Security
Headlines

Headlines Latest CVEs

Headline

GHSA-r8w2-w357-9pjv: XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability

A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.

7 days ago

#vulnerability #git #java #intel #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-64087

XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability

Critical severity GitHub Reviewed Published Jan 20, 2026 to the GitHub Advisory Database • Updated Jan 21, 2026

Package

maven fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (Maven)

Affected versions

< 2.1.0

Description

Published to the GitHub Advisory Database

Jan 20, 2026

Last updated

Jan 21, 2026

EPSS score

ghsa: Latest News

GHSA-j4rc-96xj-gvqc: phpMyFAQ: Public API endpoints expose emails and invisible questions

4 days ago

GHSA-wm8h-26fv-mg7g: phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

4 days ago

GHSA-7p9h-m7m8-vhhv: phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

4 days ago

GHSA-w7rq-fgx4-4xcm: LavaLite CMS affected by a stored cross-site scripting vulnerability

4 days ago

GHSA-mxc8-4jqf-368q: miniserve affected by a TOCTOU and symlink race vulnerability

4 days ago