GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
32 advisories
Filter by severity
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers...
Critical
Unreviewed
CVE-2022-26249
was published
Mar 26, 2022
The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a...
Critical
Unreviewed
CVE-2022-0142
was published
Apr 13, 2022
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject...
Critical
Unreviewed
CVE-2018-11652
was published
May 13, 2022
** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins...
Critical
Unreviewed
CVE-2018-15474
was published
May 13, 2022
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv...
Critical
Unreviewed
CVE-2018-20752
was published
May 13, 2022
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension...
Critical
Unreviewed
CVE-2018-9035
was published
May 13, 2022
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable...
Critical
Unreviewed
CVE-2019-12765
was published
May 24, 2022
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey...
Critical
Unreviewed
CVE-2019-16184
was published
May 24, 2022
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.
Critical
Unreviewed
CVE-2020-22274
was published
May 24, 2022
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.
Critical
Unreviewed
CVE-2020-22276
was published
May 24, 2022
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
Critical
Unreviewed
CVE-2021-3188
was published
May 24, 2022
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to...
Critical
Unreviewed
CVE-2021-38180
was published
May 24, 2022
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields...
Critical
Unreviewed
CVE-2022-3393
was published
Oct 25, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote...
Critical
Unreviewed
CVE-2022-22425
was published
Nov 4, 2022
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when...
Critical
Unreviewed
CVE-2022-3463
was published
Nov 7, 2022
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
Critical
Unreviewed
CVE-2022-27858
was published
Nov 9, 2022
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the...
Critical
Unreviewed
CVE-2022-3574
was published
Nov 14, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output...
Critical
Unreviewed
CVE-2022-3600
was published
Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when...
Critical
Unreviewed
CVE-2022-3634
was published
Nov 21, 2022
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list...
Critical
Unreviewed
CVE-2022-3603
was published
Nov 28, 2022
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results"...
Critical
Unreviewed
CVE-2020-10131
was published
Sep 6, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter...
Critical
Unreviewed
CVE-2022-45360
was published
Nov 7, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress...
Critical
Unreviewed
CVE-2022-45370
was published
Nov 7, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram...
Critical
Unreviewed
CVE-2022-45810
was published
Nov 7, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site...
Critical
Unreviewed
CVE-2022-46801
was published
Nov 7, 2023
ProTip!
Advisories are also available from the
GraphQL API