GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27 advisories
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
SiYuan has an SSTI via /api/template/renderSprig
Moderate
CVE-2024-55660
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Moderate
CVE-2025-49142
was published
for
nautobot
(pip)
Jun 10, 2025
bagisto has Server Side Template Injection (SSTI) in Product Description
Moderate
CVE-2025-62416
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read
Moderate
GHSA-vffh-c9pq-4crh
was published
for
uptime-kuma
(npm)
Oct 20, 2025
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
Moderate
CVE-2025-27516
was published
for
Jinja2
(pip)
Mar 5, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI
Moderate
CVE-2025-57811
was published
for
craftcms/cms
(Composer)
Aug 25, 2025
Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI
Moderate
CVE-2025-68454
was published
for
craftcms/cms
(Composer)
Jan 5, 2026
Kimai has an Authenticated Server-Side Template Injection (SSTI)
Moderate
CVE-2026-23626
was published
for
kimai/kimai
(Composer)
Jan 20, 2026
Craft CMS Vulnerable to Authenticated RCE via Twig SSTI - create() function + Symfony Process gadget
Moderate
CVE-2026-28695
was published
for
craftcms/cms
(Composer)
Mar 3, 2026
Craft CMS has Twig Function Blocklist Bypass
Moderate
CVE-2026-28783
was published
for
craftcms/cms
(Composer)
Mar 3, 2026
Craft CMS has potential authenticated Remote Code Execution via Twig SSTI
Moderate
CVE-2026-28784
was published
for
craftcms/cms
(Composer)
Mar 3, 2026
Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck
Moderate
CVE-2026-40320
was published
for
giskard-checks
(pip)
Apr 14, 2026
ProTip!
Advisories are also available from the
GraphQL API