Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso... Critical Unreviewed
CVE-2024-52427 was published Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-52434 was published Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove... Critical Unreviewed
CVE-2024-52393 was published Nov 14, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-48042 was published Oct 16, 2024
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed
CVE-2024-49271 was published Oct 16, 2024
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed
CVE-2024-6386 was published Aug 21, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed
CVE-2024-23692 was published May 31, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-83jv-4prm-34g7 was published for shopware/shopware (Composer) May 21, 2024
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template... Critical Unreviewed
CVE-2024-24724 was published Apr 3, 2024
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio... Critical Unreviewed
CVE-2023-2259 was published Apr 24, 2023
RCE in Mingsoft MCMS Critical
CVE-2022-22930 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database