Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

963 advisories

Loading
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse Low
GHSA-qv2q-c278-pch5 was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd and LuiginoC LuiginoC LuiginoC
ImageMagick: Division by Zero in binomial kernel Low
GHSA-vf33-6r7x-66xx was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix Moderate
GHSA-jqq5-8px3-9m6m was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog Moderate
CVE-2026-46609 was published for Umbraco.Cms (NuGet) May 21, 2026
kaushikmbabu Credited to kaushikmbabu
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers Moderate
CVE-2026-46616 was published for Umbraco.Cms (NuGet) May 21, 2026
hwpark6804-gif Credited to hwpark6804-gif
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle Moderate
CVE-2026-45785 was published for OpenMcdf (NuGet) May 19, 2026
pawlos Credited to pawlos
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString High
GHSA-24c8-4792-22hx was published for scriban (NuGet) May 19, 2026
fg0x0 Credited to fg0x0
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. Moderate
CVE-2026-46559 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Stack overflow in fx operation Moderate
CVE-2026-46557 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Use-After-Free in MSL decoder. Moderate
CVE-2026-46523 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
meridian0x01 Credited to meridian0x01
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion High
CVE-2026-46522 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
bl4cksku11 Credited to bl4cksku11
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression Moderate
CVE-2026-46521 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sharadboni Credited to sharadboni
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions High
CVE-2026-46520 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
omkhar Credited to omkhar
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. Moderate
CVE-2026-45624 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability High
CVE-2026-35433 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) May 18, 2026
Ky0toFu Credited to Ky0toFu
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-42899 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 18, 2026
hamayanhamayan Credited to hamayanhamayan
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability High
CVE-2026-32175 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) May 18, 2026
ImageMagick: Policy Bypass in PSD decoder Moderate
CVE-2026-45031 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
dayzsec Credited to dayzsec
ImageMagick: Out-of-Bounds Read of a single byte in meta encoder Moderate
CVE-2026-45358 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define Moderate
CVE-2026-45359 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
Microsoft DirectX12: .spritefont multiply overflow only in 32-bit builds Moderate
GHSA-5r97-79vw-qvm4 was published for directxtk12_desktop_win10 (NuGet) May 18, 2026
Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds Moderate
GHSA-c55g-rp4x-fx84 was published for directxtk_desktop_win10 (NuGet) May 18, 2026
ImageMagick: Heap Buffer Over-Read in IPTC encoder Moderate
CVE-2026-42326 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sukhoon0975 Credited to sukhoon0975
Marten has an injection vulnerability in its full-text search regConfig parameter Critical
CVE-2026-45288 was published for Marten (NuGet) May 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database