GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,842 advisories
Withdrawn Advisory: ReDoS in py library when used with subversion
High
CVE-2022-42969
was published
for
py
(pip)
Oct 16, 2022
•
withdrawn
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
High
CVE-2025-30167
was published
for
jupyter_core
(pip)
Jun 4, 2025
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
Moderate
CVE-2025-53012
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
Low
CVE-2025-53011
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
Low
CVE-2025-53010
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Moderate
CVE-2025-53009
was published
for
MaterialX
(pip)
Jul 31, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values
Moderate
CVE-2025-48074
was published
for
OpenEXR
(pip)
Jul 31, 2025
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Low
CVE-2025-50460
was published
for
ms-swift
(pip)
Jul 31, 2025
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
Moderate
CVE-2025-48073
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
Moderate
CVE-2025-48072
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
High
CVE-2025-48071
was published
for
OpenEXR
(pip)
Jul 31, 2025
MS SWIFT WEB-UI RCE Vulnerability
Moderate
GHSA-7c78-rm87-5673
was published
for
ms-swift
(pip)
Jul 31, 2025
MS SWIFT Deserialization RCE Vulnerability
Moderate
GHSA-r54c-2xmf-2cf3
was published
for
ms-swift
(pip)
Jul 31, 2025
copyparty Reflected XSS via Filter Parameter
Moderate
CVE-2025-54589
was published
for
copyparty
(pip)
Jul 31, 2025
LangChain pickle deserialization of untrusted data
High
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
High
CVE-2025-54412
was published
for
skops
(pip)
Jul 25, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Moderate
CVE-2025-54423
was published
for
copyparty
(pip)
Jul 28, 2025
Calibre Web and Autocaliweb have a ReDoS vulnerability
High
CVE-2025-6998
was published
for
calibreweb
(pip)
Jul 24, 2025
ProTip!
Advisories are also available from the
GraphQL API