GHSA-p6q4-fgr8-vx4p: Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix

March 24, 2026

StackOverflowException via nested array initializers bypasses ExpressionDepthLimit fix (GHSA-wgh7-7m3c-fx25)

References

github.com/advisories/GHSA-p6q4-fgr8-vx4p
github.com/advisories/GHSA-wgh7-7m3c-fx25
github.com/scriban/scriban
github.com/scriban/scriban/security/advisories/GHSA-p6q4-fgr8-vx4p

Code Behaviors & Features

Detect and mitigate GHSA-p6q4-fgr8-vx4p with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →