GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
861 advisories
Umbraco Backoffice API Allows Unauthorized Modification of Domain Data
Moderate
CVE-2026-31832
was published
for
Umbraco.Cms
(NuGet)
Mar 11, 2026
ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder
Moderate
CVE-2026-31853
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 10, 2026
ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder
Moderate
CVE-2026-30883
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 10, 2026
ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder
Moderate
CVE-2026-28692
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 10, 2026
ImageMagick has a Path Policy TOCTOU symlink race bypass
Moderate
CVE-2026-28689
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 10, 2026
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network
High
CVE-2026-26118
was published
for
@azure/mcp
(npm)
Mar 10, 2026
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery
Moderate
CVE-2026-30227
was published
for
MimeKit
(NuGet)
Mar 5, 2026
ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images
Moderate
CVE-2026-27798
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick: Heap-based Buffer Overflow in GetPixelIndex due to metadata-cache desynchronization
Low
GHSA-gq5v-qf8q-fp77
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick: Memory Leak in multiple coders that write raw pixel data
Low
GHSA-wfx3-6g53-9fgc
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick: Memory leak in coders/txt.c without freetype
Low
GHSA-3q5f-gmjc-38r8
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick: SVG-to-MVG Command Injection via coders/svg.c
Low
GHSA-xpg8-7m6m-jf56
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick: Malicious PCD files trigger 1‑byte heap Out-of-bounds Read and DoS
Low
GHSA-wgxp-q8xq-wpp9
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
mageMagick has a possible use-after-free write in its PDB decoder
Low
GHSA-3j4x-rwrx-xxj9
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick has a possible heap Use After Free vulnerability in its meta coder
Low
GHSA-2gq3-ww97-wfjm
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds
Low
CVE-2026-25984
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 25, 2026
ImageMagick: Invalid MSL <map> can result in a use after free
Moderate
CVE-2026-26983
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 24, 2026
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent`
Moderate
CVE-2026-26283
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 24, 2026
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile
Moderate
CVE-2026-26066
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 24, 2026
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
High
CVE-2026-25989
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 24, 2026
ProTip!
Advisories are also available from the
GraphQL API