Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-59jz-qr5e-hkg3

Summary

UnoPim has CSV Injection on Quick Export feature
Description:
`CSV Injection` or `Formula Injection` is a security vulnerability that occurs when malicious content is inserted into a CSV (Comma-Separated Values) file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software automatically interprets certain text patterns as formulas or commands, rather than plain text.

Aliases

alias	CVE-2025-55745

alias	GHSA-74rg-6f92-g6wx

Fixed_packages

url	pkg:composer/unopim/unopim@0.3.1
purl	pkg:composer/unopim/unopim@0.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.3.1

Affected_packages

url pkg:composer/unopim/unopim@0.1.0

purl pkg:composer/unopim/unopim@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.0

url pkg:composer/unopim/unopim@0.1.1

purl pkg:composer/unopim/unopim@0.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.1

url pkg:composer/unopim/unopim@0.1.2

purl pkg:composer/unopim/unopim@0.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.2

url pkg:composer/unopim/unopim@0.1.3

purl pkg:composer/unopim/unopim@0.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.3

url pkg:composer/unopim/unopim@0.1.6

purl pkg:composer/unopim/unopim@0.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.6

url pkg:composer/unopim/unopim@0.2.0

purl pkg:composer/unopim/unopim@0.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.2.0

url pkg:composer/unopim/unopim@0.3.0

purl pkg:composer/unopim/unopim@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.3.0

url pkg:composer/unopim/unopim@0.1.4

purl pkg:composer/unopim/unopim@0.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.4

url pkg:composer/unopim/unopim@0.1.5

purl pkg:composer/unopim/unopim@0.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.5

url pkg:composer/unopim/unopim@0.2.1

purl pkg:composer/unopim/unopim@0.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.2.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55745

reference_id

reference_type

scores

value	0.0051
scoring_system	epss
scoring_elements	0.66768
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55745

reference_url

https://drive.proton.me/urls/3TP1QEMXNC#2PAy7OkVqdP3

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://drive.proton.me/urls/3TP1QEMXNC#2PAy7OkVqdP3

reference_url

https://github.com/unopim/unopim

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/unopim/unopim

reference_url

https://github.com/unopim/unopim/commit/8325b78567411ad78d44c0385f192360e608ff71

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/unopim/unopim/commit/8325b78567411ad78d44c0385f192360e608ff71

reference_url

https://github.com/unopim/unopim/commit/b25db9496fc147842a519d1dd42ec03c3bf00a34

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T20:02:44Z/

url

https://github.com/unopim/unopim/commit/b25db9496fc147842a519d1dd42ec03c3bf00a34

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55745

reference_id

CVE-2025-55745

reference_type

scores

value	2.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55745

reference_url	https://github.com/advisories/GHSA-74rg-6f92-g6wx
reference_id	GHSA-74rg-6f92-g6wx
reference_type
scores
url	https://github.com/advisories/GHSA-74rg-6f92-g6wx

reference_url

https://github.com/unopim/unopim/security/advisories/GHSA-74rg-6f92-g6wx

reference_id

GHSA-74rg-6f92-g6wx

reference_type

scores

value	2.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T20:02:44Z/

url

https://github.com/unopim/unopim/security/advisories/GHSA-74rg-6f92-g6wx

Weaknesses

cwe_id	1236
name	Improper Neutralization of Formula Elements in a CSV File
description	The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 0.1 - 3

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-59jz-qr5e-hkg3

Vulnerability Instance