Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

788 advisories

Loading
ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails Moderate
CVE-2026-22770 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 20, 2026
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript Moderate
CVE-2026-23874 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML Moderate
GHSA-qp59-x883-77qv was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
Keryer
Credited to Keryer
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load Moderate
CVE-2026-23952 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp Low
GHSA-7jxj-rpx7-ph2c was published for Umbraco.Forms (NuGet) Jan 22, 2026
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer Moderate
CVE-2026-24784 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes High
CVE-2026-24836 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r bdukes
Credited to mojav3r and bdukes
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal High
CVE-2026-24837 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r bdukes
Credited to mojav3r and bdukes
DotNetNuke.Core Vulnerable to Stored XSS via Module Title Critical
CVE-2026-24838 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac Moderate
CVE-2026-24687 was published for Umbraco.Forms (NuGet) Jan 30, 2026
HtmlSanitizer has a bypass via template tag Moderate
CVE-2026-25543 was published for HtmlSanitizer (NuGet) Feb 3, 2026
nsysean
Credited to nsysean
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK Critical
CVE-2026-25592 was published for Microsoft.SemanticKernel.Core (NuGet) Feb 6, 2026
doredry amiteliahu
urioren
Credited to doredry, amiteliahu, and urioren
Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability High
CVE-2026-21218 was published for System.Security.Cryptography.Cose (NuGet) Feb 10, 2026
MattKilgore bribrothers
yusuke-koyoshi
Credited to MattKilgore, bribrothers, and yusuke-koyoshi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database