| Advisory | Project | Vulnerability | Severity | Status |
|---|---|---|---|---|
| CVE-2026-50142 | libheif | Unbounded heap allocation in HEIF sequence parser | High (CVSS 7.5) | ✅ Fixed |
| CVE-2026-53532 | OpenEXR | Unhandled assert abort in HTJ2K decoder — DoS via vendored OpenJPH | Moderate | ✅ Fixed in v3.4.13 |
| CVE pending | LibRaw | Integer overflow → heap-buffer-overflow-write in CRX/CR3 decoder | High (CVSS 7.5) | 🔒 Fixed; CVE pending |
| GHSA-x6m8-gjm4-87c3 | Cacti | IDOR — missing ownership check in reports_form_actions() | High (CVSS 8.8) | 🔄 Fix merged |
| GHSA-44c9-hrq8-9r46 | Cacti | Path traversal via unserialize() in package_import.php | Medium (CVSS 6.6) | 🔄 Fix in progress |
| CVE-2026-9794 | Keycloak | Unauthenticated client ID enumeration via SAML ECP oracle | Medium (CVSS 5.3) | ✅ Fixed in 26.6.3 |
| GHSA-v4hc-2928-gmm5 | libarchive | Integer overflow in XAR parser → checksum bypass & DoS | Medium (CVSS 4.3) | 🔄 Fix merged |
| GHSA-hvq5-gp2g-6rmv | libarchive | Integer truncation in 7zip numDigests → heap OOB read | Medium | 🔄 Pending triage |
| GHSA-3p4v-475w-5wxv | libarchive | Missing recursion depth guard in ISO9660 Joliet → stack overflow | Medium (CVSS 4.3) | 🔄 Pending triage |
| CVE Request 2040466 | mtr 0.96 | Arbitrary file read as root via MTR_OPTIONS=-F under sudo | Medium (CVSS 5.5) | 🔄 CVE pending |
| Nmap changelog | Ncat | 5 memory-safety issues: double-free, UAF, OOB read, NULL deref (pre-auth) | Medium | ✅ Fixed; credited |
| Nmap changelog | Nmap | Stack buffer over-read in cstring_unescape() — ASan-confirmed | — | ✅ Fixed; credited |
| RUSTSEC-2026-0199 | rust-bcrypt | DoS panic regression | Medium (CVSS 5.3) | ✅ Fixed in 0.19.2 |
- Co-authored OSS-Fuzz integration (PR #15382, google/oss-fuzz)
- Merged seed corpus (PR #8062) and fuzz_compose harness (PR #8067)
- Discovered OSS-Fuzz Issue 523734453: null-deref WRITE in ir_pb_converter.cc:381 — fixed in PR #8121 (June 2026)

