GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2024-30372
was published
Nov 22, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso...
Critical
Unreviewed
CVE-2024-52427
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic...
Critical
Unreviewed
CVE-2024-52434
was published
Nov 18, 2024
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :...
High
Unreviewed
CVE-2024-48962
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove...
Critical
Unreviewed
CVE-2024-52393
was published
Nov 14, 2024
Improper neutralization of special elements used in SQL command in some Intel(R) Neural...
High
Unreviewed
CVE-2024-39766
was published
Nov 13, 2024
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in...
Critical
Unreviewed
CVE-2024-49271
was published
Oct 16, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic...
Critical
Unreviewed
CVE-2024-48042
was published
Oct 16, 2024
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Critical
CVE-2024-32651
was published
for
changedetection.io
(pip)
Oct 15, 2024
A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
High
Unreviewed
CVE-2024-46366
was published
Sep 27, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
High
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and...
Critical
Unreviewed
CVE-2024-6386
was published
Aug 21, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
High
CVE-2024-41950
was published
for
haystack-ai
(pip)
Jul 31, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability...
High
Unreviewed
CVE-2024-37621
was published
Jun 17, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection...
Critical
Unreviewed
CVE-2024-23692
was published
May 31, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-83jv-4prm-34g7
was published
for
shopware/shopware
(Composer)
May 21, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search...
High
Unreviewed
CVE-2022-48684
was published
Apr 28, 2024
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows...
High
Unreviewed
CVE-2024-4040
was published
Apr 22, 2024
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-32407
was published
Apr 22, 2024
A improper neutralization of special elements used in a template engine [CWE-1336] in...
Moderate
Unreviewed
CVE-2023-47542
was published
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API