GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
4,325 advisories
Filter by severity
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34103
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34105
was published
Jul 1, 2026
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34104
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34099
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34102
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34101
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34100
was published
Jul 1, 2026
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows...
Critical
Unreviewed
CVE-2026-57517
was published
Jul 1, 2026
Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed...
Critical
Unreviewed
CVE-2026-55721
was published
Jul 1, 2026
An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter...
Critical
Unreviewed
CVE-2026-53690
was published
Jun 30, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-8402
was published
Jun 30, 2026
DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers...
Critical
Unreviewed
CVE-2026-13766
was published
Jun 30, 2026
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable...
Critical
Unreviewed
CVE-2026-9711
was published
Jun 30, 2026
Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The...
Critical
Unreviewed
CVE-2026-12076
was published
Jun 30, 2026
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Critical
Unreviewed
CVE-2026-56070
was published
Jun 26, 2026
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Critical
Unreviewed
CVE-2026-56068
was published
Jun 26, 2026
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Critical
Unreviewed
CVE-2026-56067
was published
Jun 26, 2026
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
Critical
Unreviewed
CVE-2026-56036
was published
Jun 26, 2026
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
Critical
Unreviewed
CVE-2026-56034
was published
Jun 26, 2026
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
Critical
Unreviewed
CVE-2026-56062
was published
Jun 26, 2026
Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
Critical
Unreviewed
CVE-2026-54820
was published
Jun 26, 2026
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
Critical
Unreviewed
CVE-2026-54831
was published
Jun 26, 2026
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
Critical
Unreviewed
CVE-2026-54827
was published
Jun 26, 2026
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
Critical
Unreviewed
CVE-2026-54825
was published
Jun 26, 2026
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
Critical
Unreviewed
CVE-2026-54843
was published
Jun 25, 2026
ProTip!
Advisories are also available from the
GraphQL API