EUVD-2025-17462

Malicious code in bioql PyPI...

GO-2025-3745 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk

listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

CVE-2024-55660

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables...

Server-side Template Injection (SSTI)

SiYuan is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of templates in the /api/template/renderSprig endpoint, allowing attackers to access environment variables through the Sprig template engine...

SiYuan 安全漏洞

SiYuan is a privacy-first personal knowledge management system from SiYuan Open Source. A security vulnerability exists in SiYuan versions prior to 3.1.16, which stems from susceptibility to a server-side template injection SSTI attack via the Sprig template engine, allowing an attacker to access...

PT-2024-36575 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: SiYuan versions prior to 3.1.16 Description: SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to acces...