NuGet vulnerabilities | Corgea Advisories

HIGH 7.5

NuGet

CVE-2026-45591

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability

Jun 15, 2026

HIGH 8.2

NuGet

CVE-2026-48109

MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

Jun 11, 2026

HIGH 7.5

NuGet

CVE-2026-46520

ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions

May 18, 2026

HIGH 7.5

NuGet

CVE-2026-46522

ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

May 18, 2026

HIGH 7.5

NuGet

CVE-2026-42899

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability

May 18, 2026

HIGH 7.5

NuGet

CVE-2022-24464

.NET Denial of Service Vulnerability

Oct 21, 2022

HIGH 7.5

NuGet

CVE-2022-29145

.NET Denial of Service Vulnerability

Aug 30, 2022

HIGH 7.5

NuGet

CVE-2022-38013

.NET Denial of Service Vulnerability

Sep 15, 2022

HIGH 7.5

NuGet

CVE-2026-32933

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Mar 13, 2026

HIGH 8.8

NuGet

CVE-2015-5237

protobuf susceptible to buffer overflow

May 13, 2022

HIGH 7.3

NuGet

CVE-2026-35433

Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability

May 18, 2026

HIGH 7.5

NuGet

CVE-2026-32175

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

May 18, 2026

HIGH 7.5

NuGet

CVE-2026-44375

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

May 6, 2026

HIGH 7.5

NuGet

CVE-2026-44302

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

May 6, 2026

HIGH 8.8

NuGet

CVE-2026-43937

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

May 5, 2026

HIGH 7.3

NuGet

CVE-2026-43939

YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers

May 5, 2026

HIGH 8.1

NuGet

CVE-2026-43938

YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

May 5, 2026

HIGH 7.6

NuGet

CVE-2025-55004

imagemagick: heap-buffer overflow read in MNG magnification with alpha

Aug 25, 2025

HIGH 7.5

NuGet

CVE-2025-66628

ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only)

Dec 10, 2025

HIGH 7.5

NuGet

CVE-2025-53015

ImageMagick has XMP profile write that triggers hang due to unbounded loop

Jul 23, 2025

HIGH 7.5

NuGet

CVE-2026-26171

Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability

Apr 14, 2026

HIGH 7.5

NuGet

CVE-2026-33116

Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Apr 14, 2026

HIGH 8.0

NuGet

CVE-2026-40321

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

Apr 10, 2026

HIGH 7.5

NuGet

CVE-2026-33901

ImageMagick has a heap Buffer Overflow in ImageMagick MVG decoder

Apr 14, 2026

HIGH 7.5

NuGet

CVE-2026-33908

ImageMagick has a Stack Overflow in DestroyXMLTree()

Apr 14, 2026

HIGH 7.5

NuGet

GHSA-f5v8-v6q3-q4h6

Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Apr 16, 2026

HIGH 7.1

NuGet

CVE-2026-39959

Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Apr 8, 2026

HIGH 8.2

NuGet

CVE-2026-25794

ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions

Feb 24, 2026

HIGH 7.8

NuGet

CVE-2026-26131

.NET Elevation of Privilege Vulnerability

Mar 11, 2026

HIGH 7.5

NuGet

CVE-2026-26130

.NET Denial of Service Vulnerability

Mar 11, 2026

HIGH 7.5

NuGet

CVE-2026-26127

.NET Denial of Service Vulnerability

Mar 11, 2026

HIGH 7.5

NuGet

GHSA-32wq-ppwg-3w4m

EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory

Apr 1, 2026

HIGH 8.6

NuGet

GHSA-x6m9-38vm-2xhf

Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()

Mar 24, 2026

HIGH 7.5

NuGet

GHSA-xcx6-vp38-8hr5

Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException

Mar 24, 2026

HIGH 7.5

NuGet

GHSA-v66j-x4hw-fv9g

Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service

Mar 24, 2026

HIGH 7.5

NuGet

GHSA-c875-h985-hvrc

Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service

Mar 24, 2026

HIGH 7.5

NuGet

GHSA-p6q4-fgr8-vx4p

Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix

Mar 24, 2026

HIGH 7.5

NuGet

GHSA-wgh7-7m3c-fx25

Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service)

