Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

205 advisories

Loading
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and... High Unreviewed
CVE-2022-3026 was published Sep 7, 2022
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV... High Unreviewed
CVE-2022-2429 was published Sep 7, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system... High Unreviewed
CVE-2022-38844 was published Sep 17, 2022
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious... Moderate Unreviewed
CVE-2022-38845 was published Sep 17, 2022
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the... High Unreviewed
CVE-2022-2798 was published Sep 17, 2022
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry... High Unreviewed
CVE-2022-1194 was published Sep 17, 2022
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at... Moderate Unreviewed
CVE-2022-38061 was published Sep 25, 2022
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to... High Unreviewed
CVE-2022-40472 was published Sep 30, 2022
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields... Critical Unreviewed
CVE-2022-3393 was published Oct 25, 2022
The application was identified to have an CSV injection in data export functionality, allowing... High Unreviewed
CVE-2022-40294 was published Nov 1, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2022-22425 was published Nov 4, 2022
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape... High Unreviewed
CVE-2022-3558 was published Nov 7, 2022
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when... Critical Unreviewed
CVE-2022-3463 was published Nov 7, 2022
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed
CVE-2022-27858 was published Nov 9, 2022
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the... Critical Unreviewed
CVE-2022-3574 was published Nov 14, 2022
Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. High Unreviewed
CVE-2022-44577 was published Nov 18, 2022
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. High Unreviewed
CVE-2022-41791 was published Nov 18, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed
CVE-2022-3600 was published Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when... Critical Unreviewed
CVE-2022-3634 was published Nov 21, 2022
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection... High Unreviewed
CVE-2022-44830 was published Nov 21, 2022
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list... Critical Unreviewed
CVE-2022-3603 was published Nov 28, 2022
A remote attacker with general user privilege can inject malicious code in the form content of... High Unreviewed
CVE-2022-41675 was published Nov 29, 2022
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up... High Unreviewed
CVE-2022-4034 was published Nov 29, 2022
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when... High Unreviewed
CVE-2022-3605 was published Dec 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database