Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,930
Maven
5,000+
npm
4,587
NuGet
786
pip
4,294
Pub
12
RubyGems
981
Rust
1,114
Swift
49
Unreviewed advisories
All unreviewed
5,000+

7,338 advisories

Loading
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the... High Unreviewed
CVE-2020-37151 was published Feb 5, 2026
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could... High Unreviewed
CVE-2025-13379 was published Feb 5, 2026
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-13192 was published Feb 5, 2026
Mongoose search injection vulnerability High
CVE-2024-53900 was published for mongoose (npm) Dec 2, 2024
balles skrtheboss
ljharb
Credited to balles, skrtheboss, and ljharb
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has an SQL Injection in the Stampe Module High
CVE-2025-69215 was published for devcode-it/openstamanager (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the ... High Unreviewed
CVE-2025-15268 was published Feb 4, 2026
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that... High Unreviewed
CVE-2020-37089 was published Feb 4, 2026
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows... High Unreviewed
CVE-2020-37083 was published Feb 4, 2026
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php... High Unreviewed
CVE-2020-37076 was published Feb 4, 2026
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting'... High Unreviewed
CVE-2019-25260 was published Feb 4, 2026
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin... High Unreviewed
CVE-2020-37081 was published Feb 4, 2026
Django has an SQL Injection issue High
CVE-2026-1312 was published for Django (pip) Feb 3, 2026
Django has an SQL Injection issue High
CVE-2026-1287 was published for Django (pip) Feb 3, 2026
Django has an SQL Injection issue High
CVE-2026-1207 was published for Django (pip) Feb 3, 2026
OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) High
CVE-2025-69213 was published for devcode-it/openstamanager (Composer) Feb 3, 2026
lukasz-rybak
Credited to lukasz-rybak
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that... High Unreviewed
CVE-2020-37110 was published Feb 3, 2026
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of... High Unreviewed
CVE-2020-37108 was published Feb 3, 2026
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated... High Unreviewed
CVE-2020-37112 was published Feb 3, 2026
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows... High Unreviewed
CVE-2020-37105 was published Feb 3, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-25022 was published Feb 3, 2026
LibreNMS contains an authenticated SQL Injection vulnerability High
CVE-2020-36947 was published for librenms/librenms (Composer) Jan 27, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-8587 was published Feb 2, 2026
geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure High
CVE-2025-69662 was published for geopandas (pip) Jan 30, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database