Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2021-1349 was published May 24, 2022
Sort order SQL injection in Administrate High
CVE-2020-5257 was published for administrate (RubyGems) Mar 13, 2020
becojo Credited to becojo
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2021-34712 was published May 24, 2022
An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen.... High Unreviewed
CVE-2018-7829 was published May 24, 2022
The product does not validate any query towards persistent data, resulting in a risk of injection... Critical Unreviewed
CVE-2024-4872 was published Aug 27, 2024
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2021-1481 was published Nov 15, 2024
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion High
CVE-2025-24787 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee Credited to nnsee, modelorona, and hkdeman modelorona modelorona
hkdeman hkdeman
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of... High Unreviewed
CVE-2017-12904 was published May 13, 2022
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a... Moderate Unreviewed
CVE-2025-33114 was published Jul 29, 2025
NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection... Moderate Unreviewed
CVE-2025-23292 was published Sep 30, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1,... Moderate Unreviewed
CVE-2024-35136 was published Aug 14, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to... Moderate Unreviewed
CVE-2024-31882 was published Aug 14, 2024
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could... Moderate Unreviewed
CVE-2025-36185 was published Nov 7, 2025
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment... Moderate Unreviewed
CVE-2025-42884 was published Nov 11, 2025
Due to insufficient input handling, the SAP Identity Management REST interface allows an... Low Unreviewed
CVE-2026-0504 was published Jan 13, 2026
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12... Moderate Unreviewed
CVE-2025-36366 was published Jan 31, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12... Moderate Unreviewed
CVE-2025-36353 was published Jan 31, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12... Moderate Unreviewed
CVE-2025-36442 was published Jan 31, 2026
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
New API has an SQL LIKE Wildcard Injection DoS via Token Search High
CVE-2026-25591 was published for github.com/QuantumNous/new-api (Go) Feb 23, 2026
xuemian168 Credited to xuemian168, callmeiks, and Calcium-Ion callmeiks callmeiks
Calcium-Ion Calcium-Ion
Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter Critical
CVE-2026-29793 was published for @feathersjs/mongodb (npm) Mar 10, 2026
sofianeelhor Credited to sofianeelhor
Parse Server has a NoSQL injection via token type in password reset and email verification endpoints High
CVE-2026-30941 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Sylius has a DQL Injection via API Order Filters Moderate
CVE-2026-31825 was published for sylius/sylius (Composer) Mar 11, 2026
Neosprings Credited to Neosprings and bnBart bnBart bnBart
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database