CVE-2026-9673

ADVISORY - github

Summary

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.

EPSS Score: 0.00166 (0.062)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Improper Neutralization of Formula Elements in a CSV File

ADVISORY - github

Improper Neutralization of Formula Elements in a CSV File


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in