GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,763
Composer 4,750
Erlang 35
GitHub Actions 29
Go 2,323
Maven 5,608
npm 3,956
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,280

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

31 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py. High Unreviewed

CVE-2025-49619 was published Jun 7, 2025

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings... Critical Unreviewed

CVE-2025-47916 was published May 16, 2025

IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because... Critical Unreviewed

CVE-2025-46661 was published Apr 28, 2025

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper... Low Unreviewed

CVE-2025-23376 was published Apr 28, 2025

wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3... Critical Unreviewed

CVE-2025-32461 was published Apr 9, 2025

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache... Low Unreviewed

CVE-2025-26865 was published Mar 10, 2025

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently... High Unreviewed

CVE-2024-9150 was published Feb 21, 2025

An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access... Moderate Unreviewed

CVE-2025-26789 was published Feb 14, 2025

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template... High Unreviewed

CVE-2024-54954 was published Feb 10, 2025

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and... Critical Unreviewed

CVE-2024-12583 was published Jan 4, 2025

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This... High Unreviewed

CVE-2024-30372 was published Nov 22, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso... Critical Unreviewed

CVE-2024-52427 was published Nov 18, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed

CVE-2024-52434 was published Nov 18, 2024

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :... High Unreviewed

CVE-2024-48962 was published Nov 18, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove... Critical Unreviewed

CVE-2024-52393 was published Nov 14, 2024

Improper neutralization of special elements used in SQL command in some Intel(R) Neural... High Unreviewed

CVE-2024-39766 was published Nov 13, 2024

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed

CVE-2024-49271 was published Oct 16, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed

CVE-2024-48042 was published Oct 16, 2024

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... High Unreviewed

CVE-2024-46366 was published Sep 27, 2024

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed

CVE-2024-6386 was published Aug 21, 2024

StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability... High Unreviewed

CVE-2024-37621 was published Jun 17, 2024

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed

CVE-2024-23692 was published May 31, 2024

An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search... High Unreviewed

CVE-2022-48684 was published Apr 28, 2024

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows... High Unreviewed

CVE-2024-4040 was published Apr 22, 2024

An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via... High Unreviewed

CVE-2024-32407 was published Apr 22, 2024

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

31 advisories