Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

6,944 advisories

Loading
org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API High
CVE-2025-32968 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 23, 2025
Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An... High Unreviewed
CVE-2022-44790 was published Dec 9, 2022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-3767 was published Apr 22, 2025
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. High Unreviewed
CVE-2022-46443 was published Dec 14, 2022
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') High Unreviewed
CVE-2025-23176 was published Apr 22, 2025
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before... High Unreviewed
CVE-2022-3925 was published Dec 12, 2022
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username:... High Unreviewed
CVE-2020-23935 was published May 24, 2022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-46252 was published Apr 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-46242 was published Apr 22, 2025
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated... High Unreviewed
CVE-2017-5663 was published May 14, 2022
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. High Unreviewed
CVE-2017-17615 was published May 14, 2022
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL... High Unreviewed
CVE-2017-16542 was published May 14, 2022
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for... High Unreviewed
CVE-2015-5533 was published May 14, 2022
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for... High Unreviewed
CVE-2015-7714 was published May 13, 2022
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime... High Unreviewed
CVE-2017-12276 was published May 13, 2022
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the ... High Unreviewed
CVE-2017-15378 was published May 17, 2022
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50... High Unreviewed
CVE-2017-2133 was published May 17, 2022
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id... High Unreviewed
CVE-2017-14848 was published May 13, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... High Unreviewed
CVE-2017-14758 was published May 17, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... High Unreviewed
CVE-2017-14757 was published May 17, 2022
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14844 was published May 17, 2022
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14846 was published May 17, 2022
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14847 was published May 17, 2022
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14845 was published May 17, 2022
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14842 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database