Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

6,962 advisories

Loading
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before... High Unreviewed
CVE-2022-3925 was published Dec 12, 2022
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username:... High Unreviewed
CVE-2020-23935 was published May 24, 2022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-46252 was published Apr 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-46242 was published Apr 22, 2025
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated... High Unreviewed
CVE-2017-5663 was published May 14, 2022
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. High Unreviewed
CVE-2017-17615 was published May 14, 2022
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL... High Unreviewed
CVE-2017-16542 was published May 14, 2022
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for... High Unreviewed
CVE-2015-5533 was published May 14, 2022
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for... High Unreviewed
CVE-2015-7714 was published May 13, 2022
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime... High Unreviewed
CVE-2017-12276 was published May 13, 2022
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the ... High Unreviewed
CVE-2017-15378 was published May 17, 2022
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50... High Unreviewed
CVE-2017-2133 was published May 17, 2022
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id... High Unreviewed
CVE-2017-14848 was published May 13, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... High Unreviewed
CVE-2017-14757 was published May 17, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... High Unreviewed
CVE-2017-14758 was published May 17, 2022
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14845 was published May 17, 2022
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14844 was published May 17, 2022
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14846 was published May 17, 2022
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14847 was published May 17, 2022
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14843 was published May 17, 2022
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. High Unreviewed
CVE-2017-14842 was published May 17, 2022
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin... High Unreviewed
CVE-2017-15578 was published May 17, 2022
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to... High Unreviewed
CVE-2015-4669 was published May 14, 2022
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2... High Unreviewed
CVE-2017-14508 was published May 14, 2022
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function... High Unreviewed
CVE-2017-1002026 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database