GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
Statamic Vulnerable to CSV formula injection in form submission exports
Moderate
CVE-2026-54243
was published
for
statamic/cms
(Composer)
Jun 26, 2026
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
Moderate
CVE-2026-50179
was published
for
@actual-app/web
(npm)
Jun 22, 2026
@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper
Moderate
CVE-2026-46672
was published
for
@actual-app/cli
(npm)
Jun 22, 2026
Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications
Moderate
CVE-2026-47693
was published
for
poweradmin/poweradmin
(Composer)
Jun 8, 2026
Spree: CSV Formula Injection in Customer Export
Moderate
GHSA-xf4v-w5x5-pv79
was published
for
spree
(RubyGems)
Jun 4, 2026
json-2-csv vulnerable to CSV Injection via the preventCsvInjection optio
Moderate
CVE-2026-9673
was published
for
json-2-csv
(npm)
May 28, 2026
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0,...
Moderate
Unreviewed
CVE-2026-35157
was published
May 11, 2026
Kimai vulnerable to formula Injection via tag names in XLSX export
Moderate
CVE-2026-42267
was published
for
kimai/kimai
(Composer)
May 5, 2026
If a malformed data is input to the affected product, a CSV file downloaded from the affected...
Moderate
Unreviewed
CVE-2026-24447
was published
Feb 4, 2026
Moodle formula injection vulnerability
Moderate
CVE-2025-67851
was published
for
moodle/moodle
(Composer)
Feb 3, 2026
Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field
Moderate
CVE-2020-36962
was published
for
tendenci
(pip)
Jan 28, 2026
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that...
Moderate
Unreviewed
CVE-2021-47901
was published
Jan 27, 2026
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious...
Moderate
Unreviewed
CVE-2020-36941
was published
Jan 27, 2026
phpMyFAQ contains a CSV injection vulnerability
Moderate
CVE-2023-53929
was published
for
phpmyfaq/phpmyfaq
(Composer)
Dec 18, 2025
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to...
Moderate
Unreviewed
CVE-2023-53913
was published
Dec 18, 2025
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to...
Moderate
Unreviewed
CVE-2023-53905
was published
Dec 18, 2025
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The...
Moderate
Unreviewed
CVE-2025-14229
was published
Dec 8, 2025
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions...
Moderate
Unreviewed
CVE-2025-13133
was published
Nov 18, 2025
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress...
Moderate
Unreviewed
CVE-2025-11576
was published
Oct 24, 2025
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600...
Moderate
Unreviewed
CVE-2025-60852
was published
Oct 23, 2025
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System...
Moderate
Unreviewed
CVE-2025-11498
was published
Oct 14, 2025
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is...
Moderate
Unreviewed
CVE-2025-11254
was published
Oct 11, 2025
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a...
Moderate
Unreviewed
CVE-2025-35033
was published
Sep 29, 2025
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow...
Moderate
Unreviewed
CVE-2025-39245
was published
Aug 29, 2025
CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file
Moderate
Unreviewed
CVE-2025-52386
was published
Aug 13, 2025
ProTip!
Advisories are also available from the
GraphQL API