GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,196
Composer 4,342
Erlang 31
GitHub Actions 22
Go 2,106
Maven 5,283
npm 3,764
NuGet 679
pip 3,451
Pub 12
RubyGems 892
Rust 886
Swift 37

Unreviewed advisories

All unreviewed 243,203

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

182 advisories

Filter by severity

Sort by

Least recently updated

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. Moderate Unreviewed

CVE-2023-46400 was published Jan 24, 2025

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. High Unreviewed

CVE-2023-46401 was published Jan 24, 2025

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through... Critical Unreviewed

CVE-2024-47572 was published Jan 14, 2025

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An... High Unreviewed

CVE-2024-22063 was published Dec 30, 2024

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to... Moderate Unreviewed

CVE-2024-9102 was published Dec 19, 2024

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via... High Unreviewed

CVE-2024-53555 was published Nov 26, 2024

An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the... High Unreviewed

CVE-2024-51094 was published Nov 12, 2024

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an... Moderate Unreviewed

CVE-2024-47485 was published Oct 18, 2024

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute... High Unreviewed

CVE-2021-38963 was published Sep 25, 2024

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows... High Unreviewed

CVE-2024-41226 was published Aug 6, 2024

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated... High Unreviewed

CVE-2024-3232 was published Jul 16, 2024

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in... Moderate Unreviewed

CVE-2024-27785 was published Jul 9, 2024

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed

CVE-2023-5527 was published Jun 18, 2024

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and... Moderate Unreviewed

CVE-2023-5424 was published Jun 7, 2024

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to... Moderate Unreviewed

CVE-2024-28764 was published May 1, 2024

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all... Moderate Unreviewed

CVE-2024-3214 was published Apr 9, 2024

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export... High Unreviewed

CVE-2024-25007 was published Apr 4, 2024

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0... High Unreviewed

CVE-2023-35899 was published Mar 21, 2024

A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7... Critical Unreviewed

CVE-2023-47534 was published Mar 12, 2024

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the ... Moderate Unreviewed

CVE-2023-45597 was published Mar 5, 2024

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in... High Unreviewed

CVE-2024-24337 was published Feb 13, 2024

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a... Moderate Unreviewed

CVE-2023-47022 was published Feb 6, 2024

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in... High Unreviewed

CVE-2022-3604 was published Jan 16, 2024

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (... High Unreviewed

CVE-2023-31295 was published Dec 29, 2023

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (... Moderate Unreviewed

CVE-2023-31296 was published Dec 29, 2023

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

182 advisories