Summary
@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-XQJM-27PC-RVWM
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
- HIGHGHSA-WV27-2VQP-J7G5
Gogs has the ability to import local repositories via Mirror Settings
- HIGHGHSA-PWX3-QCGW-VH7H
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
- HIGHGHSA-P9F5-H3RX-J5QW
Gogs Missing Authorization in Attachment Download
- HIGHGHSA-JQ8V-RMF6-65JW
Gogs has Stored XSS in `.ipynb` Preview
- LOWGHSA-4J89-2C4F-44C6
Gogs has DoS in rendering issue index pattern