Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,021 advisories

Loading
sondt99 Credited to sondt99
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing High
CVE-2026-49451 was published for Microsoft.OpenAPI (NuGet) Jun 30, 2026
baywet Credited to baywet
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image Moderate
CVE-2026-53465 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
007bsd Credited to 007bsd
ImageMagick: Memory Leak in wand option parser when providing invalid arguments Moderate
CVE-2026-53464 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
007bsd Credited to 007bsd
ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments Moderate
CVE-2026-53463 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
007bsd Credited to 007bsd
ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails Moderate
CVE-2026-53462 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 26, 2026
jeremybuis Credited to jeremybuis
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop High
CVE-2026-53461 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
vibhum-dubey Credited to vibhum-dubey
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition High
CVE-2026-53460 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
OwenSanzas Credited to OwenSanzas
ImageMagick: Policy Bypass can read disallowed files via symlink Moderate
CVE-2026-49219 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
GameZoneHacker Credited to GameZoneHacker
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions High
CVE-2026-49218 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
OwenSanzas Credited to OwenSanzas
ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems Moderate
CVE-2026-48994 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
oduoke567 Credited to oduoke567
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder Moderate
CVE-2026-48734 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
omkhar Credited to omkhar
ImageMagick has an Infinite Loop in subimage-search with crafted image Moderate
CVE-2026-48733 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
omkhar Credited to omkhar
ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method Moderate
CVE-2026-48724 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
omkhar Credited to omkhar
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments Moderate
CVE-2026-48517 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings Moderate
CVE-2026-48516 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions Moderate
CVE-2026-48515 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length Moderate
CVE-2026-48514 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement Moderate
CVE-2026-48513 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement Moderate
CVE-2026-48512 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps Moderate
CVE-2026-48511 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths Moderate
CVE-2026-48510 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies Moderate
CVE-2026-48509 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
ProTip! Advisories are also available from the GraphQL API