Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

374 advisories

Loading
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image Moderate
CVE-2026-53465 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
007bsd Credited to 007bsd
ImageMagick: Memory Leak in wand option parser when providing invalid arguments Moderate
CVE-2026-53464 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
007bsd Credited to 007bsd
Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p) Moderate
GHSA-6q7j-xr26-3h2c was published for Scriban (NuGet) Jun 26, 2026
MindflareX Credited to MindflareX
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx Moderate
GHSA-q6rr-fm2g-g5x8 was published for Scriban (NuGet) Jun 26, 2026
MindflareX Credited to MindflareX
ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments Moderate
CVE-2026-53463 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
007bsd Credited to 007bsd
ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails Moderate
CVE-2026-53462 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
jeremybuis Credited to jeremybuis
ImageMagick: Policy Bypass can read disallowed files via symlink Moderate
CVE-2026-49219 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
GameZoneHacker Credited to GameZoneHacker
ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems Moderate
CVE-2026-48994 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
oduoke567 Credited to oduoke567
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder Moderate
CVE-2026-48734 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
omkhar Credited to omkhar
ImageMagick has an Infinite Loop in subimage-search with crafted image Moderate
CVE-2026-48733 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
omkhar Credited to omkhar
ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method Moderate
CVE-2026-48724 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
omkhar Credited to omkhar
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments Moderate
CVE-2026-48517 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings Moderate
CVE-2026-48516 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions Moderate
CVE-2026-48515 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length Moderate
CVE-2026-48514 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement Moderate
CVE-2026-48513 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement Moderate
CVE-2026-48512 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps Moderate
CVE-2026-48511 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths Moderate
CVE-2026-48510 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies Moderate
CVE-2026-48509 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
CoreWCF: SAML token replay protection is inoperative Moderate
CVE-2026-54779 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution Moderate
CVE-2026-54778 was published for CoreWCF.UnixDomainSocket (NuGet) Jun 19, 2026
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance Moderate
CVE-2026-54777 was published for CoreWCF.NetNamedPipe (NuGet) Jun 19, 2026
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade Moderate
CVE-2026-54776 was published for CoreWCF.UnixDomainSocket (NuGet) Jun 19, 2026
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service. Moderate
CVE-2026-54775 was published for CoreWCF.Kafka (NuGet) Jun 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database