Mar 19, 2026

HIGH 7.5

NuGet

GHSA-grr9-747v-xvcp

Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

Mar 19, 2026

HIGH 7.5

NuGet

CVE-2026-27449

Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Feb 27, 2026

HIGH 7.5

NuGet

GHSA-vh8f-65qg-3m8j

Duplicate Advisory: .NET Denial of Service Vulnerability

Mar 10, 2026

HIGH 7.5

NuGet

GHSA-c8gq-rhqh-wgwm

Duplicate Advisory: .NET Denial of Service Vulnerability

Mar 10, 2026

HIGH 8.8

NuGet

CVE-2026-26118

Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network

Mar 10, 2026

HIGH 7.7

NuGet

CVE-2026-30929

ImageMagick has stack buffer overflow in MagnifyImage

Mar 12, 2026

HIGH 8.1

NuGet

CVE-2026-28693

ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write

Mar 12, 2026

HIGH 7.5

NuGet

CVE-2026-28691

ImageMagick has uninitialized pointer dereference in JBIG decoder

Mar 12, 2026

HIGH 7.4

NuGet

CVE-2026-25968

ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write.

Mar 12, 2026

HIGH 7.1

NuGet

CVE-2026-28494

ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays

Mar 12, 2026

HIGH 7.5

NuGet

GHSA-8fh9-c4jq-94h4

idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability

Mar 13, 2026

HIGH 8.6

NuGet

CVE-2021-41238

Missing Authorization with Default Settings in Dashboard UI

Nov 3, 2021

HIGH 8.6

NuGet

CVE-2021-23428

Path traversal in elFinder.NetCore

Sep 2, 2021

HIGH 7.5

NuGet

CVE-2021-23415

Directory Traversal in elFinder.AspNet

Aug 9, 2021

HIGH 8.7

NuGet

CVE-2021-43853

AjaxNetProfessional deserializes arbitrary JavaScript objects

Jan 6, 2022

HIGH 8.2

NuGet

CVE-2020-5261

Missing Token Replay Detection in Saml2 Authentication services for ASP.NET

Mar 25, 2020

HIGH 7.5

NuGet

CVE-2021-23407

Path Traversal in elFinder.Net.Core

Aug 2, 2021

HIGH 7.5

NuGet

CVE-2022-21167

Code Injection in Masuit.Tools.Core

May 3, 2022

HIGH 7.5

NuGet

CVE-2020-7791

Denial of Service in i18n

Dec 14, 2020

HIGH 7.8

NuGet

GHSA-387c-qmrw-59qv

Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability

Mar 10, 2026

HIGH 7.2

NuGet

CVE-2026-31834

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Mar 11, 2026

HIGH 7.5

NuGet

CVE-2026-24481

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Feb 24, 2026

Know every threat before it ships

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability

MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions

ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability

.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

protobuf susceptible to buffer overflow

Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers

YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

imagemagick: heap-buffer overflow read in MNG magnification with alpha

ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only)

ImageMagick has XMP profile write that triggers hang due to unbounded loop

Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

ImageMagick has a heap Buffer Overflow in ImageMagick MVG decoder

ImageMagick has a Stack Overflow in DestroyXMLTree()

Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions

.NET Elevation of Privilege Vulnerability

.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory

Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()

Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException

Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service

Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service

Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix

Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service)

Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Duplicate Advisory: .NET Denial of Service Vulnerability

Duplicate Advisory: .NET Denial of Service Vulnerability

Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network

ImageMagick has stack buffer overflow in MagnifyImage

ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write

ImageMagick has uninitialized pointer dereference in JBIG decoder

ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write.

ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays

idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability

Missing Authorization with Default Settings in Dashboard UI

Path traversal in elFinder.NetCore

Directory Traversal in elFinder.AspNet

AjaxNetProfessional deserializes arbitrary JavaScript objects

Missing Token Replay Detection in Saml2 Authentication services for ASP.NET

Path Traversal in elFinder.Net.Core

Code Injection in Masuit.Tools.Core

Denial of Service in i18n

Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Start Securing