Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

339 advisories

Loading
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix Moderate
GHSA-jqq5-8px3-9m6m was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog Moderate
CVE-2026-46609 was published for Umbraco.Cms (NuGet) May 21, 2026
kaushikmbabu Credited to kaushikmbabu
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers Moderate
CVE-2026-46616 was published for Umbraco.Cms (NuGet) May 21, 2026
hwpark6804-gif Credited to hwpark6804-gif
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle Moderate
CVE-2026-45785 was published for OpenMcdf (NuGet) May 19, 2026
pawlos Credited to pawlos
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. Moderate
CVE-2026-46559 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Stack overflow in fx operation Moderate
CVE-2026-46557 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Use-After-Free in MSL decoder. Moderate
CVE-2026-46523 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
meridian0x01 Credited to meridian0x01
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression Moderate
CVE-2026-46521 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sharadboni Credited to sharadboni
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. Moderate
CVE-2026-45624 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Policy Bypass in PSD decoder Moderate
CVE-2026-45031 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
dayzsec Credited to dayzsec
ImageMagick: Out-of-Bounds Read of a single byte in meta encoder Moderate
CVE-2026-45358 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define Moderate
CVE-2026-45359 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
Microsoft DirectX12: .spritefont multiply overflow only in 32-bit builds Moderate
GHSA-5r97-79vw-qvm4 was published for directxtk12_desktop_win10 (NuGet) May 18, 2026
Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds Moderate
GHSA-c55g-rp4x-fx84 was published for directxtk_desktop_win10 (NuGet) May 18, 2026
ImageMagick: Heap Buffer Over-Read in IPTC encoder Moderate
CVE-2026-42326 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sukhoon0975 Credited to sukhoon0975
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant) Moderate
CVE-2026-44788 was published for SharpCompress (NuGet) May 8, 2026
svenclaesson Credited to svenclaesson
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured Moderate
CVE-2026-44213 was published for OpenTelemetry.Exporter.Instana (NuGet) May 8, 2026
martincostello Credited to martincostello
OpAMP client reads unbounded HTTP response bodies Moderate
CVE-2026-42348 was published for OpenTelemetry.OpAmp.Client (NuGet) May 5, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter Moderate
CVE-2026-42191 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 30, 2026
Kielek Credited to Kielek, martincostello, rajkumar-rangaraj, and arminru martincostello martincostello
rajkumar-rangaraj rajkumar-rangaraj arminru arminru
OneCollector exporter reads unbounded HTTP response bodies Moderate
CVE-2026-41484 was published for OpenTelemetry.Exporter.OneCollector (NuGet) Apr 29, 2026
martincostello Credited to martincostello and rajkumar-rangaraj rajkumar-rangaraj rajkumar-rangaraj
OpenTelemetry.Resources.Azure has an unbounded HTTP response body read Moderate
CVE-2026-41483 was published for OpenTelemetry.Resources.Azure (NuGet) Apr 29, 2026
martincostello Credited to martincostello and Kielek Kielek Kielek
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure Moderate
CVE-2026-41310 was published for OpenTelemetry.Exporter.Zipkin (NuGet) Apr 28, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width Moderate
CVE-2026-42241 was published for ParquetSharp (NuGet) Apr 24, 2026
adamreeve Credited to adamreeve, CurtHagenlocher, and marcin-krystianc CurtHagenlocher CurtHagenlocher
marcin-krystianc marcin-krystianc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database