Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,409
Erlang
33
GitHub Actions
22
Go
2,144
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,671 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-13148 was published Feb 27, 2025
A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This... Critical Unreviewed
CVE-2025-1751 was published Feb 27, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-45074 was published Nov 6, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-35911 was published Nov 6, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-45069 was published Nov 6, 2023
The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or... Critical Unreviewed
CVE-2023-27569 was published Mar 21, 2023
The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. Critical Unreviewed
CVE-2023-27570 was published Mar 21, 2023
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for... Critical Unreviewed
CVE-2023-27638 was published Mar 22, 2023
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for... Critical Unreviewed
CVE-2023-27637 was published Mar 22, 2023
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior... Critical Unreviewed
CVE-2025-1132 was published Feb 19, 2025
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-1134 was published Feb 19, 2025
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-1133 was published Feb 19, 2025
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute... Critical Unreviewed
CVE-2025-1135 was published Feb 19, 2025
NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL... Critical Unreviewed
CVE-2024-53544 was published Feb 25, 2025
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2025-22974 was published Feb 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-26974 was published Feb 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-26943 was published Feb 25, 2025
XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2024-54820 was published Feb 24, 2025
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the... Critical Unreviewed
CVE-2021-43140 was published May 24, 2022
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail... Critical Unreviewed
CVE-2025-24490 was published Feb 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-33551 was published Apr 29, 2024
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-1023 was published Feb 18, 2025
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. Critical Unreviewed
CVE-2023-28883 was published Mar 27, 2023
A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend... Critical Unreviewed
CVE-2024-55460 was published Feb 18, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-22290 was published Feb 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database