Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine,... Moderate Unreviewed
CVE-2025-35113 was published Aug 27, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock... High Unreviewed
CVE-2025-53194 was published Aug 20, 2025
LaRecipe is vulnerable to Server-Side Template Injection attacks Critical
CVE-2025-53833 was published for binarytorch/larecipe (Composer) Jul 14, 2025
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating Moderate
CVE-2025-49142 was published for nautobot (pip) Jun 10, 2025
mzbroch
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Critical
CVE-2025-49136 was published for github.com/knadh/listmonk (Go) Jun 9, 2025
nakkouchtarek
Skyvern has a Jinja runtime leak High
CVE-2025-49619 was published for skyvern (pip) Jun 7, 2025
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings... Critical Unreviewed
CVE-2025-47916 was published May 16, 2025
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI High
CVE-2025-46731 was published for craftcms/cms (Composer) May 5, 2025
singetu0096
IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because... Critical Unreviewed
CVE-2025-46661 was published Apr 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper... Low Unreviewed
CVE-2025-23376 was published Apr 28, 2025
wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3... Critical Unreviewed
CVE-2025-32461 was published Apr 9, 2025
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache... Low Unreviewed
CVE-2025-26865 was published Mar 10, 2025
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method Moderate
CVE-2025-27516 was published for Jinja2 (pip) Mar 5, 2025
securingapps
Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently... High Unreviewed
CVE-2024-9150 was published Feb 21, 2025
An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access... Moderate Unreviewed
CVE-2025-26789 was published Feb 14, 2025
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template... High Unreviewed
CVE-2024-54954 was published Feb 10, 2025
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and... Critical Unreviewed
CVE-2024-12583 was published Jan 4, 2025
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
SiYuan has an SSTI via /api/template/renderSprig Moderate
CVE-2024-55660 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-30372 was published Nov 22, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso... Critical Unreviewed
CVE-2024-52427 was published Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-52434 was published Nov 18, 2024
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :... High Unreviewed
CVE-2024-48962 was published Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database