VYPR
Medium severity5.8NVD Advisory· Published Sep 17, 2022· Updated Jun 17, 2026

CVE-2022-39217

CVE-2022-39217

Description

some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version v1. Users are advised to use v1 or later. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
some-natalie/ghas-to-csvGitHub Actions
< 11

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.