Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

50 advisories

Loading
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch High
CVE-2026-50196 was published for Steeltoe.Discovery.Eureka (NuGet) Jul 2, 2026
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake High
CVE-2026-54772 was published for CoreWCF.NetFramingBase (NuGet) Jun 19, 2026
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-45591 was published for Microsoft.AspNetCore.App.Runtime.linux-x64 (NuGet) Jun 15, 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion High
CVE-2026-46522 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
bl4cksku11 Credited to bl4cksku11
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
ImageMagick: Policy Bypass in PSD decoder Moderate
CVE-2026-45031 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
dayzsec Credited to dayzsec
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure Moderate
CVE-2026-41310 was published for OpenTelemetry.Exporter.Zipkin (NuGet) Apr 28, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01, briandesarmo, and nicky-dilemmagroep briandesarmo briandesarmo
nicky-dilemmagroep nicky-dilemmagroep
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation Moderate
GHSA-xw6w-9jjh-p9cr was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset and adamus2 adamus2 adamus2
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service High
GHSA-c875-h985-hvrc was published for Scriban.Signed (NuGet) Mar 24, 2026
Zwique Credited to Zwique and adamus2 adamus2 adamus2
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
CVE-2023-1289 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Im10n Credited to Im10n
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Infinite loop vulnerability when parsing a PCD file High
CVE-2026-24485 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS Moderate
CVE-2026-24484 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks Moderate
CVE-2025-54575 was published for SixLabors.ImageSharp (NuGet) Jul 30, 2025
whatevicanhaz Credited to whatevicanhaz
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability High
CVE-2024-38168 was published for Microsoft.AspNetCore.App.Runtime.win-arm (NuGet) Aug 13, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability High
CVE-2024-30105 was published for System.Text.Json (NuGet) Jul 9, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov Credited to levpachmanov
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability High
CVE-2024-21392 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Mar 12, 2024
r3kumar Credited to r3kumar and TAINA-AntonyBingham TAINA-AntonyBingham TAINA-AntonyBingham
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability High
CVE-2024-21386 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024
bbossola Credited to bbossola, gillarramendi, and sunnypatell gillarramendi gillarramendi
sunnypatell sunnypatell
ProTip! Advisories are also available from the GraphQL API