GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
76 advisories
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read
Moderate
GHSA-vffh-c9pq-4crh
was published
for
uptime-kuma
(npm)
Oct 20, 2025
bagisto has Server Side Template Injection (SSTI) in Product Description
Moderate
CVE-2025-62416
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
jinjava has Sandbox Bypass via JavaType-Based Deserialization
Critical
CVE-2025-59340
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Sep 17, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI
Moderate
CVE-2025-57811
was published
for
craftcms/cms
(Composer)
Aug 25, 2025
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Moderate
CVE-2025-49142
was published
for
nautobot
(pip)
Jun 10, 2025
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Critical
CVE-2025-49136
was published
for
github.com/knadh/listmonk
(Go)
Jun 9, 2025
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
High
CVE-2025-46731
was published
for
craftcms/cms
(Composer)
May 5, 2025
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
Moderate
CVE-2025-27516
was published
for
Jinja2
(pip)
Mar 5, 2025
ProTip!
Advisories are also available from the
GraphQL API