nuget
901 tracked vulnerabilities.
CVE-2026-49451
HIGH
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-56370
LOW
ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact
Jun 24, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-56368
LOW
ImageMagick - Memory Leak in Raw Pixel Data Coders
Jun 24, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-48517
HIGH
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48516
HIGH
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48515
HIGH
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48514
HIGH
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48513
HIGH
MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48512
HIGH
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48511
HIGH
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48510
HIGH
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48509
CRITICAL
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
Jun 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-48506
HIGH
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48502
HIGH
MessagePack-CSharp ReadDateTime - Stack Overflow Denial of Service
Jun 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48109
HIGH
MessagePack-CSharp LZ4 - Out-of-Bounds Read Denial of Service
Jun 22, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-50268
LOW
Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding
Jun 17, 2026
CVSS 1.9
EPSS 0.00
CVE-2026-50267
MEDIUM
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted
Jun 17, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-50202
MEDIUM
Steeltoe's static JWKS cache shared across schemes and never invalidated
Jun 17, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-50201
MEDIUM
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission
Jun 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-50200
HIGH
Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords
Jun 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-50196
HIGH
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
Jun 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-50194
HIGH
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
Jun 17, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-53465
MEDIUM
ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
Jun 10, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-53464
MEDIUM
ImageMagick: Memory Leak in wand option parser when providing invalid arguments
Jun 10, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-53463
MEDIUM
ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments
Jun 10, 2026
CVSS 4.3
EPSS 0.00
Products
Microsoft.ChakraCore 247
Magick.NET-Q16-AnyCPU 114
Magick.NET-Q16-HDRI-AnyCPU 114
Magick.NET-Q8-AnyCPU 114
Magick.NET-Q16-HDRI-x86 113
Magick.NET-Q16-x86 113
Magick.NET-Q8-x86 112
Magick.NET-Q16-HDRI-OpenMP-arm64 111
Magick.NET-Q16-HDRI-x64 111
Magick.NET-Q16-OpenMP-arm64 111
Magick.NET-Q16-OpenMP-x64 111
Magick.NET-Q16-arm64 111
Magick.NET-Q16-HDRI-arm64 110
Magick.NET-Q8-OpenMP-arm64 110
Magick.NET-Q8-arm64 110
Magick.NET-Q16-x64 107
Magick.NET-Q8-OpenMP-x64 107
Magick.NET-Q8-x64 104
Magick.NET-Q16-HDRI-OpenMP-x64 83
Magick.NET-Q16-OpenMP-x86 58
DotNetNuke.Core 35
Microsoft.AspNetCore.App.Runtime.win-x64 26
Microsoft.AspNetCore.App.Runtime.win-x86 25
Microsoft.AspNetCore.App.Runtime.win-arm 24
Microsoft.AspNetCore.App.Runtime.linux-x64 23
Microsoft.AspNetCore.App.Runtime.linux-arm 22
Microsoft.AspNetCore.App.Runtime.linux-arm64 22
Microsoft.AspNetCore.App.Runtime.linux-musl-x64 22
Microsoft.AspNetCore.App.Runtime.osx-x64 22
Microsoft.AspNetCore.App.Runtime.win-arm64 22
Quick Filters