GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,861

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

176 advisories

Filter by severity

Sort by

Least recently updated

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers... Critical Unreviewed

CVE-2022-26249 was published Mar 26, 2022

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx... High Unreviewed

CVE-2022-23868 was published Mar 31, 2022

The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a... Critical Unreviewed

CVE-2022-0142 was published Apr 13, 2022

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all... High Unreviewed

CVE-2021-23286 was published Apr 19, 2022

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an... High Unreviewed

CVE-2021-43257 was published Apr 15, 2022

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page... High Unreviewed

CVE-2022-29315 was published Apr 20, 2022

A remote attacker with general user privilege can inject malicious code in the form content of... High Unreviewed

CVE-2022-41675 was published Nov 29, 2022

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed

CVE-2022-4034 was published Nov 29, 2022

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The... High Unreviewed

CVE-2022-26867 was published Jun 3, 2022

A vulnerability, which was classified as critical, has been found in SevOne Network Management... High Unreviewed

CVE-2020-36531 was published Jun 8, 2022

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed

CVE-2022-2027 was published Jun 10, 2022

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed

CVE-2022-1202 was published Jun 14, 2022

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed

CVE-2022-2268 was published Jul 5, 2022

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed

CVE-2022-1539 was published Jul 26, 2022

Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at... Moderate Unreviewed

CVE-2022-38061 was published Sep 25, 2022

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing... High Unreviewed

CVE-2022-2240 was published Jul 26, 2022

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious... Moderate Unreviewed

CVE-2022-38845 was published Sep 17, 2022

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system... High Unreviewed

CVE-2022-38844 was published Sep 17, 2022

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the... Critical Unreviewed

CVE-2022-3574 was published Nov 14, 2022

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4... High Unreviewed

CVE-2022-35281 was published Jan 9, 2023

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA)... Moderate Unreviewed

CVE-2019-6182 was published May 24, 2022

KeePass 2.4.1 allows CSV injection in the title field of a CSV export. Moderate Unreviewed

CVE-2019-20184 was published May 24, 2022

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed

CVE-2020-9372 was published May 24, 2022

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi... Moderate Unreviewed

CVE-2020-10460 was published May 24, 2022

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability... High Unreviewed

CVE-2020-9347 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

176 advisories