Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,943
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

16,962 advisories

Loading
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to... Moderate Unreviewed
CVE-2026-34018 was published Apr 17, 2026
The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', ... Moderate Unreviewed
CVE-2026-3330 was published Apr 17, 2026
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is... Moderate Unreviewed
CVE-2026-4817 was published Apr 17, 2026
Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) Critical
CVE-2026-41478 was published for @saltcorn/server (npm) Apr 16, 2026
QiaoNPC Credited to QiaoNPC
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... High Unreviewed
CVE-2026-37336 was published Apr 16, 2026
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in... Moderate Unreviewed
CVE-2026-37346 was published Apr 16, 2026
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions... High Unreviewed
CVE-2026-5785 was published Apr 16, 2026
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... High Unreviewed
CVE-2026-37337 was published Apr 16, 2026
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed
CVE-2026-37345 was published Apr 16, 2026
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed
CVE-2026-37338 was published Apr 16, 2026
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in... Critical Unreviewed
CVE-2026-37347 was published Apr 16, 2026
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the... High Unreviewed
CVE-2026-37341 was published Apr 16, 2026
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed
CVE-2026-37340 was published Apr 16, 2026
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the... High Unreviewed
CVE-2026-37342 was published Apr 16, 2026
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed
CVE-2026-37339 was published Apr 16, 2026
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the... High Unreviewed
CVE-2026-37343 was published Apr 16, 2026
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the... High Unreviewed
CVE-2026-37344 was published Apr 16, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-40744 was published Apr 16, 2026
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is... High Unreviewed
CVE-2026-3489 was published Apr 16, 2026
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via... Moderate Unreviewed
CVE-2026-3773 was published Apr 16, 2026
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options... High Unreviewed
CVE-2026-3599 was published Apr 16, 2026
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id... High Unreviewed
CVE-2026-30995 was published Apr 15, 2026
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an... Moderate Unreviewed
CVE-2026-20061 was published Apr 15, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-63029 was published Apr 15, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-40745 was published Apr 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database