GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
High
CVE-2026-50196
was published
for
Steeltoe.Discovery.Eureka
(NuGet)
Jul 2, 2026
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
High
CVE-2026-54772
was published
for
CoreWCF.NetFramingBase
(NuGet)
Jun 19, 2026
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
High
CVE-2026-45591
was published
for
Microsoft.AspNetCore.App.Runtime.linux-x64
(NuGet)
Jun 15, 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
High
CVE-2026-46522
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
ImageMagick: Policy Bypass in MNG coder could
Moderate
CVE-2026-45664
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
ImageMagick: Policy Bypass in PSD decoder
Moderate
CVE-2026-45031
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Moderate
CVE-2026-41310
was published
for
OpenTelemetry.Exporter.Zipkin
(NuGet)
Apr 28, 2026
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
Moderate
CVE-2026-41078
was published
for
OpenTelemetry.Exporter.Jaeger
(NuGet)
Apr 18, 2026
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)
High
GHSA-f5v8-v6q3-q4h6
was published
for
Meridian.Mapping
(NuGet)
Apr 16, 2026
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability
High
CVE-2026-26171
was published
for
System.Security.Cryptography.Xml
(NuGet)
Apr 14, 2026
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
High
CVE-2026-33116
was published
for
System.Security.Cryptography.Xml
(NuGet)
Apr 14, 2026
Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service
High
CVE-2026-39959
was published
for
Tmds.DBus
(NuGet)
Apr 8, 2026
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Moderate
GHSA-xw6w-9jjh-p9cr
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service
High
GHSA-c875-h985-hvrc
was published
for
Scriban.Signed
(NuGet)
Mar 24, 2026
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS
Moderate
CVE-2023-1289
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile
Moderate
CVE-2026-26066
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 24, 2026
ImageMagick: Infinite loop vulnerability when parsing a PCD file
High
CVE-2026-24485
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 24, 2026
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS
Moderate
CVE-2026-24484
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Feb 24, 2026
Amazon.IonDotnet is vulnerable to Denial of Service attacks
High
CVE-2025-11573
was published
for
Amazon.IonDotnet
(NuGet)
Oct 9, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks
Moderate
CVE-2025-54575
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 30, 2025
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
High
CVE-2024-38168
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 13, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
High
CVE-2024-30105
was published
for
System.Text.Json
(NuGet)
Jul 9, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
High
CVE-2024-21392
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Mar 12, 2024
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
High
CVE-2024-21386
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API