Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms High
CVE-2025-66298 was published for getgrav/grav (Composer) Dec 2, 2025
yiannakasgeorge
Credited to yiannakasgeorge
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass High
CVE-2025-66294 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection High
CVE-2025-66297 was published for getgrav/grav (Composer) Dec 2, 2025
p1r0x
Credited to p1r0x
Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection) High
CVE-2025-66299 was published for getgrav/grav (Composer) Dec 2, 2025
justwove
Credited to justwove
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates High
CVE-2025-65106 was published for langchain-core (pip) Nov 20, 2025
0xn3va
Credited to 0xn3va
Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns High
CVE-2025-54287 was published for github.com/lxc/lxd (Go) Oct 2, 2025
Skyvern has a Jinja runtime leak High
CVE-2025-49619 was published for skyvern (pip) Jun 7, 2025
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI High
CVE-2025-46731 was published for craftcms/cms (Composer) May 5, 2025
singetu0096
Credited to singetu0096
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-29297 was published for magento/community-edition (Composer) Jun 15, 2023
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
Jinja2 template injection in mlflow High
CVE-2023-6709 was published for mlflow (pip) Dec 12, 2023
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
Credited to grmpyninja, andres-torres-marroquin, adamsachs, and daveqnet
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements High
CVE-2021-4315 was published for psiTurk (pip) Jan 29, 2023
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine High
CVE-2023-41047 was published for OctoPrint (pip) Oct 10, 2023
rggu2zr
Credited to rggu2zr
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Credited to Creastery
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Credited to Creastery
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE High
CVE-2024-41950 was published for haystack-ai (pip) Jul 31, 2024
Craft CMS Vulnerable to Server-Side Template Injection High
CVE-2018-20465 was published for craftcms/cms (Composer) May 13, 2022
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass High
CVE-2024-28116 was published for getgrav/grav (Composer) Mar 22, 2024
akabe1
Credited to akabe1
Mustache remote code injection vulnerability High
CVE-2022-0323 was published for mustache/mustache (Composer) Jan 27, 2022
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File High
CVE-2023-46245 was published for kimai/kimai (Composer) Oct 30, 2023
ixSly
Credited to ixSly
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34448 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Credited to jacobsoo
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34252 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Credited to jacobsoo
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability High
CVE-2023-34253 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Credited to jacobsoo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database