GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,252
Composer 5,237
Erlang 40
GitHub Actions 41
Go 3,005
Maven 6,264
npm 4,733
NuGet 788
pip 4,343
Pub 12
RubyGems 987
Rust 1,137
Swift 50

Unreviewed advisories

All unreviewed 290,999

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

53 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin... Critical Unreviewed

CVE-2025-12107 was published Feb 19, 2026

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway... Critical Unreviewed

CVE-2026-1868 was published Feb 9, 2026

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/... High Unreviewed

CVE-2025-69516 was published Jan 29, 2026

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of... Moderate Unreviewed

CVE-2025-46699 was published Jan 23, 2026

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify... High Unreviewed

CVE-2025-67843 was published Dec 19, 2025

Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI). Critical Unreviewed

CVE-2022-23851 was published Dec 17, 2025

An input neutralization vulnerability in the Webhook Template component of Crafty Controller... Critical Unreviewed

CVE-2025-14700 was published Dec 17, 2025

An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text... Critical Unreviewed

CVE-2025-66434 was published Dec 15, 2025

An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method... High Unreviewed

CVE-2025-66437 was published Dec 15, 2025

An SSTI (Server-Side Template Injection) vulnerability exists in the get_contract_template method... Moderate Unreviewed

CVE-2025-66435 was published Dec 15, 2025

An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions... Moderate Unreviewed

CVE-2025-66436 was published Dec 15, 2025

A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89... Critical Unreviewed

CVE-2025-66438 was published Dec 15, 2025

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated... High Unreviewed

CVE-2024-58293 was published Dec 12, 2025

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows... Critical Unreviewed

CVE-2025-65602 was published Dec 10, 2025

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System... Moderate Unreviewed

CVE-2025-66361 was published Nov 28, 2025

zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via... Critical Unreviewed

CVE-2025-60355 was published Oct 28, 2025

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise... Critical Unreviewed

CVE-2025-37729 was published Oct 13, 2025

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-10380 was published Sep 23, 2025

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine,... Moderate Unreviewed

CVE-2025-35113 was published Aug 27, 2025

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock... High Unreviewed

CVE-2025-53194 was published Aug 20, 2025

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings... Critical Unreviewed

CVE-2025-47916 was published May 16, 2025

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper... Low Unreviewed

CVE-2025-23376 was published Apr 28, 2025

IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because... Critical Unreviewed

CVE-2025-46661 was published Apr 28, 2025

wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3... Critical Unreviewed

CVE-2025-32461 was published Apr 9, 2025

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that... High Unreviewed

CVE-2025-1040 was published Mar 20, 2025

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

53 advisories