Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3 advisories

Loading
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields Moderate
CVE-2026-50179 was published for @actual-app/web (npm) Jun 22, 2026
offset Credited to offset and MatissJanis MatissJanis MatissJanis
@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper Moderate
CVE-2026-46672 was published for @actual-app/cli (npm) Jun 22, 2026
offset Credited to offset and MatissJanis MatissJanis MatissJanis
json-2-csv vulnerable to CSV Injection via the preventCsvInjection optio Moderate
CVE-2026-9673 was published for json-2-csv (npm) May 28, 2026
ProTip! Advisories are also available from the GraphQL API