Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,098
Maven
5,000+
npm
4,984
NuGet
826
pip
4,425
Pub
12
RubyGems
988
Rust
1,170
Swift
50
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery Moderate
CVE-2026-30227 was published for MimeKit (NuGet) Mar 5, 2026
KC1zs4 Credited to KC1zs4
ImageMagick has a heap Buffer Over-read in its DJVU image format handler Moderate
CVE-2026-27799 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images Moderate
CVE-2026-27798 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
ImageMagick: Invalid MSL <map> can result in a use after free Moderate
CVE-2026-26983 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent` Moderate
CVE-2026-26283 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images Moderate
CVE-2026-25988 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has a heap buffer over-read in its MAP image decoder Moderate
CVE-2026-25987 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has Use After Free in MSLStartElement in "coders/msl.c" Moderate
CVE-2026-25983 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Image Magick has a Memory Leak in coders/ashlar.c Moderate
CVE-2026-25969 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12 Credited to unbengable12
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access Moderate
CVE-2026-25966 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer Moderate
CVE-2026-25898 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write Moderate
CVE-2026-25897 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash Moderate
CVE-2026-25799 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image Moderate
CVE-2026-25798 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Code Injection via PostScript header in ps coders Moderate
CVE-2026-25797 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths Moderate
CVE-2026-25796 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) Moderate
CVE-2026-25795 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has memory leak in msl encoder Moderate
CVE-2026-25638 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12 Credited to unbengable12
ImageMagick: Possible memory leak in ASHLAR encoder Moderate
CVE-2026-25637 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Out of bounds read in multiple coders read raw pixel data Moderate
CVE-2026-25576 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS Moderate
CVE-2026-24484 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
HtmlSanitizer has a bypass via template tag Moderate
CVE-2026-25543 was published for HtmlSanitizer (NuGet) Feb 3, 2026
nsysean Credited to nsysean
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac Moderate
CVE-2026-24687 was published for Umbraco.Forms (NuGet) Jan 30, 2026
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer Moderate
CVE-2026-24784 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes Credited to bdukes
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database