Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
llama-index-packs-finchat SQL Injection vulnerability Critical
CVE-2024-12909 was published for llama-index-packs-finchat (pip) Mar 20, 2025
logan-markewich
DB-GPT Arbitrary File Write vulnerability Critical
CVE-2024-10901 was published for dbgpt (pip) Mar 20, 2025
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
bertuxdeveloper
SQLAlchemy vulnerable to SQL injection Critical
CVE-2012-0805 was published for SQLAlchemy (pip) May 14, 2022
SQLAlchemy is vulnerable to SQL Injection via group_by parameter Critical
CVE-2019-7548 was published for SQLAlchemy (pip) Apr 16, 2019
SQLAlchemy vulnerable to SQL Injection via order_by parameter Critical
CVE-2019-7164 was published for SQLAlchemy (pip) Apr 16, 2019
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function Critical
CVE-2019-1010259 was published for salt (pip) May 24, 2022
PyWebDAV SQL Injection vulnerability Critical
CVE-2011-0432 was published for pywebdav (pip) May 17, 2022
SQL Injection in pycsw Critical
CVE-2016-8640 was published for pycsw (pip) Aug 15, 2018
piccolo SQL Injection via named transaction savepoints Critical
CVE-2023-47128 was published for piccolo (pip) Nov 12, 2023
Skelmis
SQL Injection in Django Critical
CVE-2019-14234 was published for Django (pip) Aug 16, 2019
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection Critical
CVE-2022-34265 was published for Django (pip) Jul 5, 2022
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
SQL Injection in Django Critical
CVE-2022-28346 was published for Django (pip) Apr 13, 2022
SQL Injection in Django Critical
CVE-2022-28347 was published for Django (pip) Apr 13, 2022
SQL injection in Django Critical
CVE-2020-7471 was published for Django (pip) Feb 11, 2020
Django SQL injection vulnerability Critical
CVE-2024-42005 was published for Django (pip) Aug 7, 2024
NASA AIT-Core vulnerable to SQL Injection Critical
CVE-2024-35056 was published for ait-core (pip) May 21, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php` Critical
CVE-2024-35374 was published for mocodo (pip) May 28, 2024
postgraas-server vulnerable to SQL injection Critical
CVE-2018-25088 was published for postgraas-server (pip) Jul 18, 2023
SQLAlchemyDA unauthenticated arbitrary SQL query execution Critical
CVE-2024-24811 was published for Products.SQLAlchemyDA (pip) Feb 7, 2024
perrinjerome dataflake
SQL injection in llama-index Critical
CVE-2024-23751 was published for llama-index (pip) Jan 22, 2024
SQL injection in Apache Submarine Critical
CVE-2023-37924 was published for apache-submarine (pip) Nov 22, 2023
r3kumar
SQL injection in apache-superset Critical
CVE-2022-27479 was published for apache-superset (pip) Apr 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database