Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,930
Maven
5,000+
npm
4,587
NuGet
786
pip
4,294
Pub
12
RubyGems
981
Rust
1,114
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

15,522 advisories

Loading
Tanium addressed an improper input validation vulnerability in Discover. Moderate Unreviewed
CVE-2025-15325 was published Feb 5, 2026
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the... High Unreviewed
CVE-2020-37151 was published Feb 5, 2026
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could... High Unreviewed
CVE-2025-13379 was published Feb 5, 2026
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-13192 was published Feb 5, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-5329 was published Feb 4, 2026
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection... Moderate Unreviewed
CVE-2026-0816 was published Feb 4, 2026
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL... Moderate Unreviewed
CVE-2026-1370 was published Feb 4, 2026
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the ... High Unreviewed
CVE-2025-15268 was published Feb 4, 2026
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that... High Unreviewed
CVE-2020-37089 was published Feb 4, 2026
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting'... High Unreviewed
CVE-2019-25260 was published Feb 4, 2026
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php... High Unreviewed
CVE-2020-37076 was published Feb 4, 2026
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows... High Unreviewed
CVE-2020-37083 was published Feb 4, 2026
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin... High Unreviewed
CVE-2020-37081 was published Feb 4, 2026
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1... Critical Unreviewed
CVE-2025-10878 was published Feb 3, 2026
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter... Critical Unreviewed
CVE-2025-63624 was published Feb 3, 2026
YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList... Critical Unreviewed
CVE-2025-57529 was published Feb 3, 2026
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated... High Unreviewed
CVE-2020-37112 was published Feb 3, 2026
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that... High Unreviewed
CVE-2020-37110 was published Feb 3, 2026
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of... High Unreviewed
CVE-2020-37108 was published Feb 3, 2026
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows... High Unreviewed
CVE-2020-37105 was published Feb 3, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-25022 was published Feb 3, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-5319 was published Feb 3, 2026
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the ... Critical Unreviewed
CVE-2026-1432 was published Feb 3, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-8587 was published Feb 2, 2026
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to... High Unreviewed
CVE-2021-47918 was published Feb 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database