Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

252 advisories

Loading
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0,... Moderate Unreviewed
CVE-2026-35157 was published May 11, 2026
wger: CSV/TSV formula injection in gym member export (first_name/last_name) High
GHSA-xq9m-hmp9-fw87 was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
Kimai vulnerable to formula Injection via tag names in XLSX export Moderate
CVE-2026-42267 was published for kimai/kimai (Composer) May 5, 2026
satexd Credited to satexd
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2023-54348 was published May 5, 2026
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2026-31049 was published Apr 14, 2026
If a malformed data is input to the affected product, a CSV file downloaded from the affected... Moderate Unreviewed
CVE-2026-24447 was published Feb 4, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field... Moderate Unreviewed
CVE-2020-36962 was published Jan 28, 2026
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that... Moderate Unreviewed
CVE-2021-47901 was published Jan 27, 2026
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious... Moderate Unreviewed
CVE-2020-36941 was published Jan 27, 2026
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via... Low Unreviewed
CVE-2025-61873 was published Jan 16, 2026
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to... High Unreviewed
CVE-2025-66834 was published Dec 30, 2025
phpMyFAQ contains a CSV injection vulnerability Moderate
CVE-2023-53929 was published for phpmyfaq/phpmyfaq (Composer) Dec 18, 2025
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53913 was published Dec 18, 2025
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53905 was published Dec 18, 2025
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The... Moderate Unreviewed
CVE-2025-14229 was published Dec 8, 2025
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. High Unreviewed
CVE-2025-51735 was published Nov 28, 2025
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions... Moderate Unreviewed
CVE-2025-13133 was published Nov 18, 2025
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress... Moderate Unreviewed
CVE-2025-11576 was published Oct 24, 2025
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600... Moderate Unreviewed
CVE-2025-60852 was published Oct 23, 2025
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System... Moderate Unreviewed
CVE-2025-11498 was published Oct 14, 2025
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is... Moderate Unreviewed
CVE-2025-11254 was published Oct 11, 2025
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a... Moderate Unreviewed
CVE-2025-35033 was published Sep 29, 2025
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows... Critical Unreviewed
CVE-2025-56267 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database