Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,180
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,324
Pub
11
RubyGems
882
Rust
835
Swift
35
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
SQL Injection in sequelize Critical
CVE-2019-10748 was published for sequelize (npm) Nov 6, 2019
SQL Injection in sequelize Critical
CVE-2019-10749 was published for sequelize (npm) Nov 8, 2019
Privilege Escalation due to Blind NoSQL Injection in flintcms Critical
CVE-2018-3783 was published for flintcms (npm) Aug 21, 2018
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
SQL Injection in knex Critical
CVE-2019-10757 was published for knex (npm) Oct 21, 2019
Sequelize vulnerable to SQL Injection via replacements Critical
CVE-2023-25813 was published for sequelize (npm) Feb 22, 2023
ephys
feathers-sequelize contains improper input validation leading to SQL injection Critical
CVE-2022-2422 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
SQL Injection via GeoJSON in sequelize Critical
CVE-2016-1000225 was published for sequelize (npm) Sep 1, 2020
tdunlap607
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering Critical
CVE-2022-29822 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
SQL Injection in sequelize Critical
CVE-2019-10752 was published for sequelize (npm) Oct 25, 2019
nodebatis SQL Injection vulnerability Critical
CVE-2018-25066 was published for nodebatis (npm) Jan 6, 2023
FUXA SQL Injection vulnerability Critical
CVE-2023-31719 was published for fuxa-server (npm) Sep 22, 2023
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection Critical
CVE-2024-27298 was published for parse-server (npm) Mar 1, 2024
mtrezza EhsanParsania
SQL injection in typeORM Critical
CVE-2022-33171 was published for typeorm (npm) Jul 5, 2022
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database