GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
876 advisories
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Moderate
GHSA-xw6w-9jjh-p9cr
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString
Moderate
GHSA-m2p3-hwv5-xpqw
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException
High
GHSA-xcx6-vp38-8hr5
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service
High
GHSA-v66j-x4hw-fv9g
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service
High
GHSA-c875-h985-hvrc
was published
for
scriban
(NuGet)
Mar 24, 2026
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse
Critical
GHSA-5wr9-m6jw-xx44
was published
for
scriban
(NuGet)
Mar 24, 2026
Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()
High
GHSA-x6m9-38vm-2xhf
was published
for
scriban
(NuGet)
Mar 24, 2026
Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix
High
GHSA-p6q4-fgr8-vx4p
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service)
Moderate
GHSA-5rpf-x9jg-8j5p
was published
for
scriban
(NuGet)
Mar 19, 2026
Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)
High
GHSA-grr9-747v-xvcp
was published
for
scriban
(NuGet)
Mar 19, 2026
Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service)
High
GHSA-wgh7-7m3c-fx25
was published
for
scriban
(NuGet)
Mar 19, 2026
ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash
Moderate
CVE-2026-32636
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 17, 2026
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
High
CVE-2026-32933
was published
for
AutoMapper
(NuGet)
Mar 13, 2026
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS
Moderate
CVE-2023-1289
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
Moderate
CVE-2026-30937
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage
Moderate
CVE-2026-30936
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has Heap Buffer Over-Read in BilateralBlurImage
Moderate
CVE-2026-30935
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has heap-based buffer overflow in UHDR encoder
Moderate
CVE-2026-30931
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has stack buffer overflow in MagnifyImage
High
CVE-2026-30929
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write
High
CVE-2026-28693
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has uninitialized pointer dereference in JBIG decoder
High
CVE-2026-28691
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has stack write buffer overflow in MNG encoder
Moderate
CVE-2026-28690
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ImageMagick has heap use-after-free in the MSL encoder
Moderate
CVE-2026-28688
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
ProTip!
Advisories are also available from the
GraphQL API