Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

345 advisories

Loading
Nerdbank.MessagePack has Inefficient CPU Computation Moderate
GHSA-92vj-hp7m-gwcj was published for Nerdbank.MessagePack (NuGet) May 29, 2026
AArnott Credited to AArnott
Nerdbank.MessagePack has a memory amplification DoS in collection deserialization Moderate
GHSA-qjvr-435c-5fjh was published for Nerdbank.MessagePack (NuGet) May 29, 2026
svenclaesson Credited to svenclaesson and AArnott AArnott AArnott
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server Moderate
CVE-2026-47166 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
007bsd Credited to 007bsd
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model Moderate
CVE-2026-47165 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
007bsd Credited to 007bsd
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking Moderate
CVE-2026-46693 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
SecurinDisclose Credited to SecurinDisclose
ImageMagick: Heap Buffer Over-Write in distributed pixel cache server Moderate
CVE-2026-46692 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix Moderate
GHSA-jqq5-8px3-9m6m was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog Moderate
CVE-2026-46609 was published for Umbraco.Cms (NuGet) May 21, 2026
kaushikmbabu Credited to kaushikmbabu
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers Moderate
CVE-2026-46616 was published for Umbraco.Cms (NuGet) May 21, 2026
hwpark6804-gif Credited to hwpark6804-gif
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle Moderate
CVE-2026-45785 was published for OpenMcdf (NuGet) May 19, 2026
pawlos Credited to pawlos
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. Moderate
CVE-2026-46559 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Stack overflow in fx operation Moderate
CVE-2026-46557 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Use-After-Free in MSL decoder. Moderate
CVE-2026-46523 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
meridian0x01 Credited to meridian0x01
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression Moderate
CVE-2026-46521 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sharadboni Credited to sharadboni
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. Moderate
CVE-2026-45624 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Policy Bypass in PSD decoder Moderate
CVE-2026-45031 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
dayzsec Credited to dayzsec
ImageMagick: Out-of-Bounds Read of a single byte in meta encoder Moderate
CVE-2026-45358 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define Moderate
CVE-2026-45359 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
Microsoft DirectX12: .spritefont multiply overflow only in 32-bit builds Moderate
GHSA-5r97-79vw-qvm4 was published for directxtk12_desktop_win10 (NuGet) May 18, 2026
Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds Moderate
GHSA-c55g-rp4x-fx84 was published for directxtk_desktop_win10 (NuGet) May 18, 2026
ImageMagick: Heap Buffer Over-Read in IPTC encoder Moderate
CVE-2026-42326 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sukhoon0975 Credited to sukhoon0975
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant) Moderate
CVE-2026-44788 was published for SharpCompress (NuGet) May 8, 2026
svenclaesson Credited to svenclaesson
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured Moderate
CVE-2026-44213 was published for OpenTelemetry.Exporter.Instana (NuGet) May 8, 2026
martincostello Credited to martincostello
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database