Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,623
Maven
5,000+
npm
5,000+
NuGet
927
pip
4,843
Pub
13
RubyGems
1,045
Rust
1,271
Swift
53
Unreviewed advisories
All unreviewed
5,000+

318 advisories

Loading
OneCollector exporter reads unbounded HTTP response bodies Moderate
CVE-2026-41484 was published for OpenTelemetry.Exporter.OneCollector (NuGet) Apr 29, 2026
martincostello Credited to martincostello and rajkumar-rangaraj rajkumar-rangaraj rajkumar-rangaraj
OpenTelemetry.Resources.Azure has an unbounded HTTP response body read Moderate
CVE-2026-41483 was published for OpenTelemetry.Resources.Azure (NuGet) Apr 29, 2026
martincostello Credited to martincostello and Kielek Kielek Kielek
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure Moderate
CVE-2026-41310 was published for OpenTelemetry.Exporter.Zipkin (NuGet) Apr 28, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width Moderate
GHSA-rrjr-v56m-ww88 was published for ParquetSharp (NuGet) Apr 24, 2026
adamreeve Credited to adamreeve, CurtHagenlocher, and marcin-krystianc CurtHagenlocher CurtHagenlocher
marcin-krystianc marcin-krystianc
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads Moderate
CVE-2026-41173 was published for OpenTelemetry.Resources.AWS (NuGet) Apr 23, 2026
Kielek Credited to Kielek, normj, martincostello, and arminru normj normj
martincostello martincostello arminru arminru
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers Moderate
CVE-2026-40894 was published for OpenTelemetry.Api (NuGet) Apr 23, 2026
martincostello Credited to martincostello, Kielek, and arminru Kielek Kielek
arminru arminru
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling Moderate
CVE-2026-40891 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 23, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies Moderate
CVE-2026-40182 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 23, 2026
martincostello Credited to martincostello, 1seal, Kielek, and arminru 1seal 1seal
Kielek Kielek arminru arminru
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle Moderate
CVE-2026-41511 was published for OpenMcdf (NuGet) Apr 22, 2026
pawlos Credited to pawlos
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade Moderate
CVE-2026-41319 was published for MailKit (NuGet) Apr 18, 2026
ROCmertakdag Credited to ROCmertakdag
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete Moderate
GHSA-98cp-rj9f-6v5g was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
unbengable12 Credited to unbengable12
ImageMagick has an off-by-one error in MSL decoder could result in crash Moderate
CVE-2026-40312 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
COCOP1l0t Credited to COCOP1l0t
ImageMagick has a heap-use-after-free via XMP profile could result in a crash when printing the values. Moderate
CVE-2026-40311 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ImageMagick has a heap out-of-bounds write in JP2 encoder Moderate
CVE-2026-40310 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
jakelamberson Credited to jakelamberson
ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float Moderate
CVE-2026-40183 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
jakelamberson Credited to jakelamberson
ImageMagick has a heap buffer overflow (WRITE) in the YAML and JSON encoders. Moderate
CVE-2026-40169 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
zer0matt Credited to zer0matt
ImageMagick has an out-of-bounds read in sample operation Moderate
CVE-2026-33905 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has a Stack Overflow via Recursive FX Expression Parsing Moderate
CVE-2026-33902 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
fumfel Credited to fumfel
ImageMagick has a heap-Buffer-Overflow write of a single zero byte when parsing xml. Moderate
CVE-2026-33899 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 13, 2026
unbengable12 Credited to unbengable12
ImageMagick has an integer overflow in despeckle operation causing a heap buffer overflow on 32-bit builds Moderate
CVE-2026-34238 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 13, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has a heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds Moderate
CVE-2026-33900 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 13, 2026
shitianyu-2004 Credited to shitianyu-2004
DNN: Same HostGUID for all new installs Moderate
CVE-2026-40306 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
meetmandeep Credited to meetmandeep, donker, and valadas donker donker
valadas valadas
DNN: Force Friend Request Acceptance Moderate
CVE-2026-40305 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
JesseClarkTT Credited to JesseClarkTT, bdukes, and valadas bdukes bdukes
valadas valadas
Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters Moderate
CVE-2026-40021 was published for log4net (NuGet) Apr 10, 2026
FreeAndNil Credited to FreeAndNil
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database