GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
125 advisories
Filter by severity
YesWiki: Unauthenticated SQL Injection
Critical
CVE-2026-46670
was published
for
yeswiki/yeswiki
(Composer)
May 22, 2026
Drupal Core has a SQL Injection issue
Critical
CVE-2026-9082
was published
for
drupal/core
(Composer)
May 20, 2026
Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha
Critical
GHSA-ch9q-c9mp-j5gq
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 15, 2026
•
withdrawn
phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha
Critical
CVE-2026-46364
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 6, 2026
AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
Critical
CVE-2026-33352
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Critical
CVE-2026-28501
was published
for
wwbn/avideo
(Composer)
Mar 2, 2026
Melis Platform CMS SQL Injection
Critical
CVE-2025-10351
was published
for
melisplatform/melis-cms
(Composer)
Oct 8, 2025
The ADOdb sqlite3 driver allows SQL injection
Critical
CVE-2025-54119
was published
for
adodb/adodb-php
(Composer)
Aug 4, 2025
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method
Critical
CVE-2025-46337
was published
for
adodb/adodb-php
(Composer)
May 1, 2025
Admidio has Blind SQL Injection in ecard_send.php
Critical
CVE-2024-37906
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Critical
CVE-2024-37843
was published
for
craftcms/cms
(Composer)
Jun 25, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Duplicate Advisory: terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
•
withdrawn
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
propel/propel1 SQL injection possible with limit() on MySQL
Critical
GHSA-7g7c-qhf3-x59p
was published
for
propel/propel1
(Composer)
May 20, 2024
Propel2 SQL injection possible with limit() on MySQL
Critical
GHSA-7vw7-qx38-37vr
was published
for
propel/propel
(Composer)
May 20, 2024
ADOdb SQL injection vulnerability
Critical
GHSA-h63c-xvpf-264j
was published
for
adodb/adodb-php
(Composer)
May 15, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Blind SQL injection in shopware
Critical
CVE-2024-22406
was published
for
shopware/core
(Composer)
Jan 17, 2024
PrestaShop SQL manager vulnerability
Critical
CVE-2023-39526
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Critical
CVE-2023-30839
was published
for
prestashop/prestashop
(Composer)
Apr 25, 2023
ProTip!
Advisories are also available from the
GraphQL API