Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

765 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Withdrawn Advisory: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family Moderate
CVE-2025-65955 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 3, 2025 withdrawn
LuiginoC
Credited to LuiginoC
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only) High
CVE-2025-66628 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 10, 2025
Sumitshah00
Credited to Sumitshah00
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
Emby Server API Vulnerability allowing to gain administrative access without precondition Critical
CVE-2025-64113 was published for MediaBrowser.Server.Core (NuGet) Dec 8, 2025
tembybot
Credited to tembybot
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer) High
CVE-2025-66631 was published for Csla (NuGet) Dec 8, 2025
rockfordlhotkaOuturnate
Credited to rockfordlhotka and Outurnate
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Credited to jenhae
Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability High
CVE-2024-38081 was published for Microsoft.IO.Redist (NuGet) Jul 9, 2024
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability Critical
CVE-2025-54539 was published for Apache.NMS.AMQP (NuGet) Oct 16, 2025
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain Moderate
CVE-2025-9708 was published for KubernetesClient (NuGet) Sep 17, 2025
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbenaA-Fitz-Nelnet
Credited to esbena and A-Fitz-Nelnet
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
vovikhangcdv
Credited to vovikhangcdv
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
imagemagick: integer overflows in MNG magnification High
CVE-2025-55154 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
ImageMagick has a Memory Leak in magick stream Low
CVE-2025-53019 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-tripYutoIn
iwashiirautshina
Credited to momo-trip, YutoIn, iwashiira, and utshina
ImageMagick BlobStream Forward-Seek Under-Allocation Low
CVE-2025-57807 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Sep 5, 2025
mescuwa
Credited to mescuwa
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojunehanbunny
jin-156amethyst0225
Credited to leehohojune, hanbunny, jin-156, and amethyst0225
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash Low
CVE-2025-55212 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
amethyst0225leehohojune
jin-156
Credited to amethyst0225, leehohojune, and jin-156
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename Low
CVE-2025-53014 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-tripiwashiira
utshinaon-keyday
Credited to momo-trip, iwashiira, utshina, and on-keyday
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow High
CVE-2025-57803 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
mescuwa
Credited to mescuwa
ImageMagick has a Stack Buffer Overflow in image.c High
CVE-2025-53101 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-tripYutoIn
iwashiirautshina
Credited to momo-trip, YutoIn, iwashiira, and utshina
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP) Moderate
CVE-2025-62171 was published for Magick.NET-Q16-AnyCPU (NuGet) Oct 28, 2025
wooseokdotkim
Credited to wooseokdotkim
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS) Moderate
CVE-2025-62594 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Oct 27, 2025
amethyst0225jin-156
hanbunnyyosiimich
Credited to amethyst0225, jin-156, hanbunny, and yosiimich
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite Critical
CVE-2025-64095 was published for DNN.PLATFORM (NuGet) Oct 29, 2025
bdukesvaladas
Credited to bdukes and valadas
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload Moderate
CVE-2025-64094 was published for DotNetNuke.Core (NuGet) Oct 29, 2025
pdstatbdukes
mitchelsellersvaladas
Credited to pdstat, bdukes, mitchelsellers, and valadas
DNN CKEditor Provider allows unauthenticated upload out-of-the-box Moderate
CVE-2025-62802 was published for Dnn.Platform (NuGet) Oct 29, 2025
r90727bdukes
donkerdavid-poindextermitchelsellers
Credited to r90727, bdukes, donker, david-poindexter, and mitchelsellers
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database