Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,143
Maven
5,000+
npm
5,000+
NuGet
840
pip
4,439
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
.NET Denial of Service Vulnerability High
CVE-2026-26127 was published for Microsoft.Bcl.Memory (NuGet) Mar 11, 2026
.NET Denial of Service Vulnerability High
CVE-2026-26130 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
.NET Elevation of Privilege Vulnerability High
CVE-2026-26131 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
igorkovalchuk Credited to igorkovalchuk
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks High
CVE-2026-31834 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network High
CVE-2026-26118 was published for Azure.Mcp (NuGet) Mar 10, 2026
alzimmermsft Credited to alzimmermsft
Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability High
GHSA-387c-qmrw-59qv was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-vh8f-65qg-3m8j was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-c8gq-rhqh-wgwm was published for Microsoft.Bcl.Memory (NuGet) Mar 10, 2026 withdrawn
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder High
CVE-2026-25989 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder High
CVE-2026-25985 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field High
CVE-2026-25967 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured policy High
CVE-2026-25965 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Ap4sh Credited to Ap4sh
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions High
CVE-2026-25794 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Infinite loop vulnerability when parsing a PCD file High
CVE-2026-24485 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression High
CVE-2026-24481 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability High
CVE-2026-21218 was published for System.Security.Cryptography.Cose (NuGet) Feb 10, 2026
MattKilgore Credited to MattKilgore, bribrothers, and yusuke-koyoshi bribrothers bribrothers
yusuke-koyoshi yusuke-koyoshi
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal High
CVE-2026-24837 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r Credited to mojav3r and bdukes bdukes bdukes
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes High
CVE-2026-24836 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r Credited to mojav3r and bdukes bdukes bdukes
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only) High
CVE-2025-66628 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 10, 2025
Sumitshah00 Credited to Sumitshah00
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer) High
CVE-2025-66631 was published for Csla (NuGet) Dec 8, 2025
rockfordlhotka Credited to rockfordlhotka and Outurnate Outurnate Outurnate
Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability High
CVE-2025-55247 was published for Microsoft.Build (NuGet) Oct 15, 2025
rbhanda Credited to rbhanda
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability High
GHSA-q8g5-rw97-f55h was published for Microsoft.Build.Tasks.Core (NuGet) Oct 14, 2025 withdrawn
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow High
CVE-2025-57803 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
mescuwa Credited to mescuwa
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database