Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

256 advisories

Loading
Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications Moderate
CVE-2026-47693 was published for poweradmin/poweradmin (Composer) Jun 8, 2026
tienneR Credited to tienneR
Spree: CSV Formula Injection in Customer Export Moderate
GHSA-xf4v-w5x5-pv79 was published for spree (RubyGems) Jun 4, 2026
StarPlatinu Credited to StarPlatinu
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a... High Unreviewed
CVE-2025-52612 was published Jun 4, 2026
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection... Moderate Unreviewed
CVE-2026-9673 was published May 28, 2026
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0,... Moderate Unreviewed
CVE-2026-35157 was published May 11, 2026
wger: CSV/TSV formula injection in gym member export (first_name/last_name) High
GHSA-xq9m-hmp9-fw87 was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
Kimai vulnerable to formula Injection via tag names in XLSX export Moderate
CVE-2026-42267 was published for kimai/kimai (Composer) May 5, 2026
satexd Credited to satexd
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2023-54348 was published May 5, 2026
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2026-31049 was published Apr 14, 2026
If a malformed data is input to the affected product, a CSV file downloaded from the affected... Moderate Unreviewed
CVE-2026-24447 was published Feb 4, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field Moderate
CVE-2020-36962 was published for tendenci (pip) Jan 28, 2026
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that... Moderate Unreviewed
CVE-2021-47901 was published Jan 27, 2026
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious... Moderate Unreviewed
CVE-2020-36941 was published Jan 27, 2026
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via... Low Unreviewed
CVE-2025-61873 was published Jan 16, 2026
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to... High Unreviewed
CVE-2025-66834 was published Dec 30, 2025
phpMyFAQ contains a CSV injection vulnerability Moderate
CVE-2023-53929 was published for phpmyfaq/phpmyfaq (Composer) Dec 18, 2025
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53913 was published Dec 18, 2025
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53905 was published Dec 18, 2025
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The... Moderate Unreviewed
CVE-2025-14229 was published Dec 8, 2025
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. High Unreviewed
CVE-2025-51735 was published Nov 28, 2025
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions... Moderate Unreviewed
CVE-2025-13133 was published Nov 18, 2025
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress... Moderate Unreviewed
CVE-2025-11576 was published Oct 24, 2025
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600... Moderate Unreviewed
CVE-2025-60852 was published Oct 23, 2025
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database