Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

247 advisories

Loading
If a malformed data is input to the affected product, a CSV file downloaded from the affected... Moderate Unreviewed
CVE-2026-24447 was published Feb 4, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field... Moderate Unreviewed
CVE-2020-36962 was published Jan 28, 2026
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that... Moderate Unreviewed
CVE-2021-47901 was published Jan 27, 2026
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious... Moderate Unreviewed
CVE-2020-36941 was published Jan 27, 2026
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via... Low Unreviewed
CVE-2025-61873 was published Jan 16, 2026
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to... High Unreviewed
CVE-2025-66834 was published Dec 30, 2025
phpMyFAQ contains a CSV injection vulnerability Moderate
CVE-2023-53929 was published for phpmyfaq/phpmyfaq (Composer) Dec 18, 2025
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53913 was published Dec 18, 2025
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53905 was published Dec 18, 2025
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The... Moderate Unreviewed
CVE-2025-14229 was published Dec 8, 2025
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. High Unreviewed
CVE-2025-51735 was published Nov 28, 2025
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions... Moderate Unreviewed
CVE-2025-13133 was published Nov 18, 2025
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress... Moderate Unreviewed
CVE-2025-11576 was published Oct 24, 2025
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600... Moderate Unreviewed
CVE-2025-60852 was published Oct 23, 2025
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System... Moderate Unreviewed
CVE-2025-11498 was published Oct 14, 2025
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is... Moderate Unreviewed
CVE-2025-11254 was published Oct 11, 2025
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a... Moderate Unreviewed
CVE-2025-35033 was published Sep 29, 2025
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows... Critical Unreviewed
CVE-2025-56267 was published Sep 8, 2025
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP... High Unreviewed
CVE-2025-58855 was published Sep 5, 2025
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow... Moderate Unreviewed
CVE-2025-39245 was published Aug 29, 2025
UnoPim has CSV Injection on Quick Export feature Low
CVE-2025-55745 was published for unopim/unopim (Composer) Aug 22, 2025
sn1p3rt3s7 Credited to sn1p3rt3s7
CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file Moderate Unreviewed
CVE-2025-52386 was published Aug 13, 2025
The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up... Moderate Unreviewed
CVE-2025-8767 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database