OSV - Open Source Vulnerabilities

GHSA-f5v8-v6q3-q4h6

NuGet/Meridian.Mapping
NuGet/Meridian.Mediator

Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

50 minutes ago

Fix available
Severity - 7.5 (High)

GHSA-qr3m-xw4c-jqw3

NuGet/HotChocolate.Language

ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

2 hours ago

Fix available
Severity - 9.1 (Critical)

MAL-2026-2808

NuGet/wpfuihelpercore

Malicious code in wpfuihelpercore (NuGet)

13 hours ago

No fix available

MAL-2026-2807

NuGet/jjrawlins.cdkiampolicybuilderhelper

Malicious code in jjrawlins.cdkiampolicybuilderhelper (NuGet)

13 hours ago

No fix available

GHSA-gvvw-8j96-8g5r

NuGet/Microsoft.Native.Quic.MsQuic.OpenSSL
NuGet/Microsoft.Native.Quic.MsQuic.Schannel

MsQuic has a Remote Elevation of Privilege Vulnerability

22 hours ago

Fix available
Severity - 9.8 (Critical)

GHSA-g4vj-cjjj-v7hg

NuGet/NuGet.CommandLine
NuGet/NuGet.Packaging
NuGet/NuGet.Protocol

Defense in Depth update for NuGet Client

yesterday

Fix available

GHSA-2hx3-vp6r-mg3f

NuGet/kiota

Kiota: Code Generation Literal Injection

2 days ago

Fix available
Severity - 7.3 (High)

GHSA-fcpv-w245-r2q7

NuGet/DotNetNuke.Core

DotNetNuke.Core security code analysis rules triggered

2 days ago

Fix available

GHSA-x928-4434-crqj

NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
NuGet/Magick.NET-Q16-HDRI-arm64
... 13 more

ImageMagick has a memory leak in PNG encoder when writing a MNG image

2 days ago

Fix available
Severity - 3.7 (Low)

GHSA-pmpg-6pww-fg6q

NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
NuGet/Magick.NET-Q16-HDRI-arm64
... 13 more

ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts

2 days ago

Fix available
Severity - 3.3 (Low)

GHSA-8vfj-q2cp-5m5j

NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
NuGet/Magick.NET-Q16-HDRI-arm64
... 13 more

ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value

2 days ago

Fix available
Severity - 3.3 (Low)

GHSA-98cp-rj9f-6v5g

NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
NuGet/Magick.NET-Q16-HDRI-arm64
... 13 more

ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete

2 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-q8h3-jv9v-57qx

NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
NuGet/Magick.NET-Q16-HDRI-arm64
... 13 more

ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing

2 days ago

Fix available
Severity - 3.3 (Low)

GHSA-w54j-7wpm-crhj

NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
NuGet/Magick.NET-Q16-HDRI-arm64
... 13 more

ImageMagick has a heap-buffer-overflow in FTXT encoder

2 days ago

Fix available
Severity - 3.3 (Low)

GHSA-w3x6-4m5h-cxqf

NuGet/System.Security.Cryptography.Xml

Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability

2 days ago

Fix available
Severity - 7.5 (High)

GHSA-37gx-xxp4-5rgx

NuGet/System.Security.Cryptography.Xml

Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

2 days ago

Fix available
Severity - 7.5 (High)