GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
199 advisories
Filter by severity
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up...
High
Unreviewed
CVE-2022-4034
was published
Nov 29, 2022
A remote attacker with general user privilege can inject malicious code in the form content of...
High
Unreviewed
CVE-2022-41675
was published
Nov 29, 2022
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list...
Critical
Unreviewed
CVE-2022-3603
was published
Nov 28, 2022
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection...
High
Unreviewed
CVE-2022-44830
was published
Nov 21, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output...
Critical
Unreviewed
CVE-2022-3600
was published
Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when...
Critical
Unreviewed
CVE-2022-3634
was published
Nov 21, 2022
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
High
Unreviewed
CVE-2022-41791
was published
Nov 18, 2022
Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress.
High
Unreviewed
CVE-2022-44577
was published
Nov 18, 2022
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the...
Critical
Unreviewed
CVE-2022-3574
was published
Nov 14, 2022
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
Critical
Unreviewed
CVE-2022-27858
was published
Nov 9, 2022
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape...
High
Unreviewed
CVE-2022-3558
was published
Nov 7, 2022
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when...
Critical
Unreviewed
CVE-2022-3463
was published
Nov 7, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote...
Critical
Unreviewed
CVE-2022-22425
was published
Nov 4, 2022
The application was identified to have an CSV injection in data export functionality, allowing...
High
Unreviewed
CVE-2022-40294
was published
Nov 1, 2022
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields...
Critical
Unreviewed
CVE-2022-3393
was published
Oct 25, 2022
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to...
High
Unreviewed
CVE-2022-40472
was published
Sep 30, 2022
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at...
Moderate
Unreviewed
CVE-2022-38061
was published
Sep 25, 2022
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry...
High
Unreviewed
CVE-2022-1194
was published
Sep 17, 2022
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the...
High
Unreviewed
CVE-2022-2798
was published
Sep 17, 2022
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system...
High
Unreviewed
CVE-2022-38844
was published
Sep 17, 2022
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious...
Moderate
Unreviewed
CVE-2022-38845
was published
Sep 17, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Moderate
CVE-2022-39217
was published
for
some-natalie/ghas-to-csv
(GitHub Actions)
Sep 16, 2022
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV...
High
Unreviewed
CVE-2022-2429
was published
Sep 7, 2022
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and...
High
Unreviewed
CVE-2022-3026
was published
Sep 7, 2022
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing...
High
Unreviewed
CVE-2022-2240
was published
Jul 26, 2022
ProTip!
Advisories are also available from the
GraphQL API