GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
240 advisories
Umbraco CMS has an arbitrary file upload vulnerability
Moderate
CVE-2025-67288
was published
for
Umbraco.Cms
(NuGet)
Dec 22, 2025
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
Moderate
CVE-2026-23952
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML
Moderate
GHSA-qp59-x883-77qv
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript
Moderate
CVE-2026-23874
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
jQuery vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2011-4969
was published
for
jQuery
(RubyGems)
May 14, 2022
ImageMagick's failure to limit MVG mutual causes Stack Overflow
Moderate
CVE-2025-68950
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 30, 2025
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack
Moderate
CVE-2025-68618
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 30, 2025
Withdrawn Advisory: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family
Moderate
CVE-2025-65955
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 3, 2025
•
withdrawn
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)
Moderate
CVE-2025-62171
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Oct 28, 2025
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
Moderate
CVE-2025-62594
was published
for
Magick.NET-Q16-HDRI-OpenMP-arm64
(NuGet)
Oct 27, 2025
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Moderate
CVE-2025-64094
was published
for
DotNetNuke.Core
(NuGet)
Oct 29, 2025
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
Moderate
CVE-2025-62802
was published
for
Dnn.Platform
(NuGet)
Oct 29, 2025
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
components/jquery
(RubyGems)
Apr 29, 2020
ProTip!
Advisories are also available from the
GraphQL API