Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

260 advisories

Loading
Statamic Vulnerable to CSV formula injection in form submission exports Moderate
CVE-2026-54243 was published for statamic/cms (Composer) Jun 26, 2026
kah-ja Credited to kah-ja
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields Moderate
CVE-2026-50179 was published for @actual-app/web (npm) Jun 22, 2026
offset Credited to offset and MatissJanis MatissJanis MatissJanis
@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper Moderate
CVE-2026-46672 was published for @actual-app/cli (npm) Jun 22, 2026
offset Credited to offset and MatissJanis MatissJanis MatissJanis
Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications Moderate
CVE-2026-47693 was published for poweradmin/poweradmin (Composer) Jun 8, 2026
tienneR Credited to tienneR
Spree: CSV Formula Injection in Customer Export Moderate
GHSA-xf4v-w5x5-pv79 was published for spree (RubyGems) Jun 4, 2026
StarPlatinu Credited to StarPlatinu
wger: CSV/TSV formula injection in gym member export (first_name/last_name) High
GHSA-xq9m-hmp9-fw87 was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
Kimai vulnerable to formula Injection via tag names in XLSX export Moderate
CVE-2026-42267 was published for kimai/kimai (Composer) May 5, 2026
satexd Credited to satexd
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field Moderate
CVE-2020-36962 was published for tendenci (pip) Jan 28, 2026
phpMyFAQ contains a CSV injection vulnerability Moderate
CVE-2023-53929 was published for phpmyfaq/phpmyfaq (Composer) Dec 18, 2025
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. High Unreviewed
CVE-2025-51735 was published Nov 28, 2025
ProTip! Advisories are also available from the GraphQL API