EGI SVG Advisories

EGI SVG advisories

All advisories which are disclosed publicly by EGI Software Vulnerability Group (SVG) are placed on this site.

All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI SVG.

A guide to the risk categories is available at Notes On Risk.

Current advisories

Date	Title	Contents/Link	CVE(s) (if applicable)
2025-12-02 Updated 2026-01-13	CRITICAL Risk React Server Components Vulnerability [EGI-SVG-2025-26]	Advisory-EGI-SVG-2025-26	CVE-2025-55182
2025-12-03 Updated 2026-01-13	HTCondor Vulnerability [EGI-SVG-2025-25]	Advisory-EGI-SVG-2025-25
2025-09-17 Updated 2025-11-25, 2026-01-08	CRITICAL Risk VMSCAPE virtualization escape vulnerability [EGI-SVG-2025-17]	Advisory-EGI-SVG-2025-17	CVE-2025-40300
2025-11-25 Updated 2026-01-07	CRITICAL Risk OpenStack Vulnerability [EGI-SVG-2025-24]	Advisory-EGI-SVG-2025-24	CVE-2025-65073
2025-10-22 Updated 2025-12-03	HIGH Risk INDIGO IAM vulnerabilities [EGI-SVG-2025-19]	Advisory-EGI-SVG-2025-19
2025-10-16 Updated 2025-12-03	CRITICAL Risk NVIDIA use-after-free vulnerabilities [EGI-SVG-2025-22]	Advisory-EGI-SVG-2025-22	CVE-2025-23280 CVE-2025-23330
2025-10-09 Updated 2025-12-03	CRITICAL Risk Redis vulnerability [EGI-SVG-2025-21]	Advisory-EGI-SVG-2025-21	CVE-2025-49844
2025-10-01 Updated 2025-12-03	CRITICAL Risk FreeIPA host to domain privilege escalation [EGI-SVG-2025-20]	Advisory-EGI-SVG-2025-20	CVE-2025-7493

EGI SVG produces advisories according to the SEC02 EGI Software Vulnerability Issue Handling.

Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC services.

Earlier advisories

• Advisories from 2025
• Advisories from 2024
• Advisories from 2023
• Advisories from 2022
• Advisories from 2021
• Advisories from 2020
• Advisories from 2019
• Advisories from 2018
• Advisories from 2017
• Advisories from 2016
• Advisories from 2014 and 2015
• Advisories from 2011 to 2013
• Advisories from prior to 2011 Gridpp Advisories Archive

In the past (up to the end of 2015) CSIRT also issued general alerts at EGI CSIRT Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Publishing an advisory

See Publishing an Advisory

This site is open source. Improve this page.