Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

179 advisories

Loading
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM... High Unreviewed
CVE-2021-22153 was published May 24, 2022
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV... High Unreviewed
CVE-2020-25445 was published May 24, 2022
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected... High Unreviewed
CVE-2021-25960 was published May 24, 2022
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress... High Unreviewed
CVE-2019-17661 was published May 24, 2022
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists... Moderate Unreviewed
CVE-2019-16120 was published May 24, 2022
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote... High Unreviewed
CVE-2019-4364 was published May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain... High Unreviewed
CVE-2021-40848 was published May 24, 2022
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an... High Unreviewed
CVE-2021-38424 was published May 24, 2022
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some... High Unreviewed
CVE-2020-36503 was published May 24, 2022
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An... Moderate Unreviewed
CVE-2021-37131 was published May 24, 2022
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to... Critical Unreviewed
CVE-2021-38180 was published May 24, 2022
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4... High Unreviewed
CVE-2021-24016 was published May 24, 2022
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. High Unreviewed
CVE-2021-27020 was published May 24, 2022
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1... High Unreviewed
CVE-2021-33256 was published May 24, 2022
A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in... High Unreviewed
CVE-2021-22771 was published May 24, 2022
The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet... High Unreviewed
CVE-2021-24441 was published May 24, 2022
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function.... High Unreviewed
CVE-2020-22390 was published May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to... High Unreviewed
CVE-2021-29667 was published May 24, 2022
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of... High Unreviewed
CVE-2021-1474 was published May 24, 2022
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of... Moderate Unreviewed
CVE-2021-1475 was published May 24, 2022
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone... High Unreviewed
CVE-2021-24144 was published May 24, 2022
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be... Moderate Unreviewed
CVE-2021-27839 was published May 24, 2022
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary... High Unreviewed
CVE-2020-19513 was published May 24, 2022
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may... Moderate Unreviewed
CVE-2020-9205 was published May 24, 2022
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. Critical Unreviewed
CVE-2021-3188 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database