Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

247 advisories

Loading
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress... High Unreviewed
CVE-2019-17661 was published May 24, 2022
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A... Moderate Unreviewed
CVE-2021-36334 was published Nov 24, 2021
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to... Critical Unreviewed
CVE-2021-38180 was published May 24, 2022
If a malformed data is input to the affected product, a CSV file downloaded from the affected... Moderate Unreviewed
CVE-2026-24447 was published Feb 4, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field... Moderate Unreviewed
CVE-2020-36962 was published Jan 28, 2026
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that... Moderate Unreviewed
CVE-2021-47901 was published Jan 27, 2026
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious... Moderate Unreviewed
CVE-2020-36941 was published Jan 27, 2026
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via... Low Unreviewed
CVE-2025-61873 was published Jan 16, 2026
Mattermost Server is vulnerable CSV Injection Critical
CVE-2017-18900 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to... High Unreviewed
CVE-2025-50572 was published Jul 31, 2025
phpMyFAQ contains a CSV injection vulnerability Moderate
CVE-2023-53929 was published for phpmyfaq/phpmyfaq (Composer) Dec 18, 2025
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to... High Unreviewed
CVE-2025-66834 was published Dec 30, 2025
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53913 was published Dec 18, 2025
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53905 was published Dec 18, 2025
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The... Moderate Unreviewed
CVE-2025-14229 was published Dec 8, 2025
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. High Unreviewed
CVE-2025-51735 was published Nov 28, 2025
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions... Moderate Unreviewed
CVE-2025-13133 was published Nov 18, 2025
PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows... High Unreviewed
CVE-2023-51333 was published Feb 20, 2025
PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows... High Unreviewed
CVE-2023-51311 was published Feb 20, 2025
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which... High Unreviewed
CVE-2023-51336 was published Feb 20, 2025
PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows... High Unreviewed
CVE-2023-51319 was published Feb 20, 2025
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress... Moderate Unreviewed
CVE-2025-11576 was published Oct 24, 2025
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600... Moderate Unreviewed
CVE-2025-60852 was published Oct 23, 2025
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database