GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder
Moderate
CVE-2024-41132
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 22, 2024
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-45526
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Moderate
CVE-2024-32035
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
OpenTelemetry .NET has Denial of Service (DoS) Vulnerability in API Package
Moderate
CVE-2025-27513
was published
for
OpenTelemetry.Api
(NuGet)
Mar 5, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks
Moderate
CVE-2025-54575
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 30, 2025
Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service)
Moderate
GHSA-5rpf-x9jg-8j5p
was published
for
scriban
(NuGet)
Mar 19, 2026
Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString
Moderate
GHSA-m2p3-hwv5-xpqw
was published
for
Scriban
(NuGet)
Mar 24, 2026
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads
Moderate
CVE-2026-41173
was published
for
OpenTelemetry.Resources.AWS
(NuGet)
Apr 23, 2026
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
Moderate
CVE-2026-41078
was published
for
OpenTelemetry.Exporter.Jaeger
(NuGet)
Apr 18, 2026
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Moderate
CVE-2026-41310
was published
for
OpenTelemetry.Exporter.Zipkin
(NuGet)
Apr 28, 2026
OpenTelemetry.Resources.Azure has an unbounded HTTP response body read
Moderate
CVE-2026-41483
was published
for
OpenTelemetry.Resources.Azure
(NuGet)
Apr 29, 2026
OneCollector exporter reads unbounded HTTP response bodies
Moderate
CVE-2026-41484
was published
for
OpenTelemetry.Exporter.OneCollector
(NuGet)
Apr 29, 2026
ImageMagick: Policy Bypass in PSD decoder
Moderate
CVE-2026-45031
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
NCalc: Denial of Service via Unbounded and Non-Terminating Factorial Evaluation
Moderate
CVE-2026-55254
was published
for
NCalc.Core
(NuGet)
Jun 18, 2026
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
Moderate
CVE-2026-48510
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
Moderate
CVE-2026-48514
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
Moderate
CVE-2026-48515
was published
for
MessagePack
(NuGet)
Jun 25, 2026
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx
Moderate
GHSA-q6rr-fm2g-g5x8
was published
for
Scriban
(NuGet)
Jun 26, 2026
ProTip!
Advisories are also available from the
GraphQL API