GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
OpenShift Must Gather Operator Improper Input Validation vulnerability
High
CVE-2024-25131
was published
for
github.com/openshift/must-gather
(Go)
Dec 19, 2024
SiYuan has an SSTI via /api/template/renderSprig
Moderate
CVE-2024-55660
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Critical
CVE-2024-32651
was published
for
changedetection.io
(pip)
Oct 15, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
High
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
High
CVE-2024-41950
was published
for
haystack-ai
(pip)
Jul 31, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-36694
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-83jv-4prm-34g7
was published
for
shopware/shopware
(Composer)
May 21, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
Ansible template injection vulnerability
Moderate
CVE-2023-5764
was published
for
ansible-core
(pip)
Dec 13, 2023
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
High
CVE-2023-46245
was published
for
kimai/kimai
(Composer)
Oct 30, 2023
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
High
CVE-2023-41047
was published
for
OctoPrint
(pip)
Oct 10, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34448
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
High
CVE-2023-34253
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34252
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Improper Control of Generation of Code in Twig rendered views
High
CVE-2023-2017
was published
for
shopware/core
(Composer)
Apr 18, 2023
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements
High
CVE-2021-4315
was published
for
psiTurk
(pip)
Jan 29, 2023
Craft CMS Vulnerable to Server-Side Template Injection
High
CVE-2018-20465
was published
for
craftcms/cms
(Composer)
May 13, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber
High
CVE-2022-0896
was published
for
microweber/microweber
(Composer)
Mar 10, 2022
Mustache remote code injection vulnerability
High
CVE-2022-0323
was published
for
mustache/mustache
(Composer)
Jan 27, 2022
ProTip!
Advisories are also available from the
GraphQL API