Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. High Unreviewed
CVE-2020-25398 was published May 24, 2022
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the... High Unreviewed
CVE-2022-2798 was published Sep 17, 2022
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry... High Unreviewed
CVE-2022-1194 was published Sep 17, 2022
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone... High Unreviewed
CVE-2021-24144 was published May 24, 2022
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability... High Unreviewed
CVE-2020-9347 was published May 24, 2022
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi... Moderate Unreviewed
CVE-2020-10460 was published May 24, 2022
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed
CVE-2020-9372 was published May 24, 2022
KeePass 2.4.1 allows CSV injection in the title field of a CSV export. Moderate Unreviewed
CVE-2019-20184 was published May 24, 2022
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA)... Moderate Unreviewed
CVE-2019-6182 was published May 24, 2022
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4... High Unreviewed
CVE-2022-35281 was published Jan 9, 2023
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the... Critical Unreviewed
CVE-2022-3574 was published Nov 14, 2022
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system... High Unreviewed
CVE-2022-38844 was published Sep 17, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious... Moderate Unreviewed
CVE-2022-38845 was published Sep 17, 2022
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing... High Unreviewed
CVE-2022-2240 was published Jul 26, 2022
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at... Moderate Unreviewed
CVE-2022-38061 was published Sep 25, 2022
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed
CVE-2022-1539 was published Jul 26, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed
CVE-2022-1202 was published Jun 14, 2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed
CVE-2022-2027 was published Jun 10, 2022
A vulnerability, which was classified as critical, has been found in SevOne Network Management... High Unreviewed
CVE-2020-36531 was published Jun 8, 2022
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The... High Unreviewed
CVE-2022-26867 was published Jun 3, 2022
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2022-4034 was published Nov 29, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database