Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

197 advisories

Loading
CSV-Safe improperly filters special characters potentially leading to CSV injection Critical
CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page... High Unreviewed
CVE-2022-29315 was published Apr 20, 2022
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all... High Unreviewed
CVE-2021-23286 was published Apr 19, 2022
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an... High Unreviewed
CVE-2021-43257 was published Apr 15, 2022
The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a... Critical Unreviewed
CVE-2022-0142 was published Apr 13, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx... High Unreviewed
CVE-2022-23868 was published Mar 31, 2022
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers... Critical Unreviewed
CVE-2022-26249 was published Mar 26, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a... High Unreviewed
CVE-2021-39022 was published Mar 11, 2022
Arbitrary code execution in Magnolia CMS High
CVE-2021-46363 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a... High Unreviewed
CVE-2022-22689 was published Feb 11, 2022
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula... High Unreviewed
CVE-2022-22121 was published Jan 11, 2022
Improper Neutralization of Formula Elements in a CSV File in html-2-csv Moderate
CVE-2021-23654 was published for html-to-csv (pip) Nov 30, 2021
KateCatlin
CSV Injection in symfony/serializer Moderate
CVE-2021-41270 was published for symfony/serializer (Composer) Nov 24, 2021
jakeBarwell jderusse
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A... Moderate Unreviewed
CVE-2021-36334 was published Nov 24, 2021
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
CSV injection in shuup High
CVE-2021-25962 was published for shuup (pip) Sep 30, 2021
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore Moderate
CVE-2021-37702 was published for pimcore/pimcore (Composer) Aug 30, 2021
CSV Injection vulnerability with exported contact lists in Mautic Moderate
CVE-2018-8092 was published for mautic/core (Composer) Jan 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database