nuget

901 tracked vulnerabilities.

CVE-2026-49451 HIGH
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-56370 LOW
ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact
Jun 24, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-56368 LOW
ImageMagick - Memory Leak in Raw Pixel Data Coders
Jun 24, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-48517 HIGH
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48516 HIGH
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48515 HIGH
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48514 HIGH
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48513 HIGH
MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48512 HIGH
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48511 HIGH
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48510 HIGH
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48509 CRITICAL
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
Jun 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-48506 HIGH
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48502 HIGH
MessagePack-CSharp ReadDateTime - Stack Overflow Denial of Service
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48109 HIGH
MessagePack-CSharp LZ4 - Out-of-Bounds Read Denial of Service
Jun 22, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-50268 LOW
Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding
Jun 17, 2026
CVSS 1.9
EPSS 0.00
CVE-2026-50267 MEDIUM
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted
Jun 17, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-50202 MEDIUM
Steeltoe's static JWKS cache shared across schemes and never invalidated
Jun 17, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-50201 MEDIUM
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission
Jun 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-50200 HIGH
Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords
Jun 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-50196 HIGH
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
Jun 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-50194 HIGH
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
Jun 17, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-53465 MEDIUM
ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
Jun 10, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-53464 MEDIUM
ImageMagick: Memory Leak in wand option parser when providing invalid arguments
Jun 10, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-53463 MEDIUM
ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments
Jun 10, 2026
CVSS 4.3
EPSS 0.00