Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

179 advisories

Loading
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results"... Critical Unreviewed
CVE-2020-10131 was published Sep 6, 2023
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... High Unreviewed
CVE-2023-22877 was published Aug 28, 2023
An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted... High Unreviewed
CVE-2023-38843 was published Aug 17, 2023
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File High Unreviewed
CVE-2023-37219 was published Jul 30, 2023
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website... High Unreviewed
CVE-2022-28864 was published Jul 24, 2023
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web... Moderate Unreviewed
CVE-2023-3527 was published Jul 19, 2023
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection... High Unreviewed
CVE-2023-28958 was published Jul 10, 2023
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling... High Unreviewed
CVE-2023-3493 was published Jul 1, 2023
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the... Moderate Unreviewed
CVE-2022-46408 was published Jun 29, 2023
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. High Unreviewed
CVE-2023-31867 was published Jun 22, 2023
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in... High Unreviewed
CVE-2023-0721 was published Jun 9, 2023
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to... High Unreviewed
CVE-2023-33410 was published Jun 5, 2023
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and... High Unreviewed
CVE-2023-25348 was published Apr 25, 2023
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io... High Unreviewed
CVE-2023-2258 was published Apr 24, 2023
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE... Moderate Unreviewed
CVE-2023-29109 was published Apr 11, 2023
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet... High Unreviewed
CVE-2023-25611 was published Mar 7, 2023
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4... High Unreviewed
CVE-2022-35281 was published Jan 9, 2023
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the ... Moderate Unreviewed
CVE-2022-37786 was published Jan 1, 2023
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when... High Unreviewed
CVE-2022-3605 was published Dec 12, 2022
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2022-4034 was published Nov 29, 2022
A remote attacker with general user privilege can inject malicious code in the form content of... High Unreviewed
CVE-2022-41675 was published Nov 29, 2022
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list... Critical Unreviewed
CVE-2022-3603 was published Nov 28, 2022
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection... High Unreviewed
CVE-2022-44830 was published Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when... Critical Unreviewed
CVE-2022-3634 was published Nov 21, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed
CVE-2022-3600 was published Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database