Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
MindflareX Credited to MindflareX and adamus2 adamus2 adamus2
MindflareX Credited to MindflareX and adamus2 adamus2 adamus2
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString High
GHSA-24c8-4792-22hx was published for Scriban.Signed (NuGet) May 19, 2026
fg0x0 Credited to fg0x0 and adamus2 adamus2 adamus2
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation Moderate
GHSA-xw6w-9jjh-p9cr was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset and adamus2 adamus2 adamus2
Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString Moderate
GHSA-m2p3-hwv5-xpqw was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset and adamus2 adamus2 adamus2
offset Credited to offset and adamus2 adamus2 adamus2
Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service High
GHSA-v66j-x4hw-fv9g was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset and adamus2 adamus2 adamus2
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service High
GHSA-c875-h985-hvrc was published for Scriban.Signed (NuGet) Mar 24, 2026
Zwique Credited to Zwique and adamus2 adamus2 adamus2
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse Critical
GHSA-5wr9-m6jw-xx44 was published for Scriban.Signed (NuGet) Mar 24, 2026
Zwique Credited to Zwique and adamus2 adamus2 adamus2
Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset() High
GHSA-x6m9-38vm-2xhf was published for Scriban.Signed (NuGet) Mar 24, 2026
Zwique Credited to Zwique and adamus2 adamus2 adamus2
Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix High
GHSA-p6q4-fgr8-vx4p was published for Scriban (NuGet) Mar 24, 2026
pawlos Credited to pawlos and adamus2 adamus2 adamus2
Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service) Moderate
GHSA-5rpf-x9jg-8j5p was published for Scriban.Signed (NuGet) Mar 19, 2026
adamus2 Credited to adamus2
adamus2 Credited to adamus2
Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service) High
GHSA-wgh7-7m3c-fx25 was published for Scriban.Signed (NuGet) Mar 19, 2026
adamus2 Credited to adamus2
ProTip! Advisories are also available from the GraphQL API