GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,943 advisories
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
LangChain pickle deserialization of untrusted data
High
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
copyparty Reflected XSS via Filter Parameter
Moderate
CVE-2025-54589
was published
for
copyparty
(pip)
Jul 31, 2025
MS SWIFT Deserialization RCE Vulnerability
Moderate
GHSA-r54c-2xmf-2cf3
was published
for
ms-swift
(pip)
Jul 31, 2025
MS SWIFT WEB-UI RCE Vulnerability
Moderate
GHSA-7c78-rm87-5673
was published
for
ms-swift
(pip)
Jul 31, 2025
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
Moderate
CVE-2025-48072
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
Moderate
CVE-2025-48073
was published
for
OpenEXR
(pip)
Jul 31, 2025
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Low
CVE-2025-50460
was published
for
ms-swift
(pip)
Jul 31, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values
Moderate
CVE-2025-48074
was published
for
OpenEXR
(pip)
Jul 31, 2025
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Moderate
CVE-2025-53009
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
Low
CVE-2025-53010
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
Low
CVE-2025-53011
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
Moderate
CVE-2025-53012
was published
for
MaterialX
(pip)
Jul 31, 2025
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
High
CVE-2025-30167
was published
for
jupyter_core
(pip)
Jun 4, 2025
Withdrawn Advisory: ReDoS in py library when used with subversion
High
CVE-2022-42969
was published
for
py
(pip)
Oct 16, 2022
•
withdrawn
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
High
CVE-2025-54796
was published
for
copyparty
(pip)
Aug 4, 2025
Webargs mishandles concurrent JSON parsing
High
CVE-2019-9710
was published
for
webargs
(pip)
Mar 12, 2019
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
Critical
CVE-2025-54802
was published
for
pyload-ng
(pip)
Aug 4, 2025
ProTip!
Advisories are also available from the
GraphQL API