GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,912
Composer 5,067
Erlang 39
GitHub Actions 38
Go 2,717
Maven 6,143
npm 4,328
NuGet 761
pip 4,105
Pub 12
RubyGems 958
Rust 1,065
Swift 45

Unreviewed advisories

All unreviewed 278,946

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

37 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System... Moderate Unreviewed

CVE-2025-66361 was published Nov 28, 2025

wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3... Critical Unreviewed

CVE-2025-32461 was published Apr 9, 2025

zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via... Critical Unreviewed

CVE-2025-60355 was published Oct 28, 2025

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed

CVE-2024-23692 was published May 31, 2024

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows... High Unreviewed

CVE-2024-4040 was published Apr 22, 2024

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that... High Unreviewed

CVE-2025-1040 was published Mar 20, 2025

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise... Critical Unreviewed

CVE-2025-37729 was published Oct 13, 2025

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-10380 was published Sep 23, 2025

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine,... Moderate Unreviewed

CVE-2025-35113 was published Aug 27, 2025

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock... High Unreviewed

CVE-2025-53194 was published Aug 20, 2025

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings... Critical Unreviewed

CVE-2025-47916 was published May 16, 2025

StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability... High Unreviewed

CVE-2024-37621 was published Jun 17, 2024

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper... Low Unreviewed

CVE-2025-23376 was published Apr 28, 2025

IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because... Critical Unreviewed

CVE-2025-46661 was published Apr 28, 2025

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove... Critical Unreviewed

CVE-2024-52393 was published Nov 14, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache... Low Unreviewed

CVE-2025-26865 was published Mar 10, 2025

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template... High Unreviewed

CVE-2024-54954 was published Feb 10, 2025

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently... High Unreviewed

CVE-2024-9150 was published Feb 21, 2025

An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access... Moderate Unreviewed

CVE-2025-26789 was published Feb 14, 2025

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :... High Unreviewed

CVE-2024-48962 was published Nov 18, 2024

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed

CVE-2024-49271 was published Oct 16, 2024

A improper neutralization of special elements used in a template engine [CWE-1336] in... Moderate Unreviewed

CVE-2023-47542 was published Apr 9, 2024

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and... Critical Unreviewed

CVE-2024-12583 was published Jan 4, 2025

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This... High Unreviewed

CVE-2024-30372 was published Nov 22, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed

CVE-2024-52434 was published Nov 18, 2024

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

37 advisories