Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,930
Maven
5,000+
npm
4,587
NuGet
786
pip
4,294
Pub
12
RubyGems
981
Rust
1,114
Swift
49
Unreviewed advisories
All unreviewed
5,000+

16,133 advisories

Loading
Tanium addressed an improper input validation vulnerability in Discover. Moderate Unreviewed
CVE-2025-15325 was published Feb 5, 2026
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters Critical
CVE-2026-25544 was published for @payloadcms/drizzle (npm) Feb 5, 2026
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the... High Unreviewed
CVE-2020-37151 was published Feb 5, 2026
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could... High Unreviewed
CVE-2025-13379 was published Feb 5, 2026
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-13192 was published Feb 5, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-5329 was published Feb 4, 2026
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection... Moderate Unreviewed
CVE-2026-0816 was published Feb 4, 2026
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL... Moderate Unreviewed
CVE-2026-1370 was published Feb 4, 2026
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the ... High Unreviewed
CVE-2025-15268 was published Feb 4, 2026
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that... High Unreviewed
CVE-2020-37089 was published Feb 4, 2026
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting'... High Unreviewed
CVE-2019-25260 was published Feb 4, 2026
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php... High Unreviewed
CVE-2020-37076 was published Feb 4, 2026
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows... High Unreviewed
CVE-2020-37083 was published Feb 4, 2026
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin... High Unreviewed
CVE-2020-37081 was published Feb 4, 2026
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1... Critical Unreviewed
CVE-2025-10878 was published Feb 3, 2026
OpenSTAManager has an SQL Injection in the Stampe Module High
CVE-2025-69215 was published for devcode-it/openstamanager (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) High
CVE-2025-69213 was published for devcode-it/openstamanager (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList... Critical Unreviewed
CVE-2025-57529 was published Feb 3, 2026
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter... Critical Unreviewed
CVE-2025-63624 was published Feb 3, 2026
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that... High Unreviewed
CVE-2020-37110 was published Feb 3, 2026
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated... High Unreviewed
CVE-2020-37112 was published Feb 3, 2026
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of... High Unreviewed
CVE-2020-37108 was published Feb 3, 2026
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows... High Unreviewed
CVE-2020-37105 was published Feb 3, 2026
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database