Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection High
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
Credited to c0rydoras
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/... High Unreviewed
CVE-2025-69516 was published Jan 29, 2026
OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE High
CVE-2026-22244 was published for org.open-metadata:platform (Maven) Jan 7, 2026
lnlinh31 manerow
TeddyCr pmbrull
Credited to lnlinh31, manerow, TeddyCr, and pmbrull
Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns High
CVE-2025-54287 was published for github.com/lxc/lxd (Go) Oct 2, 2025
Shopware Has Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
Credited to Creastery
Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users High
CVE-2026-21449 was published for bagisto/bagisto (Composer) Jan 2, 2026
Bagisto has Normal & Blind SSTI from low-privilege user when ordering product High
CVE-2026-21448 was published for bagisto/bagisto (Composer) Jan 2, 2026
An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method... High Unreviewed
CVE-2025-66437 was published Dec 15, 2025
Bagisto SSTI vulnerability in type parameter can lead to RCE High
CVE-2026-21450 was published for bagisto/bagisto (Composer) Jan 2, 2026
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify... High Unreviewed
CVE-2025-67843 was published Dec 19, 2025
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a... High Unreviewed
CVE-2024-32406 was published Apr 26, 2024
FoF Pretty Mail has a server-side template injection vulnerability High
CVE-2024-58303 was published for fof/pretty-mail (Composer) Dec 12, 2025
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated... High Unreviewed
CVE-2024-58293 was published Dec 12, 2025
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates High
CVE-2025-65106 was published for langchain-core (pip) Nov 20, 2025
0xn3va
Credited to 0xn3va
Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms High
CVE-2025-66298 was published for getgrav/grav (Composer) Dec 2, 2025
yiannakasgeorge
Credited to yiannakasgeorge
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass High
CVE-2025-66294 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection High
CVE-2025-66297 was published for getgrav/grav (Composer) Dec 2, 2025
p1r0x
Credited to p1r0x
Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection) High
CVE-2025-66299 was published for getgrav/grav (Composer) Dec 2, 2025
justwove
Credited to justwove
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows... High Unreviewed
CVE-2024-4040 was published Apr 22, 2024
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that... High Unreviewed
CVE-2025-1040 was published Mar 20, 2025
The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10380 was published Sep 23, 2025
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock... High Unreviewed
CVE-2025-53194 was published Aug 20, 2025
StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability... High Unreviewed
CVE-2024-37621 was published Jun 17, 2024
Skyvern has a Jinja runtime leak High
CVE-2025-49619 was published for skyvern (pip) Jun 7, 2025
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI High
CVE-2025-46731 was published for craftcms/cms (Composer) May 5, 2025
singetu0096
Credited to singetu0096
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database