GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
30 advisories
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
SiYuan has an SSTI via /api/template/renderSprig
Moderate
CVE-2024-55660
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
Moderate
CVE-2025-27516
was published
for
Jinja2
(pip)
Mar 5, 2025
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Moderate
CVE-2025-49142
was published
for
nautobot
(pip)
Jun 10, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI
Moderate
CVE-2025-57811
was published
for
craftcms/cms
(Composer)
Aug 25, 2025
bagisto has Server Side Template Injection (SSTI) in Product Description
Moderate
CVE-2025-62416
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read
Moderate
GHSA-vffh-c9pq-4crh
was published
for
uptime-kuma
(npm)
Oct 20, 2025
Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI
Moderate
CVE-2025-68454
was published
for
craftcms/cms
(Composer)
Jan 5, 2026
Kimai has an Authenticated Server-Side Template Injection (SSTI)
Moderate
CVE-2026-23626
was published
for
kimai/kimai
(Composer)
Jan 20, 2026
Craft CMS Vulnerable to Authenticated RCE via Twig SSTI - create() function + Symfony Process gadget
Moderate
CVE-2026-28695
was published
for
craftcms/cms
(Composer)
Mar 3, 2026
Craft CMS has Twig Function Blocklist Bypass
Moderate
CVE-2026-28783
was published
for
craftcms/cms
(Composer)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API