GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4 advisories
XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2025-64087
was published
for
fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker
(Maven)
Jan 20, 2026
JinJava Bypass through ForTag leads to Arbitrary Java Execution
Critical
CVE-2026-25526
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Feb 3, 2026
jinjava has Sandbox Bypass via JavaType-Based Deserialization
Critical
CVE-2025-59340
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Sep 17, 2025
ProTip!
Advisories are also available from the
GraphQL API