Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

924 advisories

Loading
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade Moderate
CVE-2026-41319 was published for MailKit (NuGet) Apr 18, 2026
ROCmertakdag Credited to ROCmertakdag
ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents Critical
CVE-2026-40324 was published for HotChocolate.Language (NuGet) Apr 16, 2026
BZHunt Credited to BZHunt
DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload High
CVE-2026-40321 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
bdukes Credited to bdukes, valadas, and mbadanoiu valadas valadas
mbadanoiu mbadanoiu
DNN: Same HostGUID for all new installs Moderate
CVE-2026-40306 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
meetmandeep Credited to meetmandeep, donker, and valadas donker donker
valadas valadas
DNN: Force Friend Request Acceptance Moderate
CVE-2026-40305 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
JesseClarkTT Credited to JesseClarkTT, bdukes, and valadas bdukes bdukes
valadas valadas
ImageMagick has an integer overflow in despeckle operation causing a heap buffer overflow on 32-bit builds Moderate
CVE-2026-34238 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 13, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has a heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds Moderate
CVE-2026-33900 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 13, 2026
shitianyu-2004 Credited to shitianyu-2004
Kiota: Code Generation Literal Injection High
CVE-2026-41134 was published for kiota (NuGet) Apr 14, 2026
baywet Credited to baywet and gavinbarron gavinbarron gavinbarron
Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege Critical
CVE-2026-40372 was published for Microsoft.AspNetCore.DataProtection (NuGet) Apr 23, 2026
rbhanda Credited to rbhanda
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width Moderate
GHSA-rrjr-v56m-ww88 was published for ParquetSharp (NuGet) Apr 24, 2026
adamreeve Credited to adamreeve, CurtHagenlocher, and marcin-krystianc CurtHagenlocher CurtHagenlocher
marcin-krystianc marcin-krystianc
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads Moderate
CVE-2026-41173 was published for OpenTelemetry.Resources.AWS (NuGet) Apr 23, 2026
Kielek Credited to Kielek, normj, martincostello, and arminru normj normj
martincostello martincostello arminru arminru
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers Moderate
CVE-2026-40894 was published for OpenTelemetry.Api (NuGet) Apr 23, 2026
martincostello Credited to martincostello, Kielek, and arminru Kielek Kielek
arminru arminru
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling Moderate
CVE-2026-40891 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 23, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies Moderate
CVE-2026-40182 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 23, 2026
martincostello Credited to martincostello, 1seal, Kielek, and arminru 1seal 1seal
Kielek Kielek arminru arminru
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle Moderate
CVE-2026-41511 was published for OpenMcdf (NuGet) Apr 22, 2026
pawlos Credited to pawlos
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment Low
GHSA-h39g-6x3c-7fq9 was published for Zio (NuGet) Apr 18, 2026
SUT0L Credited to SUT0L
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01, briandesarmo, and nicky-dilemmagroep briandesarmo briandesarmo
nicky-dilemmagroep nicky-dilemmagroep
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts Low
GHSA-pmpg-6pww-fg6q was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ylwango613 Credited to ylwango613
ImageMagick has a memory leak in PNG encoder when writing a MNG image Low
GHSA-x928-4434-crqj was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ylwango613 Credited to ylwango613
ImageMagick has a heap-buffer-overflow in FTXT encoder Low
GHSA-w54j-7wpm-crhj was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
unbengable12 Credited to unbengable12
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value Low
GHSA-8vfj-q2cp-5m5j was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
e1abrador Credited to e1abrador
ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing Low
GHSA-q8h3-jv9v-57qx was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
shitianyu-2004 Credited to shitianyu-2004
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database