GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,132 advisories
ExecuTorch vulnerable to Heap-based Buffer Overflow
Critical
CVE-2025-54951
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch heap buffer overflow vulnerability
Critical
CVE-2025-54949
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch integer overflow vulnerability
Critical
CVE-2025-30404
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch out-of-bounds access vulnerability
Critical
CVE-2025-54950
was published
for
executorch
(Maven)
Aug 8, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
CVE-2025-54368
was published
for
uv
(pip)
Aug 7, 2025
SKOPS Card.get_model happily allows arbitrary code execution
High
CVE-2025-54886
was published
for
skops
(pip)
Aug 7, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
Critical
CVE-2025-54802
was published
for
pyload-ng
(pip)
Aug 4, 2025
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
High
CVE-2025-54796
was published
for
copyparty
(pip)
Aug 4, 2025
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
Moderate
CVE-2025-53012
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Moderate
CVE-2025-53009
was published
for
MaterialX
(pip)
Jul 31, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values
Moderate
CVE-2025-48074
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
Moderate
CVE-2025-48073
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
Moderate
CVE-2025-48072
was published
for
OpenEXR
(pip)
Jul 31, 2025
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
High
CVE-2025-48071
was published
for
OpenEXR
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
Low
CVE-2025-53011
was published
for
MaterialX
(pip)
Jul 31, 2025
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
Low
CVE-2025-53010
was published
for
MaterialX
(pip)
Jul 31, 2025
MS SWIFT Deserialization RCE Vulnerability
Moderate
GHSA-r54c-2xmf-2cf3
was published
for
ms-swift
(pip)
Jul 31, 2025
MS SWIFT WEB-UI RCE Vulnerability
Moderate
CVE-2025-41419
was published
for
ms-swift
(pip)
Jul 31, 2025
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Low
CVE-2025-50460
was published
for
ms-swift
(pip)
Jul 31, 2025
copyparty Reflected XSS via Filter Parameter
Moderate
CVE-2025-54589
was published
for
copyparty
(pip)
Jul 31, 2025
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
ProTip!
Advisories are also available from the
GraphQL API