Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet... High Unreviewed
CVE-2023-25611 was published Mar 7, 2023
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it... High Unreviewed
CVE-2019-11872 was published May 24, 2022
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote... High Unreviewed
CVE-2019-4364 was published May 24, 2022
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a... High Unreviewed
CVE-2021-39022 was published Mar 11, 2022
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a... High Unreviewed
CVE-2022-22689 was published Feb 11, 2022
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection... High Unreviewed
CVE-2022-44830 was published Nov 21, 2022
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula... High Unreviewed
CVE-2022-22121 was published Jan 11, 2022
Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. High Unreviewed
CVE-2022-44577 was published Nov 18, 2022
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2... High Unreviewed
CVE-2019-4071 was published May 24, 2022
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to... High Unreviewed
CVE-2022-40472 was published Sep 30, 2022
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in... High Unreviewed
CVE-2018-9106 was published May 13, 2022
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in... High Unreviewed
CVE-2018-9107 was published May 13, 2022
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection... High Unreviewed
CVE-2018-7304 was published May 13, 2022
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with... High Unreviewed
CVE-2018-10258 was published May 13, 2022
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a... High Unreviewed
CVE-2018-10255 was published May 13, 2022
OPSWAT MetaDefender before v4.11.2 allows CSV injection. High Unreviewed
CVE-2018-16275 was published May 13, 2022
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable... High Unreviewed
CVE-2018-11526 was published May 13, 2022
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the... High Unreviewed
CVE-2018-1774 was published May 13, 2022
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-15571 was published May 13, 2022
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-16308 was published May 13, 2022
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. High Unreviewed
CVE-2018-16651 was published May 13, 2022
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user... High Unreviewed
CVE-2018-10257 was published May 13, 2022
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is... High Unreviewed
CVE-2018-11525 was published May 13, 2022
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. High Unreviewed
CVE-2018-10504 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database