Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in... High Unreviewed
CVE-2023-0721 was published Jun 9, 2023
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to... High Unreviewed
CVE-2023-33410 was published Jun 5, 2023
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection High
CVE-2023-2629 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
sampritdas8
RosarioSIS vulnerable to CSV Injection Moderate
CVE-2023-29918 was published for francoisjacquet/rosariosis (Composer) May 2, 2023
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and... High Unreviewed
CVE-2023-25348 was published Apr 25, 2023
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io... High Unreviewed
CVE-2023-2258 was published Apr 24, 2023
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE... Moderate Unreviewed
CVE-2023-29109 was published Apr 11, 2023
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet... High Unreviewed
CVE-2023-25611 was published Mar 7, 2023
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4... High Unreviewed
CVE-2022-35281 was published Jan 9, 2023
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the ... Moderate Unreviewed
CVE-2022-37786 was published Jan 1, 2023
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when... High Unreviewed
CVE-2022-3605 was published Dec 12, 2022
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2022-4034 was published Nov 29, 2022
A remote attacker with general user privilege can inject malicious code in the form content of... High Unreviewed
CVE-2022-41675 was published Nov 29, 2022
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list... Critical Unreviewed
CVE-2022-3603 was published Nov 28, 2022
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection... High Unreviewed
CVE-2022-44830 was published Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when... Critical Unreviewed
CVE-2022-3634 was published Nov 21, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed
CVE-2022-3600 was published Nov 21, 2022
Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. High Unreviewed
CVE-2022-44577 was published Nov 18, 2022
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. High Unreviewed
CVE-2022-41791 was published Nov 18, 2022
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the... Critical Unreviewed
CVE-2022-3574 was published Nov 14, 2022
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed
CVE-2022-27858 was published Nov 9, 2022
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when... Critical Unreviewed
CVE-2022-3463 was published Nov 7, 2022
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape... High Unreviewed
CVE-2022-3558 was published Nov 7, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2022-22425 was published Nov 4, 2022
The application was identified to have an CSV injection in data export functionality, allowing... High Unreviewed
CVE-2022-40294 was published Nov 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database