Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

30 advisories

Loading
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an... Moderate Unreviewed
CVE-2024-47485 was published Oct 18, 2024
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in... Moderate Unreviewed
CVE-2024-27785 was published Jul 9, 2024
The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and... Moderate Unreviewed
CVE-2023-5424 was published Jun 7, 2024
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to... Moderate Unreviewed
CVE-2024-28764 was published May 1, 2024
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the ... Moderate Unreviewed
CVE-2023-45597 was published Mar 5, 2024
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a... Moderate Unreviewed
CVE-2023-47022 was published Feb 6, 2024
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (... Moderate Unreviewed
CVE-2023-31296 was published Dec 29, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML... Moderate Unreviewed
CVE-2023-43071 was published Oct 5, 2023
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web... Moderate Unreviewed
CVE-2023-3527 was published Jul 19, 2023
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the... Moderate Unreviewed
CVE-2022-46408 was published Jun 29, 2023
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE... Moderate Unreviewed
CVE-2023-29109 was published Apr 11, 2023
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the ... Moderate Unreviewed
CVE-2022-37786 was published Jan 1, 2023
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at... Moderate Unreviewed
CVE-2022-38061 was published Sep 25, 2022
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious... Moderate Unreviewed
CVE-2022-38845 was published Sep 17, 2022
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists... Moderate Unreviewed
CVE-2019-16120 was published May 24, 2022
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An... Moderate Unreviewed
CVE-2021-37131 was published May 24, 2022
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of... Moderate Unreviewed
CVE-2021-1475 was published May 24, 2022
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be... Moderate Unreviewed
CVE-2021-27839 was published May 24, 2022
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may... Moderate Unreviewed
CVE-2020-9205 was published May 24, 2022
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls... Moderate Unreviewed
CVE-2020-28861 was published May 24, 2022
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point... Moderate Unreviewed
CVE-2020-16214 was published May 24, 2022
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi... Moderate Unreviewed
CVE-2020-10460 was published May 24, 2022
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed
CVE-2020-9372 was published May 24, 2022
KeePass 2.4.1 allows CSV injection in the title field of a CSV export. Moderate Unreviewed
CVE-2019-20184 was published May 24, 2022
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Moderate Unreviewed
CVE-2019-20180 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database