Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16,774 advisories

Loading
SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . Critical Unreviewed
CVE-2020-22204 was published May 24, 2022
SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. Critical Unreviewed
CVE-2020-22206 was published May 24, 2022
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. Critical Unreviewed
CVE-2020-22203 was published May 24, 2022
SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. Critical Unreviewed
CVE-2020-22209 was published May 24, 2022
SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. Critical Unreviewed
CVE-2020-22205 was published May 24, 2022
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. Critical Unreviewed
CVE-2020-22212 was published May 24, 2022
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to... Critical Unreviewed
CVE-2020-29214 was published May 24, 2022
When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the... High Unreviewed
CVE-2021-24341 was published May 24, 2022
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1,... Moderate Unreviewed
CVE-2021-24345 was published May 24, 2022
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter... Moderate Unreviewed
CVE-2021-24360 was published May 24, 2022
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote... Moderate Unreviewed
CVE-2021-23230 was published May 24, 2022
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker... High Unreviewed
CVE-2021-32932 was published May 24, 2022
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability,... High Unreviewed
CVE-2020-24667 was published May 24, 2022
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability,... High Unreviewed
CVE-2020-24671 was published May 24, 2022
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x... High Unreviewed
CVE-2021-33894 was published May 24, 2022
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST... High Unreviewed
CVE-2021-24336 was published May 24, 2022
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via... High Unreviewed
CVE-2021-24337 was published May 24, 2022
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function... High Unreviewed
CVE-2021-24340 was published May 24, 2022
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and... Moderate Unreviewed
CVE-2021-29099 was published May 24, 2022
AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows... Moderate Unreviewed
CVE-2020-36004 was published May 24, 2022
FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib... Critical Unreviewed
CVE-2020-35441 was published May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-29089 was published May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... High Unreviewed
CVE-2021-29090 was published May 24, 2022
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an... High Unreviewed
CVE-2020-25362 was published May 24, 2022
The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable... High Unreviewed
CVE-2020-24862 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database