Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

182 advisories

Loading
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it... High Unreviewed
CVE-2019-11872 was published May 24, 2022
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2... High Unreviewed
CVE-2019-4071 was published May 24, 2022
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to... Moderate Unreviewed
CVE-2018-12244 was published May 24, 2022
Open-AudIT before 2.2 has CSV Injection. Moderate Unreviewed
CVE-2018-9137 was published May 13, 2022
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in... High Unreviewed
CVE-2018-9107 was published May 13, 2022
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in... High Unreviewed
CVE-2018-9106 was published May 13, 2022
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension... Critical Unreviewed
CVE-2018-9035 was published May 13, 2022
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection... High Unreviewed
CVE-2018-7304 was published May 13, 2022
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv... Critical Unreviewed
CVE-2018-20752 was published May 13, 2022
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the... High Unreviewed
CVE-2018-1774 was published May 13, 2022
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. High Unreviewed
CVE-2018-16651 was published May 13, 2022
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-16308 was published May 13, 2022
OPSWAT MetaDefender before v4.11.2 allows CSV injection. High Unreviewed
CVE-2018-16275 was published May 13, 2022
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-15571 was published May 13, 2022
** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins... Critical Unreviewed
CVE-2018-15474 was published May 13, 2022
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject... Critical Unreviewed
CVE-2018-11652 was published May 13, 2022
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is... High Unreviewed
CVE-2018-11525 was published May 13, 2022
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable... High Unreviewed
CVE-2018-11526 was published May 13, 2022
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. High Unreviewed
CVE-2018-10504 was published May 13, 2022
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user... High Unreviewed
CVE-2018-10257 was published May 13, 2022
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a... High Unreviewed
CVE-2018-10255 was published May 13, 2022
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with... High Unreviewed
CVE-2018-10258 was published May 13, 2022
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page... High Unreviewed
CVE-2022-29315 was published Apr 20, 2022
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all... High Unreviewed
CVE-2021-23286 was published Apr 19, 2022
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an... High Unreviewed
CVE-2021-43257 was published Apr 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database