GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
NoSQL Injection in loopback-connector-mongodb
High
GHSA-m734-r4g6-34f9
was published
for
loopback-connector-mongodb
(npm)
Jun 4, 2019
Potential SQL Injection in sequelize
High
CVE-2016-10553
was published
for
sequelize
(npm)
Feb 18, 2019
SQL Injection in waterline-sequel
High
CVE-2016-10551
was published
for
waterline-sequel
(npm)
Feb 18, 2019
NoSQL Injection in loopback-connector-mongodb
High
GHSA-hxwc-5vw9-2w4w
was published
for
loopback-connector-mongodb
(npm)
Sep 2, 2020
NoSQL injection in express-cart
High
GHSA-f5cv-xrv9-r8w7
was published
for
express-cart
(npm)
Sep 1, 2020
SQL Injection in sails-mysql
High
GHSA-hx5x-49mm-vmhw
was published
for
sails-mysql
(npm)
Sep 3, 2020
SQL Injection in untitled-model
High
GHSA-hq8g-qq57-5275
was published
for
untitled-model
(npm)
Sep 11, 2020
SQL Injection in connect-pg-simple
High
CVE-2019-15658
was published
for
connect-pg-simple
(npm)
Aug 26, 2019
SQL Injection when creating an application with Reactive SQL backend
High
CVE-2022-24815
was published
for
generator-jhipster
(npm)
Apr 7, 2022
@cubejs-backend/api-gateway row level security bypass
High
CVE-2022-23510
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 12, 2022
Strapi mishandles hidden attributes within admin API responses
High
CVE-2022-31367
was published
for
@strapi/strapi
(npm)
Sep 28, 2022
Madge vulnerable to command injection
High
CVE-2021-23352
was published
for
madge
(npm)
Mar 12, 2021
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
FUXA SQL Injection vulnerability
High
CVE-2023-31717
was published
for
fuxa-server
(npm)
Sep 22, 2023
ProTip!
Advisories are also available from the
GraphQL API