NuGet vulnerabilities | Corgea Advisories

HIGH 7.5

NuGet

CVE-2026-45591

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability

Jun 15, 2026

MEDIUM 6.2

NuGet

CVE-2026-46557

ImageMagick: Stack overflow in fx operation

May 18, 2026

HIGH 8.2

NuGet

CVE-2026-48109

MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

Jun 11, 2026

HIGH 7.5

NuGet

CVE-2026-46520

ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions

May 18, 2026

MEDIUM 4.1

NuGet

CVE-2026-47165

ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model

May 22, 2026

MEDIUM 4.1

NuGet

CVE-2026-46693

ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

May 22, 2026

MEDIUM 5.1

NuGet

CVE-2026-45624

ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

May 18, 2026

MEDIUM 5.5

NuGet

CVE-2026-46521

ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

May 18, 2026

MEDIUM 5.3

NuGet

CVE-2026-45664

ImageMagick: Policy Bypass in MNG coder could

May 18, 2026

MEDIUM 6.2

NuGet

CVE-2026-46523

ImageMagick: Use-After-Free in MSL decoder.

May 18, 2026

MEDIUM 4.0

NuGet

CVE-2026-46559

ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.

May 18, 2026

HIGH 7.5

NuGet

CVE-2026-46522

ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

May 18, 2026

MEDIUM 5.1

NuGet

CVE-2026-42326

ImageMagick: Heap Buffer Over-Read in IPTC encoder

May 18, 2026

MEDIUM 5.3

NuGet

CVE-2026-45358

ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

May 18, 2026

MEDIUM 5.3

NuGet

CVE-2026-45031

ImageMagick: Policy Bypass in PSD decoder

May 18, 2026

MEDIUM 5.7

NuGet

CVE-2026-45359

ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

May 18, 2026

MEDIUM 5.4

NuGet

CVE-2026-46616

Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

May 21, 2026

MEDIUM 4.6

NuGet

CVE-2026-46609

Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

May 21, 2026

HIGH 7.5

NuGet

CVE-2026-42899

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability

May 18, 2026

MEDIUM 5.3

NuGet

CVE-2026-40182

OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Apr 23, 2026

MEDIUM 5.5

NuGet

CVE-2018-1002206

Directory Traversal in SharpCompress

Sep 11, 2019

CRITICAL 9.8

NuGet

CVE-2026-45288

Marten has an injection vulnerability in its full-text search regConfig parameter

