GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
FUXA SQL Injection vulnerability
High
CVE-2023-31717
was published
for
fuxa-server
(npm)
Sep 22, 2023
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
@cubejs-backend/api-gateway row level security bypass
High
CVE-2022-23510
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 12, 2022
Strapi mishandles hidden attributes within admin API responses
High
CVE-2022-31367
was published
for
@strapi/strapi
(npm)
Sep 28, 2022
SQL Injection when creating an application with Reactive SQL backend
High
CVE-2022-24815
was published
for
generator-jhipster
(npm)
Apr 7, 2022
Madge vulnerable to command injection
High
CVE-2021-23352
was published
for
madge
(npm)
Mar 12, 2021
SQL Injection in untitled-model
High
GHSA-hq8g-qq57-5275
was published
for
untitled-model
(npm)
Sep 11, 2020
SQL Injection in sails-mysql
High
GHSA-hx5x-49mm-vmhw
was published
for
sails-mysql
(npm)
Sep 3, 2020
NoSQL Injection in loopback-connector-mongodb
High
GHSA-hxwc-5vw9-2w4w
was published
for
loopback-connector-mongodb
(npm)
Sep 2, 2020
NoSQL injection in express-cart
High
GHSA-f5cv-xrv9-r8w7
was published
for
express-cart
(npm)
Sep 1, 2020
SQL Injection in connect-pg-simple
High
CVE-2019-15658
was published
for
connect-pg-simple
(npm)
Aug 26, 2019
NoSQL Injection in loopback-connector-mongodb
High
GHSA-m734-r4g6-34f9
was published
for
loopback-connector-mongodb
(npm)
Jun 4, 2019
Potential SQL Injection in sequelize
High
CVE-2016-10553
was published
for
sequelize
(npm)
Feb 18, 2019
SQL Injection in waterline-sequel
High
CVE-2016-10551
was published
for
waterline-sequel
(npm)
Feb 18, 2019
ProTip!
Advisories are also available from the
GraphQL API