Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,138
Maven
5,000+
npm
5,000+
NuGet
831
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

831 advisories

Loading
Umbraco Backoffice API Allows Unauthorized Modification of Domain Data Moderate
CVE-2026-31832 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder Moderate
CVE-2026-31853 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 10, 2026
Mcsky23 Credited to Mcsky23
ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder Moderate
CVE-2026-30883 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 10, 2026
Mcsky23 Credited to Mcsky23
ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder Moderate
CVE-2026-28692 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 10, 2026
ylwango613 Credited to ylwango613
ImageMagick has a Path Policy TOCTOU symlink race bypass Moderate
CVE-2026-28689 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 10, 2026
andsopwn Credited to andsopwn
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery Moderate
CVE-2026-30227 was published for MimeKit (NuGet) Mar 5, 2026
KC1zs4 Credited to KC1zs4
ImageMagick has a heap Buffer Over-read in its DJVU image format handler Moderate
CVE-2026-27799 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images Moderate
CVE-2026-27798 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
HtmlSanitizer has a bypass via template tag Moderate
CVE-2026-25543 was published for HtmlSanitizer (NuGet) Feb 3, 2026
nsysean Credited to nsysean
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
ImageMagick: Heap-based Buffer Overflow in GetPixelIndex due to metadata-cache desynchronization Low
GHSA-gq5v-qf8q-fp77 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
ImageMagick: Memory Leak in multiple coders that write raw pixel data Low
GHSA-wfx3-6g53-9fgc was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
ImageMagick: Memory leak in coders/txt.c without freetype Low
GHSA-3q5f-gmjc-38r8 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
unbengable12 Credited to unbengable12
ImageMagick: SVG-to-MVG Command Injection via coders/svg.c Low
GHSA-xpg8-7m6m-jf56 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
phenggeler Credited to phenggeler
ImageMagick: Malicious PCD files trigger 1‑byte heap Out-of-bounds Read and DoS Low
GHSA-wgxp-q8xq-wpp9 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
mageMagick has a possible use-after-free write in its PDB decoder Low
GHSA-3j4x-rwrx-xxj9 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
zerojackyi Credited to zerojackyi
ImageMagick has a possible heap Use After Free vulnerability in its meta coder Low
GHSA-2gq3-ww97-wfjm was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds Low
CVE-2026-25984 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
andsopwn Credited to andsopwn
ImageMagick: Invalid MSL <map> can result in a use after free Moderate
CVE-2026-26983 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent` Moderate
CVE-2026-26283 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder High
CVE-2026-25989 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images Moderate
CVE-2026-25988 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has a heap buffer over-read in its MAP image decoder Moderate
CVE-2026-25987 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder High
CVE-2026-25985 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database