VYPR

NuGet package

nerdbank.messagepack

pkg:nuget/nerdbank.messagepack

Vulnerabilities (1)

  • CVE-2026-44375HigMay 14, 2026
    affected < 1.1.62fixed 1.1.62

    Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension lengt