Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode Moderate
CVE-2026-25996 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Apr 22, 2026
suidpit Credited to suidpit, ndaprela, eiffel-fl, and flyth ndaprela ndaprela
eiffel-fl eiffel-fl flyth flyth
Inspektor Gadget: Command Injection via malicious buildOptions manipulation Moderate
CVE-2026-24905 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Apr 22, 2026
ndaprela Credited to ndaprela, suidpit, and eiffel-fl suidpit suidpit
eiffel-fl eiffel-fl
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion Moderate
CVE-2025-53012 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit Moderate
CVE-2025-53009 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
OpenEXR Out-Of-Memory via Unbounded File Header Values Moderate
CVE-2025-48074 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode Moderate
CVE-2025-48073 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute Moderate
CVE-2025-48072 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size High
CVE-2025-48071 was published for OpenEXR (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput Low
CVE-2025-53011 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return Low
CVE-2025-53010 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, TheZ3ro, ndaprela, and smaury TheZ3ro TheZ3ro
ndaprela ndaprela smaury smaury
Karmada Tar Slips in CRDs archive extraction Moderate
CVE-2024-56514 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju Credited to zhzhuang-zju, RainbowMango, TheZ3ro, and suidpit RainbowMango RainbowMango
TheZ3ro TheZ3ro suidpit suidpit
Karmada PULL Mode Cluster Privilege Escalation High
CVE-2024-56513 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju Credited to zhzhuang-zju, RainbowMango, SHIRO-BAKO, suidpit, and TheZ3ro RainbowMango RainbowMango
SHIRO-BAKO SHIRO-BAKO suidpit suidpit TheZ3ro TheZ3ro
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database