Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

861 advisories

Loading
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images Moderate
CVE-2026-25988 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has a heap buffer over-read in its MAP image decoder Moderate
CVE-2026-25987 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder High
CVE-2026-25985 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ImageMagick has Use After Free in MSLStartElement in "coders/msl.c" Moderate
CVE-2026-25983 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Image Magick has a Memory Leak in coders/ashlar.c Moderate
CVE-2026-25969 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12 Credited to unbengable12
ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field High
CVE-2026-25967 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access Moderate
CVE-2026-25966 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured policy High
CVE-2026-25965 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Ap4sh Credited to Ap4sh
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer Moderate
CVE-2026-25898 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write Moderate
CVE-2026-25897 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash Moderate
CVE-2026-25799 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image Moderate
CVE-2026-25798 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Code Injection via PostScript header in ps coders Moderate
CVE-2026-25797 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths Moderate
CVE-2026-25796 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) Moderate
CVE-2026-25795 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions High
CVE-2026-25794 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has memory leak in msl encoder Moderate
CVE-2026-25638 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12 Credited to unbengable12
ImageMagick: Possible memory leak in ASHLAR encoder Moderate
CVE-2026-25637 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Out of bounds read in multiple coders read raw pixel data Moderate
CVE-2026-25576 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick: Infinite loop vulnerability when parsing a PCD file High
CVE-2026-24485 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS Moderate
CVE-2026-24484 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression High
CVE-2026-24481 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability High
CVE-2026-21218 was published for System.Security.Cryptography.Cose (NuGet) Feb 10, 2026
MattKilgore Credited to MattKilgore, bribrothers, and yusuke-koyoshi bribrothers bribrothers
yusuke-koyoshi yusuke-koyoshi
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK Critical
CVE-2026-25592 was published for Microsoft.SemanticKernel.Core (NuGet) Feb 6, 2026
doredry Credited to doredry, amiteliahu, and urioren amiteliahu amiteliahu
urioren urioren
HtmlSanitizer has a bypass via template tag Moderate
CVE-2026-25543 was published for HtmlSanitizer (NuGet) Feb 3, 2026
nsysean Credited to nsysean
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database