Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin... Critical Unreviewed
CVE-2025-12107 was published Feb 19, 2026
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway... Critical Unreviewed
CVE-2026-1868 was published Feb 9, 2026
JinJava Bypass through ForTag leads to Arbitrary Java Execution Critical
CVE-2026-25526 was published for com.hubspot.jinjava:jinjava (Maven) Feb 3, 2026
twilliamson-an akues-an
jasmith-hs
Credited to twilliamson-an, akues-an, and jasmith-hs
XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2025-64087 was published for fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (Maven) Jan 20, 2026
kevinleturc
Credited to kevinleturc
Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI). Critical Unreviewed
CVE-2022-23851 was published Dec 17, 2025
An input neutralization vulnerability in the Webhook Template component of Crafty Controller... Critical Unreviewed
CVE-2025-14700 was published Dec 17, 2025
An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text... Critical Unreviewed
CVE-2025-66434 was published Dec 15, 2025
A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89... Critical Unreviewed
CVE-2025-66438 was published Dec 15, 2025
A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows... Critical Unreviewed
CVE-2025-65602 was published Dec 10, 2025
zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via... Critical Unreviewed
CVE-2025-60355 was published Oct 28, 2025
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise... Critical Unreviewed
CVE-2025-37729 was published Oct 13, 2025
jinjava has Sandbox Bypass via JavaType-Based Deserialization Critical
CVE-2025-59340 was published for com.hubspot.jinjava:jinjava (Maven) Sep 17, 2025
taisehub odgrso
jasmith-hs
Credited to taisehub, odgrso, and jasmith-hs
LaRecipe is vulnerable to Server-Side Template Injection attacks Critical
CVE-2025-53833 was published for binarytorch/larecipe (Composer) Jul 14, 2025
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Critical
CVE-2025-49136 was published for github.com/knadh/listmonk (Go) Jun 9, 2025
nakkouchtarek
Credited to nakkouchtarek
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings... Critical Unreviewed
CVE-2025-47916 was published May 16, 2025
IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because... Critical Unreviewed
CVE-2025-46661 was published Apr 28, 2025
wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3... Critical Unreviewed
CVE-2025-32461 was published Apr 9, 2025
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and... Critical Unreviewed
CVE-2024-12583 was published Jan 4, 2025
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-52434 was published Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso... Critical Unreviewed
CVE-2024-52427 was published Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove... Critical Unreviewed
CVE-2024-52393 was published Nov 14, 2024
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed
CVE-2024-49271 was published Oct 16, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-48042 was published Oct 16, 2024
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
Credited to edoardottt and dgtlmoon
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed
CVE-2024-6386 was published Aug 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database