Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

472 advisories

Loading
ImageMagick has stack buffer overflow in MagnifyImage High
CVE-2026-30929 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ThePwnish3r Credited to ThePwnish3r
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write High
CVE-2026-28693 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
jakelodwick Credited to jakelodwick
ImageMagick has uninitialized pointer dereference in JBIG decoder High
CVE-2026-28691 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
zerojackyi Credited to zerojackyi
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays High
CVE-2026-28494 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write. High
CVE-2026-25968 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
.NET Denial of Service Vulnerability High
CVE-2026-26127 was published for Microsoft.Bcl.Memory (NuGet) Mar 11, 2026
rbhanda Credited to rbhanda
.NET Denial of Service Vulnerability High
CVE-2026-26130 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
.NET Elevation of Privilege Vulnerability High
CVE-2026-26131 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
igorkovalchuk Credited to igorkovalchuk
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks High
CVE-2026-31834 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network High
CVE-2026-26118 was published for @azure/mcp (npm) Mar 10, 2026
alzimmermsft Credited to alzimmermsft and vcolin7 vcolin7 vcolin7
Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability High
GHSA-387c-qmrw-59qv was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-vh8f-65qg-3m8j was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-c8gq-rhqh-wgwm was published for Microsoft.Bcl.Memory (NuGet) Mar 10, 2026 withdrawn
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder High
CVE-2026-25989 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder High
CVE-2026-25985 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field High
CVE-2026-25967 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured policy High
CVE-2026-25965 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Ap4sh Credited to Ap4sh
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions High
CVE-2026-25794 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Infinite loop vulnerability when parsing a PCD file High
CVE-2026-24485 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression High
CVE-2026-24481 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability High
CVE-2026-21218 was published for System.Security.Cryptography.Cose (NuGet) Feb 10, 2026
MattKilgore Credited to MattKilgore, bribrothers, and yusuke-koyoshi bribrothers bribrothers
yusuke-koyoshi yusuke-koyoshi
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal High
CVE-2026-24837 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r Credited to mojav3r and bdukes bdukes bdukes
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes High
CVE-2026-24836 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r Credited to mojav3r and bdukes bdukes bdukes
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only) High
CVE-2025-66628 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 10, 2025
Sumitshah00 Credited to Sumitshah00
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database