GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,093
Composer 4,324
Erlang 31
GitHub Actions 21
Go 2,087
Maven 5,251
npm 3,751
NuGet 674
pip 3,437
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,741

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

179 advisories

Filter by severity

Sort by

Least recently updated

Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. High Unreviewed

CVE-2022-41791 was published Nov 18, 2022

Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. High Unreviewed

CVE-2022-44577 was published Nov 18, 2022

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the... Critical Unreviewed

CVE-2022-3574 was published Nov 14, 2022

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed

CVE-2022-27858 was published Nov 9, 2022

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape... High Unreviewed

CVE-2022-3558 was published Nov 7, 2022

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when... Critical Unreviewed

CVE-2022-3463 was published Nov 7, 2022

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed

CVE-2022-22425 was published Nov 4, 2022

The application was identified to have an CSV injection in data export functionality, allowing... High Unreviewed

CVE-2022-40294 was published Nov 1, 2022

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields... Critical Unreviewed

CVE-2022-3393 was published Oct 25, 2022

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to... High Unreviewed

CVE-2022-40472 was published Sep 30, 2022

Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at... Moderate Unreviewed

CVE-2022-38061 was published Sep 25, 2022

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry... High Unreviewed

CVE-2022-1194 was published Sep 17, 2022

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the... High Unreviewed

CVE-2022-2798 was published Sep 17, 2022

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious... Moderate Unreviewed

CVE-2022-38845 was published Sep 17, 2022

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system... High Unreviewed

CVE-2022-38844 was published Sep 17, 2022

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV... High Unreviewed

CVE-2022-2429 was published Sep 7, 2022

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and... High Unreviewed

CVE-2022-3026 was published Sep 7, 2022

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing... High Unreviewed

CVE-2022-2240 was published Jul 26, 2022

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed

CVE-2022-1539 was published Jul 26, 2022

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed

CVE-2022-2268 was published Jul 5, 2022

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed

CVE-2022-1202 was published Jun 14, 2022

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed

CVE-2022-2027 was published Jun 10, 2022

A vulnerability, which was classified as critical, has been found in SevOne Network Management... High Unreviewed

CVE-2020-36531 was published Jun 8, 2022

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The... High Unreviewed

CVE-2022-26867 was published Jun 3, 2022

A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application... High Unreviewed

CVE-2020-26507 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

179 advisories