GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
243 advisories
HtmlSanitizer has a bypass via template tag
Moderate
CVE-2026-25543
was published
for
HtmlSanitizer
(NuGet)
Feb 3, 2026
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
Moderate
CVE-2026-24784
was published
for
DotNetNuke.Core
(NuGet)
Jan 28, 2026
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
Moderate
CVE-2026-23952
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML
Moderate
GHSA-qp59-x883-77qv
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript
Moderate
CVE-2026-23874
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
ImageMagick's failure to limit MVG mutual causes Stack Overflow
Moderate
CVE-2025-68950
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 30, 2025
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack
Moderate
CVE-2025-68618
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 30, 2025
Umbraco CMS has an arbitrary file upload vulnerability
Moderate
CVE-2025-67288
was published
for
Umbraco.Cms
(NuGet)
Dec 22, 2025
Withdrawn Advisory: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family
Moderate
CVE-2025-65955
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 3, 2025
•
withdrawn
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Moderate
CVE-2025-64094
was published
for
DotNetNuke.Core
(NuGet)
Oct 29, 2025
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
Moderate
CVE-2025-62802
was published
for
Dnn.Platform
(NuGet)
Oct 29, 2025
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)
Moderate
CVE-2025-62171
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Oct 28, 2025
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
Moderate
CVE-2025-62594
was published
for
Magick.NET-Q16-HDRI-OpenMP-arm64
(NuGet)
Oct 27, 2025
ProTip!
Advisories are also available from the
GraphQL API