GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,966
Composer 5,074
Erlang 39
GitHub Actions 38
Go 2,737
Maven 6,146
npm 4,337
NuGet 764
pip 4,112
Pub 12
RubyGems 960
Rust 1,068
Swift 45

Unreviewed advisories

All unreviewed 279,860

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

53 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions... Moderate Unreviewed

CVE-2025-13133 was published Nov 18, 2025

The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress... Moderate Unreviewed

CVE-2025-11576 was published Oct 24, 2025

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600... Moderate Unreviewed

CVE-2025-60852 was published Oct 23, 2025

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System... Moderate Unreviewed

CVE-2025-11498 was published Oct 14, 2025

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is... Moderate Unreviewed

CVE-2025-11254 was published Oct 11, 2025

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a... Moderate Unreviewed

CVE-2025-35033 was published Sep 29, 2025

There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow... Moderate Unreviewed

CVE-2025-39245 was published Aug 29, 2025

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file Moderate Unreviewed

CVE-2025-52386 was published Aug 13, 2025

The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up... Moderate Unreviewed

CVE-2025-8767 was published Aug 12, 2025

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product... Moderate Unreviewed

CVE-2025-54752 was published Jul 31, 2025

The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up... Moderate Unreviewed

CVE-2025-6838 was published Jul 11, 2025

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical.... Moderate Unreviewed

CVE-2025-4546 was published May 11, 2025

PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows... Moderate Unreviewed

CVE-2023-51298 was published Feb 19, 2025

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. Moderate Unreviewed

CVE-2023-46400 was published Jan 24, 2025

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to... Moderate Unreviewed

CVE-2024-9102 was published Dec 19, 2024

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an... Moderate Unreviewed

CVE-2024-47485 was published Oct 18, 2024

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in... Moderate Unreviewed

CVE-2024-27785 was published Jul 9, 2024

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and... Moderate Unreviewed

CVE-2023-5424 was published Jun 7, 2024

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to... Moderate Unreviewed

CVE-2024-28764 was published May 1, 2024

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all... Moderate Unreviewed

CVE-2024-3214 was published Apr 9, 2024

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the ... Moderate Unreviewed

CVE-2023-45597 was published Mar 5, 2024

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a... Moderate Unreviewed

CVE-2023-47022 was published Feb 6, 2024

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (... Moderate Unreviewed

CVE-2023-31296 was published Dec 29, 2023

ActiveAdmin CSV Injection leading to sensitive information disclosure Moderate

CVE-2023-51763 was published for activeadmin (RubyGems) Dec 28, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML... Moderate Unreviewed

CVE-2023-43071 was published Oct 5, 2023

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

53 advisories