Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,139
Maven
5,000+
npm
3,799
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

211 advisories

Loading
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv... Critical Unreviewed
CVE-2018-20752 was published May 13, 2022
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the... High Unreviewed
CVE-2018-1774 was published May 13, 2022
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. High Unreviewed
CVE-2018-16651 was published May 13, 2022
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-16308 was published May 13, 2022
OPSWAT MetaDefender before v4.11.2 allows CSV injection. High Unreviewed
CVE-2018-16275 was published May 13, 2022
** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins... Critical Unreviewed
CVE-2018-15474 was published May 13, 2022
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-15571 was published May 13, 2022
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject... Critical Unreviewed
CVE-2018-11652 was published May 13, 2022
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is... High Unreviewed
CVE-2018-11525 was published May 13, 2022
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable... High Unreviewed
CVE-2018-11526 was published May 13, 2022
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. High Unreviewed
CVE-2018-10504 was published May 13, 2022
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with... High Unreviewed
CVE-2018-10258 was published May 13, 2022
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user... High Unreviewed
CVE-2018-10257 was published May 13, 2022
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a... High Unreviewed
CVE-2018-10255 was published May 13, 2022
CSV-Safe improperly filters special characters potentially leading to CSV injection Critical
CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page... High Unreviewed
CVE-2022-29315 was published Apr 20, 2022
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all... High Unreviewed
CVE-2021-23286 was published Apr 19, 2022
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an... High Unreviewed
CVE-2021-43257 was published Apr 15, 2022
The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a... Critical Unreviewed
CVE-2022-0142 was published Apr 13, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx... High Unreviewed
CVE-2022-23868 was published Mar 31, 2022
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers... Critical Unreviewed
CVE-2022-26249 was published Mar 26, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a... High Unreviewed
CVE-2021-39022 was published Mar 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database