Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,747
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx... High Unreviewed
CVE-2022-23868 was published Mar 31, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all... High Unreviewed
CVE-2021-23286 was published Apr 19, 2022
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an... High Unreviewed
CVE-2021-43257 was published Apr 15, 2022
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page... High Unreviewed
CVE-2022-29315 was published Apr 20, 2022
A remote attacker with general user privilege can inject malicious code in the form content of... High Unreviewed
CVE-2022-41675 was published Nov 29, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2022-4034 was published Nov 29, 2022
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The... High Unreviewed
CVE-2022-26867 was published Jun 3, 2022
A vulnerability, which was classified as critical, has been found in SevOne Network Management... High Unreviewed
CVE-2020-36531 was published Jun 8, 2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed
CVE-2022-2027 was published Jun 10, 2022
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed
CVE-2022-1202 was published Jun 14, 2022
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed
CVE-2022-1539 was published Jul 26, 2022
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing... High Unreviewed
CVE-2022-2240 was published Jul 26, 2022
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system... High Unreviewed
CVE-2022-38844 was published Sep 17, 2022
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4... High Unreviewed
CVE-2022-35281 was published Jan 9, 2023
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability... High Unreviewed
CVE-2020-9347 was published May 24, 2022
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone... High Unreviewed
CVE-2021-24144 was published May 24, 2022
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry... High Unreviewed
CVE-2022-1194 was published Sep 17, 2022
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the... High Unreviewed
CVE-2022-2798 was published Sep 17, 2022
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. High Unreviewed
CVE-2020-25398 was published May 24, 2022
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts,... High Unreviewed
CVE-2020-15301 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database