Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed
CVE-2022-1539 was published Jul 26, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed
CVE-2022-1202 was published Jun 14, 2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed
CVE-2022-2027 was published Jun 10, 2022
A vulnerability, which was classified as critical, has been found in SevOne Network Management... High Unreviewed
CVE-2020-36531 was published Jun 8, 2022
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The... High Unreviewed
CVE-2022-26867 was published Jun 3, 2022
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2022-4034 was published Nov 29, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
A remote attacker with general user privilege can inject malicious code in the form content of... High Unreviewed
CVE-2022-41675 was published Nov 29, 2022
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page... High Unreviewed
CVE-2022-29315 was published Apr 20, 2022
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all... High Unreviewed
CVE-2021-23286 was published Apr 19, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx... High Unreviewed
CVE-2022-23868 was published Mar 31, 2022
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database