GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
MySQL Connector/Python connector takeover vulnerability
High
CVE-2024-21272
was published
for
mysql-connector-python
(pip)
Oct 15, 2024
LF Edge eKuiper has a SQL Injection in sqlKvStore
High
CVE-2024-43406
was published
for
ekuiper
(Go)
Aug 20, 2024
Django SQL injection vulnerability
Critical
CVE-2024-42005
was published
for
Django
(pip)
Aug 7, 2024
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Apache Superset vulnerable to improper SQL authorization
Moderate
CVE-2024-39887
was published
for
apache-superset
(pip)
Jul 16, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical
CVE-2024-35374
was published
for
mocodo
(pip)
May 28, 2024
NASA AIT-Core vulnerable to SQL Injection
Critical
CVE-2024-35056
was published
for
ait-core
(pip)
May 21, 2024
PyMySQL SQL Injection vulnerability
Critical
CVE-2024-36039
was published
for
pymysql
(pip)
May 21, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability
Moderate
CVE-2024-4215
was published
for
pgadmin4
(pip)
May 2, 2024
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Critical
CVE-2024-24811
was published
for
Products.SQLAlchemyDA
(pip)
Feb 7, 2024
SQL injection in llama-index
Critical
CVE-2024-23751
was published
for
llama-index
(pip)
Jan 22, 2024
Apache Superset SQL injection vulnerability
Moderate
CVE-2023-49736
was published
for
apache-superset
(pip)
Dec 19, 2023
SQL injection in Apache Submarine
Critical
CVE-2023-37924
was published
for
apache-submarine
(pip)
Nov 22, 2023
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
postgraas-server vulnerable to SQL injection
Critical
CVE-2018-25088
was published
for
postgraas-server
(pip)
Jul 18, 2023
langchain SQL Injection vulnerability
High
CVE-2023-36189
was published
for
langchain
(pip)
Jul 6, 2023
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
High
CVE-2022-45786
was published
for
apache-age-python
(Go)
Feb 4, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
Moderate
CVE-2022-41703
was published
for
apache-superset
(pip)
Jan 16, 2023
Arches vulnerable to execution of arbitrary SQL
High
CVE-2022-41892
was published
for
arches
(pip)
Nov 11, 2022
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Critical
CVE-2022-34265
was published
for
Django
(pip)
Jul 5, 2022
Apache Superset SQL Injection when template processing is enabled
High
CVE-2021-41971
was published
for
apache-superset
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API