GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
526 advisories
Filter by severity
Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)
High
GHSA-7jvp-hj45-2f2m
was published
for
Scriban
(NuGet)
Jul 6, 2026
Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords
High
CVE-2026-50200
was published
for
Steeltoe.Management.Endpoint
(NuGet)
Jul 2, 2026
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
High
CVE-2026-50196
was published
for
Steeltoe.Discovery.Eureka
(NuGet)
Jul 2, 2026
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
High
CVE-2026-50194
was published
for
Steeltoe.Management.Endpoint
(NuGet)
Jul 2, 2026
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
High
CVE-2026-49451
was published
for
Microsoft.OpenAPI
(NuGet)
Jun 30, 2026
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop
High
CVE-2026-53461
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition
High
CVE-2026-53460
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions
High
CVE-2026-49218
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
High
CVE-2026-48506
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
High
CVE-2026-48502
was published
for
MessagePack
(NuGet)
Jun 25, 2026
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
High
CVE-2026-54784
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
High
CVE-2026-54783
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
High
CVE-2026-54781
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
High
CVE-2026-54774
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
High
CVE-2026-54772
was published
for
CoreWCF.NetFramingBase
(NuGet)
Jun 19, 2026
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
High
CVE-2026-45591
was published
for
Microsoft.AspNetCore.App.Runtime.linux-x64
(NuGet)
Jun 15, 2026
MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input
High
CVE-2026-48109
was published
for
MessagePack
(NuGet)
Jun 11, 2026
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
High
CVE-2026-47761
was published
for
TinyMCE
(Composer)
Jun 5, 2026
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments
High
CVE-2026-47762
was published
for
TinyMCE
(Composer)
Jun 5, 2026
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
High
CVE-2026-47759
was published
for
TinyMCE
(Composer)
Jun 5, 2026
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs
High
CVE-2026-47760
was published
for
TinyMCE
(Composer)
Jun 5, 2026
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString
High
GHSA-24c8-4792-22hx
was published
for
Scriban.Signed
(NuGet)
May 19, 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
High
CVE-2026-46522
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
High
CVE-2026-46520
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
ProTip!
Advisories are also available from the
GraphQL API