Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

125 advisories

Loading
YesWiki: Unauthenticated SQL Injection Critical
CVE-2026-46670 was published for yeswiki/yeswiki (Composer) May 22, 2026
SamyGhannad Credited to SamyGhannad
Drupal Core has a SQL Injection issue Critical
CVE-2026-9082 was published for drupal/core (Composer) May 20, 2026
Rudloff Credited to Rudloff and orbegam orbegam orbegam
Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha Critical
GHSA-ch9q-c9mp-j5gq was published for phpmyfaq/phpmyfaq (Composer) May 15, 2026 withdrawn
phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha Critical
CVE-2026-46364 was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) Critical
CVE-2026-33352 was published for wwbn/avideo (Composer) Mar 19, 2026
iconnnjka Credited to iconnnjka
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php Critical
CVE-2026-28501 was published for wwbn/avideo (Composer) Mar 2, 2026
arkmarta Credited to arkmarta
Melis Platform CMS SQL Injection Critical
CVE-2025-10351 was published for melisplatform/melis-cms (Composer) Oct 8, 2025
ivansmc Credited to ivansmc
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp Credited to mrcnpp and dregad dregad dregad
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Critical
CVE-2025-46337 was published for adodb/adodb-php (Composer) May 1, 2025
mrcnpp Credited to mrcnpp and dregad dregad dregad
Admidio has Blind SQL Injection in ecard_send.php Critical
CVE-2024-37906 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema Credited to UmerAdeemCheema
Craft CMS SQL injection vulnerability via the GraphQL API endpoint Critical
CVE-2024-37843 was published for craftcms/cms (Composer) Jun 25, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql Critical
GHSA-qf36-fx9f-232x was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Duplicate Advisory: terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024 withdrawn
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
Blind SQL injection in shopware Critical
CVE-2024-22406 was published for shopware/core (Composer) Jan 17, 2024
PrestaShop SQL manager vulnerability Critical
CVE-2023-39526 was published for prestashop/prestashop (Composer) Aug 9, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager" Critical
CVE-2023-30839 was published for prestashop/prestashop (Composer) Apr 25, 2023
truff77 Credited to truff77
ProTip! Advisories are also available from the GraphQL API