GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,578 advisories
Copier's safe template has filesystem write access outside destination path
Moderate
CVE-2025-55214
was published
for
copier
(pip)
Aug 18, 2025
PyPDF's Manipulated FlateDecode streams can exhaust RAM
Moderate
CVE-2025-55197
was published
for
pypdf
(pip)
Aug 13, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
CVE-2025-54368
was published
for
uv
(pip)
Aug 7, 2025
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
Moderate
CVE-2025-53012
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Moderate
CVE-2025-53009
was published
for
MaterialX
(pip)
Jul 31, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values
Moderate
CVE-2025-48074
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
Moderate
CVE-2025-48073
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
Moderate
CVE-2025-48072
was published
for
OpenEXR
(pip)
Jul 31, 2025
MS SWIFT Deserialization RCE Vulnerability
Moderate
GHSA-r54c-2xmf-2cf3
was published
for
ms-swift
(pip)
Jul 31, 2025
MS SWIFT WEB-UI RCE Vulnerability
Moderate
GHSA-7c78-rm87-5673
was published
for
ms-swift
(pip)
Jul 31, 2025
copyparty Reflected XSS via Filter Parameter
Moderate
CVE-2025-54589
was published
for
copyparty
(pip)
Jul 31, 2025
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Moderate
CVE-2025-54423
was published
for
copyparty
(pip)
Jul 28, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Moderate
CVE-2025-55013
was published
for
assemblyline-service-client
(pip)
Jul 25, 2025
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Moderate
CVE-2025-7404
was published
for
calibreweb
(pip)
Jul 24, 2025
ProTip!
Advisories are also available from the
GraphQL API