Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

262 advisories

Loading
ImageMagick: Invalid MSL <map> can result in a use after free Moderate
CVE-2026-26983 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent` Moderate
CVE-2026-26283 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images Moderate
CVE-2026-25988 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick has a heap buffer over-read in its MAP image decoder Moderate
CVE-2026-25987 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick has Use After Free in MSLStartElement in "coders/msl.c" Moderate
CVE-2026-25983 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Image Magick has a Memory Leak in coders/ashlar.c Moderate
CVE-2026-25969 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12
Credited to unbengable12
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access Moderate
CVE-2026-25966 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer Moderate
CVE-2026-25898 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write Moderate
CVE-2026-25897 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash Moderate
CVE-2026-25799 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image Moderate
CVE-2026-25798 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick: Code Injection via PostScript header in ps coders Moderate
CVE-2026-25797 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths Moderate
CVE-2026-25796 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) Moderate
CVE-2026-25795 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick has memory leak in msl encoder Moderate
CVE-2026-25638 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12
Credited to unbengable12
ImageMagick: Possible memory leak in ASHLAR encoder Moderate
CVE-2026-25637 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
ImageMagick: Out of bounds read in multiple coders read raw pixel data Moderate
CVE-2026-25576 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS Moderate
CVE-2026-24484 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613
Credited to ylwango613
HtmlSanitizer has a bypass via template tag Moderate
CVE-2026-25543 was published for HtmlSanitizer (NuGet) Feb 3, 2026
nsysean
Credited to nsysean
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac Moderate
CVE-2026-24687 was published for Umbraco.Forms (NuGet) Jan 30, 2026
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer Moderate
CVE-2026-24784 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load Moderate
CVE-2026-23952 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML Moderate
GHSA-qp59-x883-77qv was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
Keryer
Credited to Keryer
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript Moderate
CVE-2026-23874 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database