GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,536

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

32 advisories

Filter by severity

Sort by

Least recently updated

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. Moderate Unreviewed

CVE-2023-46400 was published Jan 24, 2025

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to... Moderate Unreviewed

CVE-2024-9102 was published Dec 19, 2024

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an... Moderate Unreviewed

CVE-2024-47485 was published Oct 18, 2024

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in... Moderate Unreviewed

CVE-2024-27785 was published Jul 9, 2024

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and... Moderate Unreviewed

CVE-2023-5424 was published Jun 7, 2024

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to... Moderate Unreviewed

CVE-2024-28764 was published May 1, 2024

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the ... Moderate Unreviewed

CVE-2023-45597 was published Mar 5, 2024

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a... Moderate Unreviewed

CVE-2023-47022 was published Feb 6, 2024

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (... Moderate Unreviewed

CVE-2023-31296 was published Dec 29, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML... Moderate Unreviewed

CVE-2023-43071 was published Oct 5, 2023

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web... Moderate Unreviewed

CVE-2023-3527 was published Jul 19, 2023

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the... Moderate Unreviewed

CVE-2022-46408 was published Jun 29, 2023

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE... Moderate Unreviewed

CVE-2023-29109 was published Apr 11, 2023

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the ... Moderate Unreviewed

CVE-2022-37786 was published Jan 1, 2023

Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at... Moderate Unreviewed

CVE-2022-38061 was published Sep 25, 2022

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious... Moderate Unreviewed

CVE-2022-38845 was published Sep 17, 2022

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists... Moderate Unreviewed

CVE-2019-16120 was published May 24, 2022

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An... Moderate Unreviewed

CVE-2021-37131 was published May 24, 2022

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of... Moderate Unreviewed

CVE-2021-1475 was published May 24, 2022

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be... Moderate Unreviewed

CVE-2021-27839 was published May 24, 2022

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may... Moderate Unreviewed

CVE-2020-9205 was published May 24, 2022

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls... Moderate Unreviewed

CVE-2020-28861 was published May 24, 2022

Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point... Moderate Unreviewed

CVE-2020-16214 was published May 24, 2022

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi... Moderate Unreviewed

CVE-2020-10460 was published May 24, 2022

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed

CVE-2020-9372 was published May 24, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

32 advisories