Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

194 advisories

Loading
The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet... High Unreviewed
CVE-2021-24441 was published May 24, 2022
A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in... High Unreviewed
CVE-2021-22771 was published May 24, 2022
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1... High Unreviewed
CVE-2021-33256 was published May 24, 2022
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. High Unreviewed
CVE-2021-27020 was published May 24, 2022
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4... High Unreviewed
CVE-2021-24016 was published May 24, 2022
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to... Critical Unreviewed
CVE-2021-38180 was published May 24, 2022
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An... Moderate Unreviewed
CVE-2021-37131 was published May 24, 2022
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some... High Unreviewed
CVE-2020-36503 was published May 24, 2022
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an... High Unreviewed
CVE-2021-38424 was published May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain... High Unreviewed
CVE-2021-40848 was published May 24, 2022
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote... High Unreviewed
CVE-2019-4364 was published May 24, 2022
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists... Moderate Unreviewed
CVE-2019-16120 was published May 24, 2022
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress... High Unreviewed
CVE-2019-17661 was published May 24, 2022
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected... High Unreviewed
CVE-2021-25960 was published May 24, 2022
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV... High Unreviewed
CVE-2020-25445 was published May 24, 2022
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM... High Unreviewed
CVE-2021-22153 was published May 24, 2022
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application... High Unreviewed
CVE-2020-26507 was published May 24, 2022
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The... High Unreviewed
CVE-2022-26867 was published Jun 3, 2022
A vulnerability, which was classified as critical, has been found in SevOne Network Management... High Unreviewed
CVE-2020-36531 was published Jun 8, 2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed
CVE-2022-2027 was published Jun 10, 2022
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed
CVE-2022-1202 was published Jun 14, 2022
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed
CVE-2022-1539 was published Jul 26, 2022
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing... High Unreviewed
CVE-2022-2240 was published Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API