Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

42 advisories

Loading
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix Moderate
CVE-2026-45073 was published for symfony/cache (Composer) May 27, 2026
FORIMOC Credited to FORIMOC and nicolas-grekas nicolas-grekas nicolas-grekas
MixPHP Framework has an SQL injection vulnerability via crafted `data` array Moderate
CVE-2026-42474 was published for mix/mix (Composer) May 1, 2026
MixPHP Framework has an SQL injection vulnerability Moderate
CVE-2026-42475 was published for mix/mix (Composer) May 1, 2026
baserCMS has an SQL injection vulnerability in its blog post functionality Moderate
CVE-2026-27697 was published for baserproject/basercms (Composer) Mar 31, 2026
Sylius has a DQL Injection via API Order Filters Moderate
CVE-2026-31825 was published for sylius/sylius (Composer) Mar 11, 2026
Neosprings Credited to Neosprings and bnBart bnBart bnBart
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause Moderate
CVE-2026-27461 was published for pimcore/pimcore (Composer) Feb 24, 2026
q1uf3ng Credited to q1uf3ng
CoreShop Vulnerable to SQL Injection via Admin Reports Moderate
CVE-2026-22242 was published for coreshop/core-shop (Composer) Jan 7, 2026
PlyNatwara Credited to PlyNatwara and bypazs bypazs bypazs
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint Moderate
CVE-2025-65093 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder Credited to marcelomulder
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60798 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60797 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Open Web Analytics Server is vulnerable to SQL Injection Moderate
CVE-2025-59397 was published for open-web-analytics/open-web-analytics (Composer) Sep 15, 2025
Easy!Appointments SQL injection vulnerability Moderate
CVE-2025-50383 was published for alextselegidis/easyappointments (Composer) Aug 26, 2025
MoonShine SQL Injection Vulnerability Moderate
CVE-2025-51510 was published for moonshine/moonshine (Composer) Aug 19, 2025
MantisBT SQL Injection via mc_project_get_users function Moderate
CVE-2020-28413 was published for mantisbt/mantisbt (Composer) May 24, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4292 was published for moodle/moodle (Composer) May 13, 2022
TYPO3 SQL Injection vulnerability Moderate
CVE-2010-5103 was published for typo3/cms (Composer) May 17, 2022
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition Moderate
CVE-2025-27617 was published for pimcore/pimcore (Composer) Mar 11, 2025
cancan101 Credited to cancan101
Magento Open Source allows SQL Injection Moderate
CVE-2023-38250 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38249 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38221 was published for magento/community-edition (Composer) Oct 13, 2023
Withdrawn Advisory: Nette Database SQL injection Moderate
CVE-2024-55586 was published for nette/database (Composer) Dec 10, 2024 withdrawn
calvera Credited to calvera and CSIRTTrizna CSIRTTrizna CSIRTTrizna
Shopware vulnerable to blind SQL-injection in DAL aggregations Moderate
CVE-2024-42357 was published for shopware/core (Composer) Aug 8, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor Moderate
CVE-2024-43436 was published for moodle/moodle (Composer) Nov 7, 2024
Mautic SQL Injection in dynamic Reports Moderate
CVE-2022-25775 was published for mautic/core (Composer) Apr 12, 2024
ProTip! Advisories are also available from the GraphQL API