Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for kubevirt.io/kubevirt (Go) Nov 7, 2025
mihailkirov Faeris95
jean-edouard
Credited to mihailkirov, Faeris95, and jean-edouard
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when... High Unreviewed
CVE-2025-9900 was published Sep 23, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, and ywang96
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune hanbunny
jin-156 amethyst0225
Credited to leehohojune, hanbunny, jin-156, and amethyst0225
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition... Moderate Unreviewed
CVE-2021-36057 was published May 24, 2022
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within... High Unreviewed
CVE-2025-22225 was published Mar 4, 2025
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where... High Unreviewed
CVE-2025-33045 was published Sep 9, 2025
A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only... High Unreviewed
CVE-2022-40246 was published Sep 21, 2022
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the... High Unreviewed
CVE-2022-40262 was published Sep 21, 2022
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout... High Unreviewed
CVE-2022-35408 was published Sep 23, 2022
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to... High Unreviewed
CVE-2022-37904 was published Dec 12, 2022
In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead... Moderate Unreviewed
CVE-2024-20119 was published Nov 4, 2024
In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead... Moderate Unreviewed
CVE-2024-20118 was published Nov 4, 2024
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute... Critical Unreviewed
CVE-2015-8271 was published May 17, 2022
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead... Moderate Unreviewed
CVE-2024-20141 was published Feb 3, 2025
Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition... Moderate Unreviewed
CVE-2024-47438 was published Nov 12, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition... High Unreviewed
CVE-2024-45142 was published Oct 9, 2024
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards ... High Unreviewed
CVE-2024-36877 was published Aug 12, 2024
Return registers were overwritten which could have allowed an attacker to execute arbitrary code.... High Unreviewed
CVE-2024-2607 was published Mar 19, 2024
Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition... High Unreviewed
CVE-2024-20741 was published Feb 15, 2024
A vulnerability has been identified in syngo fastView (All versions). The affected application... High Unreviewed
CVE-2021-45465 was published Jan 4, 2024
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE... Critical Unreviewed
CVE-2022-38143 was published Dec 23, 2022
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability,... High Unreviewed
CVE-2017-10994 was published May 17, 2022
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to... High Unreviewed
CVE-2017-6282 was published May 14, 2022
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series... High Unreviewed
CVE-2018-15375 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database