Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications Moderate
CVE-2026-47693 was published for poweradmin/poweradmin (Composer) Jun 8, 2026
tienneR Credited to tienneR
Kimai vulnerable to formula Injection via tag names in XLSX export Moderate
CVE-2026-42267 was published for kimai/kimai (Composer) May 5, 2026
satexd Credited to satexd
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
phpMyFAQ contains a CSV injection vulnerability Moderate
CVE-2023-53929 was published for phpmyfaq/phpmyfaq (Composer) Dec 18, 2025
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
UnoPim has CSV Injection on Quick Export feature Low
CVE-2025-55745 was published for unopim/unopim (Composer) Aug 22, 2025
sn1p3rt3s7 Credited to sn1p3rt3s7
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability High
CVE-2023-4006 was published for thorsten/phpmyfaq (Composer) Jul 31, 2023
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability High
CVE-2023-3302 was published for admidio/admidio (Composer) Jun 23, 2023
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection High
CVE-2023-2629 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
sampritdas8 Credited to sampritdas8
RosarioSIS vulnerable to CSV Injection Moderate
CVE-2023-29918 was published for francoisjacquet/rosariosis (Composer) May 2, 2023
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
MantisBT CSV Injection unprivileged user access in csv_export.php High
CVE-2021-43257 was published for mantisbt/mantisbt (Composer) Apr 15, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
CSV Injection in symfony/serializer Moderate
CVE-2021-41270 was published for symfony/serializer (Composer) Nov 24, 2021
jakeBarwell Credited to jakeBarwell and jderusse jderusse jderusse
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore Moderate
CVE-2021-37702 was published for pimcore/pimcore (Composer) Aug 30, 2021
CSV Injection vulnerability with exported contact lists in Mautic Moderate
CVE-2018-8092 was published for mautic/core (Composer) Jan 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database