GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,907 advisories
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
High
CVE-2025-55156
was published
for
pyload-ng
(pip)
Aug 12, 2025
Litestar has potential log injection in exception logging
Low
GHSA-674p-xv2x-rf3g
was published
for
litestar
(pip)
Aug 11, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
CVE-2025-54368
was published
for
uv
(pip)
Aug 7, 2025
SKOPS Card.get_model happily allows arbitrary code execution
High
CVE-2025-54886
was published
for
skops
(pip)
Aug 7, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
Critical
CVE-2025-54802
was published
for
pyload-ng
(pip)
Aug 4, 2025
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
High
CVE-2025-54796
was published
for
copyparty
(pip)
Aug 4, 2025
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
Moderate
CVE-2025-53012
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Moderate
CVE-2025-53009
was published
for
MaterialX
(pip)
Jul 31, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values
Moderate
CVE-2025-48074
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
Moderate
CVE-2025-48073
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
Moderate
CVE-2025-48072
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
High
CVE-2025-48071
was published
for
OpenEXR
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
Low
CVE-2025-53011
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
Low
CVE-2025-53010
was published
for
MaterialX
(pip)
Jul 31, 2025
MS SWIFT Deserialization RCE Vulnerability
Moderate
GHSA-r54c-2xmf-2cf3
was published
for
ms-swift
(pip)
Jul 31, 2025
ProTip!
Advisories are also available from the
GraphQL API