Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion Moderate
CVE-2025-53012 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit Moderate
CVE-2025-53009 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
OpenEXR Out-Of-Memory via Unbounded File Header Values Moderate
CVE-2025-48074 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode Moderate
CVE-2025-48073 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute Moderate
CVE-2025-48072 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
Slow String Operations via MultiPart Requests in Event-Driven Functions Moderate
CVE-2024-29186 was published for bref/bref (Composer) Mar 22, 2024
smaury Credited to smaury, mnapoli, rcambien, and GrahamCampbell mnapoli mnapoli
rcambien rcambien GrahamCampbell GrahamCampbell
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database