Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability High
CVE-2023-34253 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo Credited to jacobsoo
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34252 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo Credited to jacobsoo
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34448 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo Credited to jacobsoo
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File High
CVE-2023-46245 was published for kimai/kimai (Composer) Oct 30, 2023
ixSly Credited to ixSly
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery Credited to Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery Credited to Creastery
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine High
CVE-2023-41047 was published for OctoPrint (pip) Oct 10, 2023
rggu2zr Credited to rggu2zr
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon... High Unreviewed
CVE-2021-39128 was published May 24, 2022
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements High
CVE-2021-4315 was published for psiTurk (pip) Jan 29, 2023
Improper neutralization of special elements used in SQL command in some Intel(R) Neural... High Unreviewed
CVE-2024-39766 was published Nov 13, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja Credited to grmpyninja, andres-torres-marroquin, adamsachs, and daveqnet andres-torres-marroquin andres-torres-marroquin
adamsachs adamsachs daveqnet daveqnet
Jinja2 template injection in mlflow High
CVE-2023-6709 was published for mlflow (pip) Dec 12, 2023
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-30372 was published Nov 22, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :... High Unreviewed
CVE-2024-48962 was published Nov 18, 2024
Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently... High Unreviewed
CVE-2024-9150 was published Feb 21, 2025
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template... High Unreviewed
CVE-2024-54954 was published Feb 10, 2025
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-29297 was published for magento/community-edition (Composer) Jun 15, 2023
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI High
CVE-2025-46731 was published for craftcms/cms (Composer) May 5, 2025
singetu0096 Credited to singetu0096
Skyvern has a Jinja runtime leak High
CVE-2025-49619 was published for skyvern (pip) Jun 7, 2025
StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability... High Unreviewed
CVE-2024-37621 was published Jun 17, 2024
The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10380 was published Sep 23, 2025
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that... High Unreviewed
CVE-2025-1040 was published Mar 20, 2025
Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection) High
CVE-2025-66299 was published for getgrav/grav (Composer) Dec 2, 2025
justwove Credited to justwove
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database