Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

321 advisories

Loading
OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals High
CVE-2026-35470 was published for devcode-it/openstamanager (Composer) Apr 3, 2026
ormzro Credited to ormzro
OpenSTAManager: SQL Injection via Aggiornamenti Module High
CVE-2026-35168 was published for devcode-it/openstamanager (Composer) Apr 3, 2026
ormzro Credited to ormzro
OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter High
CVE-2026-28805 was published for devcode-it/openstamanager (Composer) Apr 1, 2026
ormzro Credited to ormzro
baserCMS has an SQL injection vulnerability in its blog post functionality Moderate
CVE-2026-27697 was published for baserproject/basercms (Composer) Mar 31, 2026
AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables High
CVE-2026-33770 was published for wwbn/avideo (Composer) Mar 26, 2026
athuljayaram Credited to athuljayaram
AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query High
CVE-2026-33767 was published for wwbn/avideo (Composer) Mar 26, 2026
athuljayaram Credited to athuljayaram
AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id Parameter High
CVE-2026-33723 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat() High
CVE-2026-33651 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter High
CVE-2026-33485 was published for wwbn/avideo (Composer) Mar 20, 2026
AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) Critical
CVE-2026-33352 was published for wwbn/avideo (Composer) Mar 19, 2026
iconnnjka Credited to iconnnjka
Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw() High
CVE-2026-31891 was published for cockpit-hq/cockpit (Composer) Mar 17, 2026
ffasterss Credited to ffasterss
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) High
CVE-2026-32813 was published for admidio/admidio (Composer) Mar 16, 2026
offset Credited to offset
CraftCMS's `ElementSearchController` Affected by Blind SQL Injection High
CVE-2026-31858 was published for craftcms/cms (Composer) Mar 11, 2026
Neosprings Credited to Neosprings
Sylius has a DQL Injection via API Order Filters Moderate
CVE-2026-31825 was published for sylius/sylius (Composer) Mar 11, 2026
Neosprings Credited to Neosprings and bnBart bnBart bnBart
LimeSurvey is vulnerable to SQL injection High
CVE-2025-56421 was published for limesurvey/limesurvey (Composer) Mar 10, 2026
Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting High
CVE-2026-29174 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting High
CVE-2026-29172 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php Critical
CVE-2026-28501 was published for wwbn/avideo (Composer) Mar 2, 2026
arkmarta Credited to arkmarta
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting High
CVE-2026-3105 was published for mautic/core (Composer) Feb 25, 2026
q1uf3ng Credited to q1uf3ng, patrykgruszka, and escopecz patrykgruszka patrykgruszka
escopecz escopecz
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause Moderate
CVE-2026-27461 was published for pimcore/pimcore (Composer) Feb 24, 2026
q1uf3ng Credited to q1uf3ng
LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php High
CVE-2026-26990 was published for librenms/librenms (Composer) Feb 18, 2026
quirmz Credited to quirmz
LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream. High
CVE-2026-26988 was published for librenms/librenms (Composer) Feb 18, 2026
Snow1nd Credited to Snow1nd
Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]` High
CVE-2026-25495 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am Credited to mHe4am
OpenSTAManager has a SQL Injection in the Prima Nota module High
CVE-2026-24419 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak Credited to lukasz-rybak
OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module High
CVE-2026-24418 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak Credited to lukasz-rybak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database