Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
Ansible template injection vulnerability Moderate
CVE-2023-5764 was published for ansible-core (pip) Dec 13, 2023
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed
CVE-2024-6386 was published Aug 21, 2024
A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... High Unreviewed
CVE-2024-46366 was published Sep 27, 2024
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine High
CVE-2023-41047 was published for OctoPrint (pip) Oct 10, 2023
rggu2zr
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon... High Unreviewed
CVE-2021-39128 was published May 24, 2022
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-48042 was published Oct 16, 2024
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed
CVE-2024-49271 was published Oct 16, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements High
CVE-2021-4315 was published for psiTurk (pip) Jan 29, 2023
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via... High Unreviewed
CVE-2024-32407 was published Apr 22, 2024
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search... High Unreviewed
CVE-2022-48684 was published Apr 28, 2024
Improper neutralization of special elements used in SQL command in some Intel(R) Neural... High Unreviewed
CVE-2024-39766 was published Nov 13, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove... Critical Unreviewed
CVE-2024-52393 was published Nov 14, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :... High Unreviewed
CVE-2024-48962 was published Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso... Critical Unreviewed
CVE-2024-52427 was published Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-52434 was published Nov 18, 2024
Jinja2 template injection in mlflow High
CVE-2023-6709 was published for mlflow (pip) Dec 12, 2023
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-30372 was published Nov 22, 2024
SiYuan has an SSTI via /api/template/renderSprig Moderate
CVE-2024-55660 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and... Critical Unreviewed
CVE-2024-12583 was published Jan 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database