Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

521 advisories

Loading
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop High
CVE-2026-53461 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
vibhum-dubey Credited to vibhum-dubey
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition High
CVE-2026-53460 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
OwenSanzas Credited to OwenSanzas
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions High
CVE-2026-49218 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
OwenSanzas Credited to OwenSanzas
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth High
CVE-2026-48506 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows High
CVE-2026-48502 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality High
CVE-2026-54784 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages High
CVE-2026-54783 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced High
CVE-2026-54781 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate High
CVE-2026-54774 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake High
CVE-2026-54772 was published for CoreWCF.NetFramingBase (NuGet) Jun 19, 2026
ReDoS in DotVVM routing High
GHSA-c2g3-c4gc-w5wg was published for DotVVM (NuGet) Jun 19, 2026
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-45591 was published for Microsoft.AspNetCore.App.Runtime.linux-x64 (NuGet) Jun 15, 2026
MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input High
CVE-2026-48109 was published for MessagePack (NuGet) Jun 11, 2026
AArnott Credited to AArnott
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection High
CVE-2026-47761 was published for TinyMCE (Composer) Jun 5, 2026
UncleJ4ck Credited to UncleJ4ck and ange-primiterra ange-primiterra ange-primiterra
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments High
CVE-2026-47762 was published for TinyMCE (Composer) Jun 5, 2026
he1d3n Credited to he1d3n
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes High
CVE-2026-47759 was published for TinyMCE (Composer) Jun 5, 2026
mtrill47 Credited to mtrill47 and he1d3n he1d3n he1d3n
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs High
CVE-2026-47760 was published for TinyMCE (Composer) Jun 5, 2026
maple3142 Credited to maple3142
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString High
GHSA-24c8-4792-22hx was published for Scriban.Signed (NuGet) May 19, 2026
fg0x0 Credited to fg0x0 and adamus2 adamus2 adamus2
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion High
CVE-2026-46522 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
bl4cksku11 Credited to bl4cksku11
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions High
CVE-2026-46520 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
omkhar Credited to omkhar
Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability High
CVE-2026-35433 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) May 18, 2026
Ky0toFu Credited to Ky0toFu
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-42899 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 18, 2026
hamayanhamayan Credited to hamayanhamayan
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability High
CVE-2026-32175 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) May 18, 2026
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect High
CVE-2026-44503 was published for Microsoft.Kiota.Abstractions (Go) May 7, 2026
MIchaelMainer Credited to MIchaelMainer
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException High
CVE-2026-44375 was published for Nerdbank.MessagePack (NuGet) May 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database