GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,470

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

33 advisories

Filter by severity

Sort by

Least recently updated

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers... Critical Unreviewed

CVE-2022-26249 was published Mar 26, 2022

The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a... Critical Unreviewed

CVE-2022-0142 was published Apr 13, 2022

CSV-Safe improperly filters special characters potentially leading to CSV injection Critical

CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject... Critical Unreviewed

CVE-2018-11652 was published May 13, 2022

** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins... Critical Unreviewed

CVE-2018-15474 was published May 13, 2022

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv... Critical Unreviewed

CVE-2018-20752 was published May 13, 2022

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension... Critical Unreviewed

CVE-2018-9035 was published May 13, 2022

An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable... Critical Unreviewed

CVE-2019-12765 was published May 24, 2022

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey... Critical Unreviewed

CVE-2019-16184 was published May 24, 2022

JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile. Critical Unreviewed

CVE-2020-22274 was published May 24, 2022

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. Critical Unreviewed

CVE-2020-22276 was published May 24, 2022

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. Critical Unreviewed

CVE-2021-3188 was published May 24, 2022

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to... Critical Unreviewed

CVE-2021-38180 was published May 24, 2022

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields... Critical Unreviewed

CVE-2022-3393 was published Oct 25, 2022

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed

CVE-2022-22425 was published Nov 4, 2022

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when... Critical Unreviewed

CVE-2022-3463 was published Nov 7, 2022

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed

CVE-2022-27858 was published Nov 9, 2022

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the... Critical Unreviewed

CVE-2022-3574 was published Nov 14, 2022

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when... Critical Unreviewed

CVE-2022-3634 was published Nov 21, 2022

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed

CVE-2022-3600 was published Nov 21, 2022

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list... Critical Unreviewed

CVE-2022-3603 was published Nov 28, 2022

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results"... Critical Unreviewed

CVE-2020-10131 was published Sep 6, 2023

Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress... Critical Unreviewed

CVE-2022-45370 was published Nov 7, 2023

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX –... Critical Unreviewed

CVE-2022-46809 was published Nov 7, 2023

Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site... Critical Unreviewed

CVE-2022-46801 was published Nov 7, 2023

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

33 advisories