GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
379 advisories
Filter by severity
Umbraco.AI discloses sensitive application configuration values
Moderate
GHSA-q3v2-xj35-9grx
was published
for
Umbraco.AI
(NuGet)
Jul 14, 2026
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
athlon1600/youtube-downloader
(RubyGems)
Apr 29, 2020
Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)
Moderate
GHSA-6q7j-xr26-3h2c
was published
for
Scriban
(NuGet)
Jun 26, 2026
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Moderate
GHSA-xw6w-9jjh-p9cr
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString
Moderate
GHSA-m2p3-hwv5-xpqw
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service)
Moderate
GHSA-5rpf-x9jg-8j5p
was published
for
Scriban.Signed
(NuGet)
Mar 19, 2026
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx
Moderate
GHSA-q6rr-fm2g-g5x8
was published
for
Scriban
(NuGet)
Jun 26, 2026
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted
Moderate
CVE-2026-50267
was published
for
Steeltoe.Configuration.Abstractions
(NuGet)
Jul 2, 2026
Steeltoe's static JWKS cache shared across schemes and never invalidated
Moderate
CVE-2026-50202
was published
for
Steeltoe.Security.Authentication.CloudFoundryBase
(NuGet)
Jul 2, 2026
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission
Moderate
CVE-2026-50201
was published
for
Steeltoe.Management.Endpoint
(NuGet)
Jul 2, 2026
CefSharp.Common: `FolderSchemeHandlerFactory` path boundary check can expose files outside the configured root folder
Moderate
CVE-2026-48796
was published
for
CefSharp.Common
(NuGet)
Jun 30, 2026
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
Moderate
CVE-2026-53465
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 26, 2026
ImageMagick: Memory Leak in wand option parser when providing invalid arguments
Moderate
CVE-2026-53464
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 26, 2026
ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments
Moderate
CVE-2026-53463
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 26, 2026
ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails
Moderate
CVE-2026-53462
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 26, 2026
ImageMagick: Policy Bypass can read disallowed files via symlink
Moderate
CVE-2026-49219
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems
Moderate
CVE-2026-48994
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder
Moderate
CVE-2026-48734
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
ImageMagick has an Infinite Loop in subimage-search with crafted image
Moderate
CVE-2026-48733
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method
Moderate
CVE-2026-48724
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
Moderate
CVE-2026-48517
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings
Moderate
CVE-2026-48516
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
Moderate
CVE-2026-48515
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
Moderate
CVE-2026-48514
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement
Moderate
CVE-2026-48513
was published
for
MessagePack
(NuGet)
Jun 25, 2026
ProTip!
Advisories are also available from the
GraphQL API