Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection High
CVE-2023-2629 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
sampritdas8
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and... High Unreviewed
CVE-2023-25348 was published Apr 25, 2023
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io... High Unreviewed
CVE-2023-2258 was published Apr 24, 2023
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet... High Unreviewed
CVE-2023-25611 was published Mar 7, 2023
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4... High Unreviewed
CVE-2022-35281 was published Jan 9, 2023
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when... High Unreviewed
CVE-2022-3605 was published Dec 12, 2022
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2022-4034 was published Nov 29, 2022
A remote attacker with general user privilege can inject malicious code in the form content of... High Unreviewed
CVE-2022-41675 was published Nov 29, 2022
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection... High Unreviewed
CVE-2022-44830 was published Nov 21, 2022
Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. High Unreviewed
CVE-2022-44577 was published Nov 18, 2022
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. High Unreviewed
CVE-2022-41791 was published Nov 18, 2022
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape... High Unreviewed
CVE-2022-3558 was published Nov 7, 2022
The application was identified to have an CSV injection in data export functionality, allowing... High Unreviewed
CVE-2022-40294 was published Nov 1, 2022
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to... High Unreviewed
CVE-2022-40472 was published Sep 30, 2022
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry... High Unreviewed
CVE-2022-1194 was published Sep 17, 2022
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the... High Unreviewed
CVE-2022-2798 was published Sep 17, 2022
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system... High Unreviewed
CVE-2022-38844 was published Sep 17, 2022
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and... High Unreviewed
CVE-2022-3026 was published Sep 7, 2022
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV... High Unreviewed
CVE-2022-2429 was published Sep 7, 2022
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing... High Unreviewed
CVE-2022-2240 was published Jul 26, 2022
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed
CVE-2022-1539 was published Jul 26, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed
CVE-2022-1202 was published Jun 14, 2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed
CVE-2022-2027 was published Jun 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database