Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject... Critical Unreviewed
CVE-2018-11652 was published May 13, 2022
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. High Unreviewed
CVE-2018-16651 was published May 13, 2022
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-16308 was published May 13, 2022
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. High Unreviewed
CVE-2018-15571 was published May 13, 2022
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the... High Unreviewed
CVE-2018-1774 was published May 13, 2022
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable... High Unreviewed
CVE-2018-11526 was published May 13, 2022
OPSWAT MetaDefender before v4.11.2 allows CSV injection. High Unreviewed
CVE-2018-16275 was published May 13, 2022
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with... High Unreviewed
CVE-2018-10258 was published May 13, 2022
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a... High Unreviewed
CVE-2018-10255 was published May 13, 2022
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv... Critical Unreviewed
CVE-2018-20752 was published May 13, 2022
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore Moderate
CVE-2021-37702 was published for pimcore/pimcore (Composer) Aug 30, 2021
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection... High Unreviewed
CVE-2018-7304 was published May 13, 2022
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension... Critical Unreviewed
CVE-2018-9035 was published May 13, 2022
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in... High Unreviewed
CVE-2018-9106 was published May 13, 2022
Open-AudIT before 2.2 has CSV Injection. Moderate Unreviewed
CVE-2018-9137 was published May 13, 2022
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in... High Unreviewed
CVE-2018-9107 was published May 13, 2022
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to... High Unreviewed
CVE-2022-40472 was published Sep 30, 2022
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the ... Moderate Unreviewed
CVE-2022-37786 was published Jan 1, 2023
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2... High Unreviewed
CVE-2019-4071 was published May 24, 2022
Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. High Unreviewed
CVE-2022-44577 was published Nov 18, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2022-22425 was published Nov 4, 2022
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list... Critical Unreviewed
CVE-2022-3603 was published Nov 28, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed
CVE-2022-3600 was published Nov 21, 2022
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection... High Unreviewed
CVE-2022-44830 was published Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database