Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,796
Maven
5,000+
npm
4,410
NuGet
772
pip
4,181
Pub
12
RubyGems
965
Rust
1,078
Swift
45
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96 davidaxion
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, ywang96, and davidaxion
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for kubevirt.io/kubevirt (Go) Nov 7, 2025
mihailkirov Faeris95
jean-edouard
Credited to mihailkirov, Faeris95, and jean-edouard
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when... High Unreviewed
CVE-2025-9900 was published Sep 23, 2025
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where... High Unreviewed
CVE-2025-33045 was published Sep 9, 2025
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune hanbunny
jin-156 amethyst0225 pigeontwo9999
Credited to leehohojune, hanbunny, jin-156, amethyst0225, and pigeontwo9999
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within... High Unreviewed
CVE-2025-22225 was published Mar 4, 2025
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead... Moderate Unreviewed
CVE-2024-20141 was published Feb 3, 2025
Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition... Moderate Unreviewed
CVE-2024-47438 was published Nov 12, 2024
In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead... Moderate Unreviewed
CVE-2024-20119 was published Nov 4, 2024
In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead... Moderate Unreviewed
CVE-2024-20118 was published Nov 4, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition... High Unreviewed
CVE-2024-45142 was published Oct 9, 2024
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards ... High Unreviewed
CVE-2024-36877 was published Aug 12, 2024
Return registers were overwritten which could have allowed an attacker to execute arbitrary code.... High Unreviewed
CVE-2024-2607 was published Mar 19, 2024
Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition... High Unreviewed
CVE-2024-20741 was published Feb 15, 2024
A vulnerability has been identified in syngo fastView (All versions). The affected application... High Unreviewed
CVE-2021-45465 was published Jan 4, 2024
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE... Critical Unreviewed
CVE-2022-38143 was published Dec 23, 2022
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to... High Unreviewed
CVE-2022-37904 was published Dec 12, 2022
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout... High Unreviewed
CVE-2022-35408 was published Sep 23, 2022
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the... High Unreviewed
CVE-2022-40262 was published Sep 21, 2022
A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only... High Unreviewed
CVE-2022-40246 was published Sep 21, 2022
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all... High Unreviewed
CVE-2020-7560 was published May 24, 2022
Some API functions permit by-design writing or copying data into a given buffer. Since the client... Critical Unreviewed
CVE-2021-38449 was published May 24, 2022
The affected product is vulnerable to a unsanitized extract folder for system configuration. A... High Unreviewed
CVE-2021-42540 was published May 24, 2022
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition... Moderate Unreviewed
CVE-2021-36057 was published May 24, 2022
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual... High Unreviewed
CVE-2021-1520 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database