Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

196 advisories

Loading
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone... High Unreviewed
CVE-2021-24144 was published May 24, 2022
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be... Moderate Unreviewed
CVE-2021-27839 was published May 24, 2022
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary... High Unreviewed
CVE-2020-19513 was published May 24, 2022
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may... Moderate Unreviewed
CVE-2020-9205 was published May 24, 2022
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. Critical Unreviewed
CVE-2021-3188 was published May 24, 2022
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker... High Unreviewed
CVE-2020-9200 was published May 24, 2022
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls... Moderate Unreviewed
CVE-2020-28861 was published May 24, 2022
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated... High Unreviewed
CVE-2020-28845 was published May 24, 2022
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts,... High Unreviewed
CVE-2020-15301 was published May 24, 2022
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote... High Unreviewed
CVE-2020-4759 was published May 24, 2022
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite... High Unreviewed
CVE-2020-25170 was published May 24, 2022
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. High Unreviewed
CVE-2020-25398 was published May 24, 2022
phpMyAdmin through 5.0.2 allows CSV injection via Export Section High Unreviewed
CVE-2020-22278 was published May 24, 2022
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. Critical Unreviewed
CVE-2020-22276 was published May 24, 2022
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile. Critical Unreviewed
CVE-2020-22274 was published May 24, 2022
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point... Moderate Unreviewed
CVE-2020-16214 was published May 24, 2022
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability... High Unreviewed
CVE-2020-9347 was published May 24, 2022
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi... Moderate Unreviewed
CVE-2020-10460 was published May 24, 2022
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed
CVE-2020-9372 was published May 24, 2022
KeePass 2.4.1 allows CSV injection in the title field of a CSV export. Moderate Unreviewed
CVE-2019-20184 was published May 24, 2022
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Moderate Unreviewed
CVE-2019-20180 was published May 24, 2022
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0... Moderate Unreviewed
CVE-2019-11275 was published May 24, 2022
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey... Critical Unreviewed
CVE-2019-16184 was published May 24, 2022
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA)... Moderate Unreviewed
CVE-2019-6182 was published May 24, 2022
** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists,... High Unreviewed
CVE-2019-14352 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database