Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

32 advisories

Loading
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers... Critical Unreviewed
CVE-2022-26249 was published Mar 26, 2022
The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a... Critical Unreviewed
CVE-2022-0142 was published Apr 13, 2022
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the... Critical Unreviewed
CVE-2022-3574 was published Nov 14, 2022
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile. Critical Unreviewed
CVE-2020-22274 was published May 24, 2022
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. Critical Unreviewed
CVE-2020-22276 was published May 24, 2022
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. Critical Unreviewed
CVE-2021-3188 was published May 24, 2022
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to... Critical Unreviewed
CVE-2021-38180 was published May 24, 2022
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields... Critical Unreviewed
CVE-2022-3393 was published Oct 25, 2022
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when... Critical Unreviewed
CVE-2022-3463 was published Nov 7, 2022
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject... Critical Unreviewed
CVE-2018-11652 was published May 13, 2022
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv... Critical Unreviewed
CVE-2018-20752 was published May 13, 2022
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension... Critical Unreviewed
CVE-2018-9035 was published May 13, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2022-22425 was published Nov 4, 2022
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list... Critical Unreviewed
CVE-2022-3603 was published Nov 28, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed
CVE-2022-3600 was published Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when... Critical Unreviewed
CVE-2022-3634 was published Nov 21, 2022
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable... Critical Unreviewed
CVE-2019-12765 was published May 24, 2022
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed
CVE-2022-27858 was published Nov 9, 2022
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product... Critical Unreviewed
CVE-2022-46802 was published Nov 13, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage... Critical Unreviewed
CVE-2022-45357 was published Nov 13, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter... Critical Unreviewed
CVE-2022-46803 was published Nov 7, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX –... Critical Unreviewed
CVE-2022-46809 was published Nov 7, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue... Critical Unreviewed
CVE-2023-22719 was published Nov 15, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder |... Critical Unreviewed
CVE-2023-23796 was published Nov 15, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site... Critical Unreviewed
CVE-2022-46801 was published Nov 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database