GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
6,975 advisories
Filter by severity
The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby...
High
Unreviewed
CVE-2021-24753
was published
Dec 28, 2021
Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient...
High
Unreviewed
CVE-2021-44161
was published
Dec 30, 2021
Telephony application has a SQL Injection vulnerability.Successful exploitation of this...
High
Unreviewed
CVE-2021-39978
was published
Jan 4, 2022
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not...
High
Unreviewed
CVE-2021-25023
was published
Jan 4, 2022
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text...
High
Unreviewed
CVE-2021-25030
was published
Jan 4, 2022
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the ...
High
Unreviewed
CVE-2021-24786
was published
Jan 4, 2022
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build...
High
Unreviewed
CVE-2020-28679
was published
Jan 11, 2022
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its...
High
Unreviewed
CVE-2021-24862
was published
Jan 11, 2022
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and...
High
Unreviewed
CVE-2021-25054
was published
Jan 11, 2022
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a...
High
Unreviewed
CVE-2021-43971
was published
Jan 12, 2022
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql'...
High
Unreviewed
CVE-2021-45406
was published
Jan 15, 2022
SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.
High
Unreviewed
CVE-2021-38694
was published
Jan 19, 2022
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet"...
High
Unreviewed
CVE-2022-23046
was published
Jan 20, 2022
pimcore is vulnerable to SQL Injection
High
CVE-2022-0258
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
SQL Injection in dolibarr
High
CVE-2022-0224
was published
for
dolibarr/dolibarr
(Composer)
Jan 21, 2022
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution...
High
Unreviewed
CVE-2021-44593
was published
Jan 22, 2022
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100,...
High
Unreviewed
CVE-2021-4088
was published
Jan 25, 2022
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id...
High
Unreviewed
CVE-2021-25045
was published
Jan 25, 2022
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order...
High
Unreviewed
CVE-2021-24865
was published
Jan 25, 2022
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the...
High
Unreviewed
CVE-2021-24858
was published
Jan 25, 2022
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this...
High
Unreviewed
CVE-2021-45803
was published
Jan 26, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46385
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
Mingsoft MCMS SQL injection vulnerability
High
CVE-2021-46383
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 27, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator...
High
Unreviewed
CVE-2022-24265
was published
Feb 1, 2022
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator...
High
Unreviewed
CVE-2022-24266
was published
Feb 1, 2022
ProTip!
Advisories are also available from the
GraphQL API