GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,618 advisories
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
Moderate
CVE-2025-53012
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Moderate
CVE-2025-53009
was published
for
MaterialX
(pip)
Jul 31, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values
Moderate
CVE-2025-48074
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
Moderate
CVE-2025-48073
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
Moderate
CVE-2025-48072
was published
for
OpenEXR
(pip)
Jul 31, 2025
MS SWIFT Deserialization RCE Vulnerability
Moderate
GHSA-r54c-2xmf-2cf3
was published
for
ms-swift
(pip)
Jul 31, 2025
MS SWIFT WEB-UI RCE Vulnerability
Moderate
GHSA-7c78-rm87-5673
was published
for
ms-swift
(pip)
Jul 31, 2025
copyparty Reflected XSS via Filter Parameter
Moderate
CVE-2025-54589
was published
for
copyparty
(pip)
Jul 31, 2025
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Moderate
CVE-2025-54423
was published
for
copyparty
(pip)
Jul 28, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Moderate
CVE-2025-55013
was published
for
assemblyline-service-client
(pip)
Jul 25, 2025
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Moderate
CVE-2025-7404
was published
for
calibreweb
(pip)
Jul 24, 2025
Starlette has possible denial-of-service vector when parsing large files in multipart forms
Moderate
CVE-2025-54121
was published
for
starlette
(pip)
Jul 21, 2025
Indico vulnerability allows attackers to bulk dump user details
Moderate
CVE-2025-53640
was published
for
indico
(pip)
Jul 14, 2025
fastapi-guard is vulnerable to ReDoS through inefficient regex
Moderate
CVE-2025-53539
was published
for
fastapi-guard
(pip)
Jul 7, 2025
ProTip!
Advisories are also available from the
GraphQL API