Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some... High Unreviewed
CVE-2020-36503 was published May 24, 2022
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an... High Unreviewed
CVE-2021-38424 was published May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain... High Unreviewed
CVE-2021-40848 was published May 24, 2022
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote... High Unreviewed
CVE-2019-4364 was published May 24, 2022
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress... High Unreviewed
CVE-2019-17661 was published May 24, 2022
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected... High Unreviewed
CVE-2021-25960 was published May 24, 2022
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV... High Unreviewed
CVE-2020-25445 was published May 24, 2022
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM... High Unreviewed
CVE-2021-22153 was published May 24, 2022
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application... High Unreviewed
CVE-2020-26507 was published May 24, 2022
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The... High Unreviewed
CVE-2022-26867 was published Jun 3, 2022
A vulnerability, which was classified as critical, has been found in SevOne Network Management... High Unreviewed
CVE-2020-36531 was published Jun 8, 2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra... High Unreviewed
CVE-2022-2027 was published Jun 10, 2022
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting... High Unreviewed
CVE-2022-1202 was published Jun 14, 2022
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when... High Unreviewed
CVE-2022-1539 was published Jul 26, 2022
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing... High Unreviewed
CVE-2022-2240 was published Jul 26, 2022
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and... High Unreviewed
CVE-2022-3026 was published Sep 7, 2022
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV... High Unreviewed
CVE-2022-2429 was published Sep 7, 2022
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system... High Unreviewed
CVE-2022-38844 was published Sep 17, 2022
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry... High Unreviewed
CVE-2022-1194 was published Sep 17, 2022
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the... High Unreviewed
CVE-2022-2798 was published Sep 17, 2022
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to... High Unreviewed
CVE-2022-40472 was published Sep 30, 2022
The application was identified to have an CSV injection in data export functionality, allowing... High Unreviewed
CVE-2022-40294 was published Nov 1, 2022
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape... High Unreviewed
CVE-2022-3558 was published Nov 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database