Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to... Critical Unreviewed
CVE-2025-69809 was published Mar 16, 2026
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the... Moderate Unreviewed
CVE-2025-29943 was published Jan 16, 2026
vLLM introduced enhanced protection for CVE-2025-62164 High
GHSA-mcmc-2m55-j8jj was published for vllm (pip) Jan 8, 2026
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion Credited to omriaxion, russellb, DarkLight1337, Isotr0py, ywang96, and davidatom russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py ywang96 ywang96 davidatom davidatom
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for kubevirt.io/kubevirt (Go) Nov 7, 2025
mihailkirov Credited to mihailkirov, Faeris95, and jean-edouard Faeris95 Faeris95
jean-edouard jean-edouard
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when... High Unreviewed
CVE-2025-9900 was published Sep 23, 2025
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where... High Unreviewed
CVE-2025-33045 was published Sep 9, 2025
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune Credited to leehohojune, hanbunny, jin-156, amethyst0225, and pigeontwo9999 hanbunny hanbunny
jin-156 jin-156 amethyst0225 amethyst0225 pigeontwo9999 pigeontwo9999
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within... High Unreviewed
CVE-2025-22225 was published Mar 4, 2025
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead... Moderate Unreviewed
CVE-2024-20141 was published Feb 3, 2025
Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition... Moderate Unreviewed
CVE-2024-47438 was published Nov 12, 2024
In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead... Moderate Unreviewed
CVE-2024-20119 was published Nov 4, 2024
In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead... Moderate Unreviewed
CVE-2024-20118 was published Nov 4, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition... High Unreviewed
CVE-2024-45142 was published Oct 9, 2024
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards ... High Unreviewed
CVE-2024-36877 was published Aug 12, 2024
Return registers were overwritten which could have allowed an attacker to execute arbitrary code.... High Unreviewed
CVE-2024-2607 was published Mar 19, 2024
Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition... High Unreviewed
CVE-2024-20741 was published Feb 15, 2024
A vulnerability has been identified in syngo fastView (All versions). The affected application... High Unreviewed
CVE-2021-45465 was published Jan 4, 2024
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE... Critical Unreviewed
CVE-2022-38143 was published Dec 23, 2022
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to... High Unreviewed
CVE-2022-37904 was published Dec 12, 2022
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout... High Unreviewed
CVE-2022-35408 was published Sep 23, 2022
A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only... High Unreviewed
CVE-2022-40246 was published Sep 21, 2022
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the... High Unreviewed
CVE-2022-40262 was published Sep 21, 2022
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all... High Unreviewed
CVE-2020-7560 was published May 24, 2022
Some API functions permit by-design writing or copying data into a given buffer. Since the client... Critical Unreviewed
CVE-2021-38449 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database