GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Code injection in RazorEngine
Critical
CVE-2021-46703
was published
for
RazorEngine
(NuGet)
Mar 7, 2022
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Critical
CVE-2024-32651
was published
for
changedetection.io
(pip)
Oct 15, 2024
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Critical
CVE-2025-49136
was published
for
github.com/knadh/listmonk
(Go)
Jun 9, 2025
jinjava has Sandbox Bypass via JavaType-Based Deserialization
Critical
CVE-2025-59340
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Sep 17, 2025
ProTip!
Advisories are also available from the
GraphQL API