Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

205 advisories

Loading
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-15571 was published May 13, 2022
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject... Critical Unreviewed
CVE-2018-11652 was published May 13, 2022
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is... High Unreviewed
CVE-2018-11525 was published May 13, 2022
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable... High Unreviewed
CVE-2018-11526 was published May 13, 2022
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. High Unreviewed
CVE-2018-10504 was published May 13, 2022
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with... High Unreviewed
CVE-2018-10258 was published May 13, 2022
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user... High Unreviewed
CVE-2018-10257 was published May 13, 2022
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a... High Unreviewed
CVE-2018-10255 was published May 13, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
CSV-Safe improperly filters special characters potentially leading to CSV injection Critical
CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page... High Unreviewed
CVE-2022-29315 was published Apr 20, 2022
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all... High Unreviewed
CVE-2021-23286 was published Apr 19, 2022
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an... High Unreviewed
CVE-2021-43257 was published Apr 15, 2022
The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a... Critical Unreviewed
CVE-2022-0142 was published Apr 13, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx... High Unreviewed
CVE-2022-23868 was published Mar 31, 2022
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers... Critical Unreviewed
CVE-2022-26249 was published Mar 26, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a... High Unreviewed
CVE-2021-39022 was published Mar 11, 2022
Arbitrary code execution in Magnolia CMS High
CVE-2021-46363 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a... High Unreviewed
CVE-2022-22689 was published Feb 11, 2022
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula... High Unreviewed
CVE-2022-22121 was published Jan 11, 2022
Improper Neutralization of Formula Elements in a CSV File in html-2-csv Moderate
CVE-2021-23654 was published for html-to-csv (pip) Nov 30, 2021
KateCatlin
CSV Injection in symfony/serializer Moderate
CVE-2021-41270 was published for symfony/serializer (Composer) Nov 24, 2021
jakeBarwell jderusse
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A... Moderate Unreviewed
CVE-2021-36334 was published Nov 24, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database