Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
45
GitHub Actions
47
Go
3,309
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,531
Pub
12
RubyGems
1,009
Rust
1,195
Swift
51
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion Moderate
CVE-2025-53012 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit Moderate
CVE-2025-53009 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
OpenEXR Out-Of-Memory via Unbounded File Header Values Moderate
CVE-2025-48074 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode Moderate
CVE-2025-48073 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute Moderate
CVE-2025-48072 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size High
CVE-2025-48071 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput Low
CVE-2025-53011 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return Low
CVE-2025-53010 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Credited to smaury, Paupu, and fromVeeko Paupu Paupu
fromVeeko fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Credited to smaury, Paupu, and fromVeeko Paupu Paupu
fromVeeko fromVeeko
Slow String Operations via MultiPart Requests in Event-Driven Functions Moderate
CVE-2024-29186 was published for bref/bref (Composer) Mar 22, 2024
smaury Credited to smaury, mnapoli, rcambien, and GrahamCampbell mnapoli mnapoli
rcambien rcambien GrahamCampbell GrahamCampbell
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database