id... Critical Unreviewed
CVE-2022-0760 was published Mar 22, 2022
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries... Critical Unreviewed
CVE-2022-25222 was published Mar 24, 2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2022-26283 was published Mar 23, 2022
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. Critical Unreviewed
CVE-2021-43735 was published Mar 24, 2022
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the... Critical Unreviewed
CVE-2022-0694 was published Mar 22, 2022
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier... Critical Unreviewed
CVE-2021-27468 was published Mar 24, 2022
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier... Critical Unreviewed
CVE-2021-27464 was published Mar 24, 2022
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation... Critical Unreviewed
CVE-2021-27472 was published Mar 24, 2022
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username... Critical Unreviewed
CVE-2021-43650 was published Mar 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database