Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

881 advisories

Loading
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction High
GHSA-mvm6-f9r3-fgfx was published for AWSSDK.CloudFront (NuGet) Mar 27, 2026
ImageMagick: META reader memory leak in the APP1JPEG input path Low
GHSA-9r56-3gjq-hqf7 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 26, 2026
unbengable12 Credited to unbengable12
ImageMagick has possible memory leak in ASHLAR coder when action fails Low
GHSA-6p22-q7w5-33pg was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 26, 2026
unbengable12 Credited to unbengable12
ImageMagick has an Out-of-bounds Write via InterpretImageFilename Moderate
CVE-2026-33536 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 26, 2026
fumfel Credited to fumfel
ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction Moderate
CVE-2026-33535 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 26, 2026
unbengable12 Credited to unbengable12
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion High
CVE-2026-32933 was published for AutoMapper (NuGet) Mar 13, 2026
skdishansachin Credited to skdishansachin, jbogard, and nicky-dilemmagroep jbogard jbogard
nicky-dilemmagroep nicky-dilemmagroep
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation Moderate
GHSA-xw6w-9jjh-p9cr was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString Moderate
GHSA-m2p3-hwv5-xpqw was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException High
GHSA-xcx6-vp38-8hr5 was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service High
GHSA-v66j-x4hw-fv9g was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service High
GHSA-c875-h985-hvrc was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse Critical
GHSA-5wr9-m6jw-xx44 was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset() High
GHSA-x6m9-38vm-2xhf was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix High
GHSA-p6q4-fgr8-vx4p was published for Scriban (NuGet) Mar 24, 2026
pawlos Credited to pawlos
Duplicate Advisory: OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access Low
GHSA-vmvw-pwwf-cc2w was published for openclaw (NuGet) Mar 21, 2026 withdrawn
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service) Moderate
GHSA-5rpf-x9jg-8j5p was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service) High
GHSA-grr9-747v-xvcp was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service) High
GHSA-wgh7-7m3c-fx25 was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder Moderate
CVE-2026-31853 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 10, 2026
Mcsky23 Credited to Mcsky23
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Amalie-Wowern Credited to Amalie-Wowern
ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash Moderate
CVE-2026-32636 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 17, 2026
fumfel Credited to fumfel
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability High
GHSA-8fh9-c4jq-94h4 was published for idunno.AtProto (NuGet) Mar 13, 2026
.NET Denial of Service Vulnerability High
CVE-2026-26127 was published for Microsoft.Bcl.Memory (NuGet) Mar 11, 2026
rbhanda Credited to rbhanda
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
CVE-2023-1289 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Im10n Credited to Im10n
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database