May 14, 2026

MEDIUM 6.3

NuGet

CVE-2022-24512

.NET Remote Code Execution Vulnerability

Oct 18, 2022

HIGH 7.5

NuGet

CVE-2022-24464

.NET Denial of Service Vulnerability

Oct 21, 2022

HIGH 7.5

NuGet

CVE-2022-29145

.NET Denial of Service Vulnerability

Aug 30, 2022

HIGH 7.5

NuGet

CVE-2022-38013

.NET Denial of Service Vulnerability

Sep 15, 2022

MEDIUM 6.5

NuGet

CVE-2026-44213

OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

May 8, 2026

MEDIUM 5.3

NuGet

GHSA-92vj-hp7m-gwcj

Nerdbank.MessagePack has Inefficient CPU Computation

May 29, 2026

MEDIUM 5.3

NuGet

GHSA-qjvr-435c-5fjh

Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

May 29, 2026

HIGH 7.5

NuGet

CVE-2026-32933

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Mar 13, 2026

MEDIUM 5.7

NuGet

CVE-2026-47166

ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

May 22, 2026

MEDIUM 4.1

NuGet

CVE-2026-46692

ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

May 22, 2026

LOW 3.3

NuGet

GHSA-vf33-6r7x-66xx

ImageMagick: Division by Zero in binomial kernel

May 21, 2026

LOW 3.7

NuGet

GHSA-qv2q-c278-pch5

ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse

May 21, 2026

MEDIUM 6.2

NuGet

GHSA-jqq5-8px3-9m6m

ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix

May 21, 2026

MEDIUM 6.2

NuGet

CVE-2026-45785

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

May 19, 2026

UNKNOWN

NuGet

GHSA-24c8-4792-22hx

Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString

May 19, 2026

HIGH 8.8

NuGet

CVE-2015-5237

protobuf susceptible to buffer overflow

May 13, 2022

HIGH 7.3

NuGet

CVE-2026-35433

Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability

May 18, 2026

HIGH 7.5

NuGet

CVE-2026-32175

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

May 18, 2026

UNKNOWN

NuGet

GHSA-5r97-79vw-qvm4

Microsoft DirectX12: .spritefont multiply overflow only in 32-bit builds

May 18, 2026

UNKNOWN

NuGet

GHSA-c55g-rp4x-fx84

Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds

May 18, 2026

HIGH 7.5

NuGet

CVE-2026-44375

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

May 6, 2026

MEDIUM 6.5

NuGet

CVE-2026-42191

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Apr 30, 2026

HIGH 7.5

NuGet

CVE-2026-44302

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

May 6, 2026

MEDIUM 5.9

NuGet

CVE-2026-42348

OpAMP client reads unbounded HTTP response bodies

May 5, 2026

HIGH 8.8

NuGet

CVE-2026-43937

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

May 5, 2026

HIGH 7.3

NuGet

CVE-2026-43939

YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers

May 5, 2026

HIGH 8.1

NuGet

CVE-2026-43938

YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

May 5, 2026

MEDIUM 6.2

NuGet

CVE-2026-41511

OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

Apr 22, 2026

NONE 0.0

NuGet

CVE-2026-32178

Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability

Apr 14, 2026

MEDIUM 5.3

NuGet

CVE-2026-42241

ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

Apr 24, 2026

HIGH 7.6

NuGet

CVE-2025-55004

imagemagick: heap-buffer overflow read in MNG magnification with alpha

Aug 25, 2025

MEDIUM 6.2

NuGet

CVE-2026-40169

ImageMagick has a heap buffer overflow (WRITE) in the YAML and JSON encoders.

Apr 14, 2026

MEDIUM 4.7

NuGet

CVE-2025-62594

ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)

Oct 27, 2025

MEDIUM 5.5

NuGet

CVE-2026-40183

ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float

Apr 14, 2026

HIGH 7.5

NuGet

CVE-2025-66628

ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only)

Dec 10, 2025

LOW 3.3

NuGet

CVE-2025-68469

ImageMagick has a heap-buffer-overflow

Aug 25, 2025

MEDIUM 6.2

NuGet

CVE-2026-40312

ImageMagick has an off-by-one error in MSL decoder could result in crash

Apr 14, 2026

HIGH 7.5

NuGet

CVE-2025-53015

ImageMagick has XMP profile write that triggers hang due to unbounded loop

Jul 23, 2025

Know every threat before it ships

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability

ImageMagick: Stack overflow in fx operation

MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions

ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model

ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick: Policy Bypass in MNG coder could

ImageMagick: Use-After-Free in MSL decoder.

ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.

ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ImageMagick: Heap Buffer Over-Read in IPTC encoder

ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

ImageMagick: Policy Bypass in PSD decoder

ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability

OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Directory Traversal in SharpCompress

Marten has an injection vulnerability in its full-text search regConfig parameter

.NET Remote Code Execution Vulnerability

.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Nerdbank.MessagePack has Inefficient CPU Computation

Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

ImageMagick: Division by Zero in binomial kernel

ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse

ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString

protobuf susceptible to buffer overflow

Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

Microsoft DirectX12: .spritefont multiply overflow only in 32-bit builds

Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

OpAMP client reads unbounded HTTP response bodies

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers

YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability

ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

imagemagick: heap-buffer overflow read in MNG magnification with alpha

ImageMagick has a heap buffer overflow (WRITE) in the YAML and JSON encoders.

ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)

ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float

ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only)

ImageMagick has a heap-buffer-overflow

ImageMagick has an off-by-one error in MSL decoder could result in crash

ImageMagick has XMP profile write that triggers hang due to unbounded loop

Start Securing