GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
RCE in Mingsoft MCMS
Critical
CVE-2022-22930
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 22, 2022
Mustache remote code injection vulnerability
High
CVE-2022-0323
was published
for
mustache/mustache
(Composer)
Jan 27, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber
High
CVE-2022-0896
was published
for
microweber/microweber
(Composer)
Mar 10, 2022
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored...
Moderate
Unreviewed
CVE-2022-27662
was published
May 6, 2022
Craft CMS Vulnerable to Server-Side Template Injection
High
CVE-2018-20465
was published
for
craftcms/cms
(Composer)
May 13, 2022
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon...
High
Unreviewed
CVE-2021-39128
was published
May 24, 2022
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements
High
CVE-2021-4315
was published
for
psiTurk
(pip)
Jan 29, 2023
A improper neutralization of special elements used in a template engine vulnerability in Fortinet...
High
Unreviewed
CVE-2023-27995
was published
Apr 11, 2023
Improper Control of Generation of Code in Twig rendered views
High
CVE-2023-2017
was published
for
shopware/core
(Composer)
Apr 18, 2023
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio...
Critical
Unreviewed
CVE-2023-2259
was published
Apr 24, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)...
High
Unreviewed
CVE-2023-29297
was published
Jun 15, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34252
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
High
CVE-2023-34253
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34448
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
High
CVE-2023-41047
was published
for
OctoPrint
(pip)
Oct 10, 2023
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
High
CVE-2023-46245
was published
for
kimai/kimai
(Composer)
Oct 30, 2023
Ansible template injection vulnerability
Moderate
CVE-2023-5764
was published
for
ansible-core
(pip)
Dec 13, 2023
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template...
Critical
Unreviewed
CVE-2024-24724
was published
Apr 3, 2024
A improper neutralization of special elements used in a template engine [CWE-1336] in...
Moderate
Unreviewed
CVE-2023-47542
was published
Apr 9, 2024
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-32407
was published
Apr 22, 2024
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows...
High
Unreviewed
CVE-2024-4040
was published
Apr 22, 2024
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search...
High
Unreviewed
CVE-2022-48684
was published
Apr 28, 2024
ProTip!
Advisories are also available from the
GraphQL API