Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

180 advisories

Loading
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. Moderate Unreviewed
CVE-2023-46400 was published Jan 24, 2025
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through... Critical Unreviewed
CVE-2024-47572 was published Jan 14, 2025
The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An... High Unreviewed
CVE-2024-22063 was published Dec 30, 2024
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to... Moderate Unreviewed
CVE-2024-9102 was published Dec 19, 2024
A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via... High Unreviewed
CVE-2024-53555 was published Nov 26, 2024
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is... High Unreviewed
CVE-2018-11525 was published May 13, 2022
An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the... High Unreviewed
CVE-2024-51094 was published Nov 12, 2024
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an... Moderate Unreviewed
CVE-2024-47485 was published Oct 18, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute... High Unreviewed
CVE-2021-38963 was published Sep 25, 2024
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (... Moderate Unreviewed
CVE-2023-31296 was published Dec 29, 2023
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in... High Unreviewed
CVE-2024-24337 was published Feb 13, 2024
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows... High Unreviewed
CVE-2024-41226 was published Aug 6, 2024
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated... High Unreviewed
CVE-2024-3232 was published Jul 16, 2024
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in... Moderate Unreviewed
CVE-2024-27785 was published Jul 9, 2024
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2023-5527 was published Jun 18, 2024
The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and... Moderate Unreviewed
CVE-2023-5424 was published Jun 7, 2024
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Moderate Unreviewed
CVE-2019-20180 was published May 24, 2022
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to... Moderate Unreviewed
CVE-2024-28764 was published May 1, 2024
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. High Unreviewed
CVE-2023-31867 was published Jun 22, 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support... High Unreviewed
CVE-2023-25983 was published Nov 15, 2023
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export... High Unreviewed
CVE-2024-25007 was published Apr 4, 2024
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML... Moderate Unreviewed
CVE-2023-43071 was published Oct 5, 2023
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results"... Critical Unreviewed
CVE-2020-10131 was published Sep 6, 2023
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... High Unreviewed
CVE-2023-22877 was published Aug 28, 2023
An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted... High Unreviewed
CVE-2023-38843 was published Aug 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database