GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Moderate
CVE-2026-45073
was published
for
symfony/cache
(Composer)
May 27, 2026
MixPHP Framework has an SQL injection vulnerability via crafted `data` array
Moderate
CVE-2026-42474
was published
for
mix/mix
(Composer)
May 1, 2026
MixPHP Framework has an SQL injection vulnerability
Moderate
CVE-2026-42475
was published
for
mix/mix
(Composer)
May 1, 2026
baserCMS has an SQL injection vulnerability in its blog post functionality
Moderate
CVE-2026-27697
was published
for
baserproject/basercms
(Composer)
Mar 31, 2026
Sylius has a DQL Injection via API Order Filters
Moderate
CVE-2026-31825
was published
for
sylius/sylius
(Composer)
Mar 11, 2026
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Moderate
CVE-2026-27461
was published
for
pimcore/pimcore
(Composer)
Feb 24, 2026
CoreShop Vulnerable to SQL Injection via Admin Reports
Moderate
CVE-2026-22242
was published
for
coreshop/core-shop
(Composer)
Jan 7, 2026
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
Moderate
CVE-2025-65093
was published
for
librenms/librenms
(Composer)
Nov 18, 2025
phppgadmin contains a SQL injection vulnerability
Moderate
CVE-2025-60798
was published
for
phppgadmin/phppgadmin
(Composer)
Nov 20, 2025
phppgadmin contains a SQL injection vulnerability
Moderate
CVE-2025-60797
was published
for
phppgadmin/phppgadmin
(Composer)
Nov 20, 2025
Open Web Analytics Server is vulnerable to SQL Injection
Moderate
CVE-2025-59397
was published
for
open-web-analytics/open-web-analytics
(Composer)
Sep 15, 2025
Easy!Appointments SQL injection vulnerability
Moderate
CVE-2025-50383
was published
for
alextselegidis/easyappointments
(Composer)
Aug 26, 2025
MoonShine SQL Injection Vulnerability
Moderate
CVE-2025-51510
was published
for
moonshine/moonshine
(Composer)
Aug 19, 2025
MantisBT SQL Injection via mc_project_get_users function
Moderate
CVE-2020-28413
was published
for
mantisbt/mantisbt
(Composer)
May 24, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records)
Moderate
CVE-2011-4292
was published
for
moodle/moodle
(Composer)
May 13, 2022
TYPO3 SQL Injection vulnerability
Moderate
CVE-2010-5103
was published
for
typo3/cms
(Composer)
May 17, 2022
Joomla Framework Database Package Vulnerable to SQL Injection
Moderate
CVE-2025-25226
was published
for
joomla/database
(Composer)
Apr 8, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Moderate
CVE-2025-27617
was published
for
pimcore/pimcore
(Composer)
Mar 11, 2025
Magento Open Source allows SQL Injection
Moderate
CVE-2023-38250
was published
for
magento/community-edition
(Composer)
Oct 13, 2023
Magento Open Source allows SQL Injection
Moderate
CVE-2023-38249
was published
for
magento/community-edition
(Composer)
Oct 13, 2023
Magento Open Source allows SQL Injection
Moderate
CVE-2023-38221
was published
for
magento/community-edition
(Composer)
Oct 13, 2023
Withdrawn Advisory: Nette Database SQL injection
Moderate
CVE-2024-55586
was published
for
nette/database
(Composer)
Dec 10, 2024
•
withdrawn
Shopware vulnerable to blind SQL-injection in DAL aggregations
Moderate
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor
Moderate
CVE-2024-43436
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Mautic SQL Injection in dynamic Reports
Moderate
CVE-2022-25775
was published
for
mautic/core
(Composer)
Apr 12, 2024
ProTip!
Advisories are also available from the
GraphQL API