Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

969 advisories

Loading
Nerdbank.MessagePack has Inefficient CPU Computation Moderate
GHSA-92vj-hp7m-gwcj was published for Nerdbank.MessagePack (NuGet) May 29, 2026
AArnott Credited to AArnott
Nerdbank.MessagePack has a memory amplification DoS in collection deserialization Moderate
GHSA-qjvr-435c-5fjh was published for Nerdbank.MessagePack (NuGet) May 29, 2026
svenclaesson Credited to svenclaesson and AArnott AArnott AArnott
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server Moderate
CVE-2026-47166 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
007bsd Credited to 007bsd
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model Moderate
CVE-2026-47165 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
007bsd Credited to 007bsd
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking Moderate
CVE-2026-46693 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
SecurinDisclose Credited to SecurinDisclose
ImageMagick: Heap Buffer Over-Write in distributed pixel cache server Moderate
CVE-2026-46692 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse Low
GHSA-qv2q-c278-pch5 was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd and LuiginoC LuiginoC LuiginoC
ImageMagick: Division by Zero in binomial kernel Low
GHSA-vf33-6r7x-66xx was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix Moderate
GHSA-jqq5-8px3-9m6m was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog Moderate
CVE-2026-46609 was published for Umbraco.Cms (NuGet) May 21, 2026
kaushikmbabu Credited to kaushikmbabu
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers Moderate
CVE-2026-46616 was published for Umbraco.Cms (NuGet) May 21, 2026
hwpark6804-gif Credited to hwpark6804-gif
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle Moderate
CVE-2026-45785 was published for OpenMcdf (NuGet) May 19, 2026
pawlos Credited to pawlos
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString High
GHSA-24c8-4792-22hx was published for scriban (NuGet) May 19, 2026
fg0x0 Credited to fg0x0
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. Moderate
CVE-2026-46559 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Stack overflow in fx operation Moderate
CVE-2026-46557 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Use-After-Free in MSL decoder. Moderate
CVE-2026-46523 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
meridian0x01 Credited to meridian0x01
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion High
CVE-2026-46522 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
bl4cksku11 Credited to bl4cksku11
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression Moderate
CVE-2026-46521 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sharadboni Credited to sharadboni
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions High
CVE-2026-46520 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
omkhar Credited to omkhar
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. Moderate
CVE-2026-45624 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability High
CVE-2026-35433 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) May 18, 2026
Ky0toFu Credited to Ky0toFu
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-42899 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 18, 2026
hamayanhamayan Credited to hamayanhamayan
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability High
CVE-2026-32175 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) May 18, 2026
ImageMagick: Policy Bypass in PSD decoder Moderate
CVE-2026-45031 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
dayzsec Credited to dayzsec
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database