Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

526 advisories

Loading
Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords High
CVE-2026-50200 was published for Steeltoe.Management.Endpoint (NuGet) Jul 2, 2026
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch High
CVE-2026-50196 was published for Steeltoe.Discovery.Eureka (NuGet) Jul 2, 2026
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header High
CVE-2026-50194 was published for Steeltoe.Management.Endpoint (NuGet) Jul 2, 2026
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing High
CVE-2026-49451 was published for Microsoft.OpenAPI (NuGet) Jun 30, 2026
baywet Credited to baywet, cookesan, Falco20019, and mahsa-lamiyan cookesan cookesan
Falco20019 Falco20019 mahsa-lamiyan mahsa-lamiyan
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop High
CVE-2026-53461 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
vibhum-dubey Credited to vibhum-dubey
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition High
CVE-2026-53460 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
OwenSanzas Credited to OwenSanzas
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions High
CVE-2026-49218 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
OwenSanzas Credited to OwenSanzas
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth High
CVE-2026-48506 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
AArnott Credited to AArnott
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality High
CVE-2026-54784 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced High
CVE-2026-54781 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate High
CVE-2026-54774 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake High
CVE-2026-54772 was published for CoreWCF.NetFramingBase (NuGet) Jun 19, 2026
ReDoS in DotVVM routing High
GHSA-c2g3-c4gc-w5wg was published for DotVVM (NuGet) Jun 19, 2026
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-45591 was published for Microsoft.AspNetCore.App.Runtime.linux-x64 (NuGet) Jun 15, 2026
AArnott Credited to AArnott
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection High
CVE-2026-47761 was published for TinyMCE (Composer) Jun 5, 2026
UncleJ4ck Credited to UncleJ4ck, ange-primiterra, bluvulture, and sbrinkhorst ange-primiterra ange-primiterra
bluvulture bluvulture sbrinkhorst sbrinkhorst
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments High
CVE-2026-47762 was published for TinyMCE (Composer) Jun 5, 2026
he1d3n Credited to he1d3n
mtrill47 Credited to mtrill47 and he1d3n he1d3n he1d3n
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs High
CVE-2026-47760 was published for TinyMCE (Composer) Jun 5, 2026
maple3142 Credited to maple3142
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString High
GHSA-24c8-4792-22hx was published for Scriban.Signed (NuGet) May 19, 2026
fg0x0 Credited to fg0x0 and adamus2 adamus2 adamus2
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion High
CVE-2026-46522 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
bl4cksku11 Credited to bl4cksku11
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions High
CVE-2026-46520 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
omkhar Credited to omkhar
ProTip! Advisories are also available from the GraphQL API