Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
CSV Injection vulnerability with exported contact lists in Mautic Moderate
CVE-2018-8092 was published for mautic/core (Composer) Jan 19, 2021
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore Moderate
CVE-2021-37702 was published for pimcore/pimcore (Composer) Aug 30, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
CSV Injection in symfony/serializer Moderate
CVE-2021-41270 was published for symfony/serializer (Composer) Nov 24, 2021
jakeBarwell jderusse
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
MantisBT CSV Injection unprivileged user access in csv_export.php High
CVE-2021-43257 was published for mantisbt/mantisbt (Composer) Apr 15, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
RosarioSIS vulnerable to CSV Injection Moderate
CVE-2023-29918 was published for francoisjacquet/rosariosis (Composer) May 2, 2023
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection High
CVE-2023-2629 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
sampritdas8
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability High
CVE-2023-3302 was published for admidio/admidio (Composer) Jun 23, 2023
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability High
CVE-2023-4006 was published for thorsten/phpmyfaq (Composer) Jul 31, 2023
UnoPim has CSV Injection on Quick Export feature Low
CVE-2025-55745 was published for unopim/unopim (Composer) Aug 22, 2025
sn1p3rt3s7
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database