Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

13,320 advisories

Loading
The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13474 was published Feb 22, 2025
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in... Moderate Unreviewed
CVE-2020-19248 was published Feb 21, 2025
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects... Low Unreviewed
CVE-2025-25878 was published Feb 21, 2025
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects... Low Unreviewed
CVE-2025-25877 was published Feb 21, 2025
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL... High Unreviewed
CVE-2025-26794 was published Feb 21, 2025
The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection... Moderate Unreviewed
CVE-2024-13846 was published Feb 21, 2025
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed
CVE-2024-12276 was published Feb 21, 2025
The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post... Moderate Unreviewed
CVE-2024-13713 was published Feb 21, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-11260 was published Feb 21, 2025
The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13235 was published Feb 21, 2025
A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL... Moderate Unreviewed
CVE-2024-54960 was published Feb 20, 2025
The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ... Moderate Unreviewed
CVE-2025-0866 was published Feb 20, 2025
The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13476 was published Feb 20, 2025
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the... High Unreviewed
CVE-2024-13479 was published Feb 19, 2025
The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the... High Unreviewed
CVE-2024-13483 was published Feb 19, 2025
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via... High Unreviewed
CVE-2024-13478 was published Feb 19, 2025
The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2024-13491 was published Feb 19, 2025
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13485 was published Feb 19, 2025
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13481 was published Feb 19, 2025
The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2024-13534 was published Feb 19, 2025
The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via... High Unreviewed
CVE-2024-13533 was published Feb 19, 2025
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13489 was published Feb 19, 2025
The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in... Moderate Unreviewed
CVE-2024-13712 was published Feb 19, 2025
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior... Critical Unreviewed
CVE-2025-1132 was published Feb 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database