cli

CVEs (1)

• CVE-2026-46672medJun 22, 2026
  Actual App

  cli
  risk 0.26cvss —epss —

  ## Summary `@actual-app/cli` ships a hand-rolled CSV serializer in `packages/cli/src/output.ts` (used whenever the global `--format csv` option is passed) whose `escapeCsv` helper only handles RFC 4180 delimiter/quote/newline escaping. It does **not** neutralize the standard…