GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
114 advisories
Filter by severity
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx...
High
Unreviewed
CVE-2022-23868
was published
Mar 31, 2022
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all...
High
Unreviewed
CVE-2021-23286
was published
Apr 19, 2022
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an...
High
Unreviewed
CVE-2021-43257
was published
Apr 15, 2022
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page...
High
Unreviewed
CVE-2022-29315
was published
Apr 20, 2022
A remote attacker with general user privilege can inject malicious code in the form content of...
High
Unreviewed
CVE-2022-41675
was published
Nov 29, 2022
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up...
High
Unreviewed
CVE-2022-4034
was published
Nov 29, 2022
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The...
High
Unreviewed
CVE-2022-26867
was published
Jun 3, 2022
A vulnerability, which was classified as critical, has been found in SevOne Network Management...
High
Unreviewed
CVE-2020-36531
was published
Jun 8, 2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra...
High
Unreviewed
CVE-2022-2027
was published
Jun 10, 2022
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting...
High
Unreviewed
CVE-2022-1202
was published
Jun 14, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and...
High
Unreviewed
CVE-2022-2268
was published
Jul 5, 2022
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when...
High
Unreviewed
CVE-2022-1539
was published
Jul 26, 2022
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing...
High
Unreviewed
CVE-2022-2240
was published
Jul 26, 2022
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system...
High
Unreviewed
CVE-2022-38844
was published
Sep 17, 2022
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4...
High
Unreviewed
CVE-2022-35281
was published
Jan 9, 2023
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability...
High
Unreviewed
CVE-2020-9347
was published
May 24, 2022
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone...
High
Unreviewed
CVE-2021-24144
was published
May 24, 2022
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry...
High
Unreviewed
CVE-2022-1194
was published
Sep 17, 2022
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the...
High
Unreviewed
CVE-2022-2798
was published
Sep 17, 2022
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.
High
Unreviewed
CVE-2020-25398
was published
May 24, 2022
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts,...
High
Unreviewed
CVE-2020-15301
was published
May 24, 2022
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated...
High
Unreviewed
CVE-2020-28845
was published
May 24, 2022
phpMyAdmin through 5.0.2 allows CSV injection via Export Section
High
Unreviewed
CVE-2020-22278
was published
May 24, 2022
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote...
High
Unreviewed
CVE-2020-4759
was published
May 24, 2022
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker...
High
Unreviewed
CVE-2020-9200
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API