Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

205 advisories

Loading
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-15571 was published May 13, 2022
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-16308 was published May 13, 2022
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject... Critical Unreviewed
CVE-2018-11652 was published May 13, 2022
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user... High Unreviewed
CVE-2018-10257 was published May 13, 2022
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. High Unreviewed
CVE-2018-16651 was published May 13, 2022
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. High Unreviewed
CVE-2018-10504 was published May 13, 2022
The application was identified to have an CSV injection in data export functionality, allowing... High Unreviewed
CVE-2022-40294 was published Nov 1, 2022
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. High Unreviewed
CVE-2022-41791 was published Nov 18, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV... High Unreviewed
CVE-2022-2429 was published Sep 7, 2022
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when... High Unreviewed
CVE-2022-3605 was published Dec 12, 2022
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape... High Unreviewed
CVE-2022-3558 was published Nov 7, 2022
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when... Critical Unreviewed
CVE-2022-3463 was published Nov 7, 2022
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM... High Unreviewed
CVE-2021-22153 was published May 24, 2022
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV... High Unreviewed
CVE-2020-25445 was published May 24, 2022
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application... High Unreviewed
CVE-2020-26507 was published May 24, 2022
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected... High Unreviewed
CVE-2021-25960 was published May 24, 2022
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an... High Unreviewed
CVE-2021-38424 was published May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain... High Unreviewed
CVE-2021-40848 was published May 24, 2022
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some... High Unreviewed
CVE-2020-36503 was published May 24, 2022
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields... Critical Unreviewed
CVE-2022-3393 was published Oct 25, 2022
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An... Moderate Unreviewed
CVE-2021-37131 was published May 24, 2022
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to... Critical Unreviewed
CVE-2021-38180 was published May 24, 2022
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4... High Unreviewed
CVE-2021-24016 was published May 24, 2022
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. High Unreviewed
CVE-2021-27020 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database