Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

482 advisories

Loading
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction High
GHSA-mvm6-f9r3-fgfx was published for AWSSDK.CloudFront (NuGet) Mar 27, 2026
Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException High
GHSA-xcx6-vp38-8hr5 was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service High
GHSA-v66j-x4hw-fv9g was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service High
GHSA-c875-h985-hvrc was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset() High
GHSA-x6m9-38vm-2xhf was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix High
GHSA-p6q4-fgr8-vx4p was published for Scriban (NuGet) Mar 24, 2026
pawlos Credited to pawlos
Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service) High
GHSA-grr9-747v-xvcp was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service) High
GHSA-wgh7-7m3c-fx25 was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion High
CVE-2026-32933 was published for AutoMapper (NuGet) Mar 13, 2026
skdishansachin Credited to skdishansachin, jbogard, and nicky-dilemmagroep jbogard jbogard
nicky-dilemmagroep nicky-dilemmagroep
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability High
GHSA-8fh9-c4jq-94h4 was published for idunno.AtProto (NuGet) Mar 13, 2026
ImageMagick has stack buffer overflow in MagnifyImage High
CVE-2026-30929 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ThePwnish3r Credited to ThePwnish3r
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write High
CVE-2026-28693 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
jakelodwick Credited to jakelodwick
ImageMagick has uninitialized pointer dereference in JBIG decoder High
CVE-2026-28691 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
zerojackyi Credited to zerojackyi
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays High
CVE-2026-28494 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write. High
CVE-2026-25968 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
.NET Denial of Service Vulnerability High
CVE-2026-26127 was published for Microsoft.Bcl.Memory (NuGet) Mar 11, 2026
rbhanda Credited to rbhanda
.NET Denial of Service Vulnerability High
CVE-2026-26130 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
.NET Elevation of Privilege Vulnerability High
CVE-2026-26131 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
igorkovalchuk Credited to igorkovalchuk
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks High
CVE-2026-31834 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network High
CVE-2026-26118 was published for @azure/mcp (npm) Mar 10, 2026
alzimmermsft Credited to alzimmermsft and vcolin7 vcolin7 vcolin7
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-c8gq-rhqh-wgwm was published for Microsoft.Bcl.Memory (NuGet) Mar 10, 2026 withdrawn
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-vh8f-65qg-3m8j was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability High
GHSA-387c-qmrw-59qv was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Amalie-Wowern Credited to Amalie-Wowern
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder High
CVE-2026-25989 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database