Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
nuget Umbraco.CMS Security Advisories
Loading...
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS02eG14LTg1eDMtNGN2Ms4AA3ug
Stored XSS via SVG File UploadEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS03eDc0LWg4Y3ctcWh4cc4AA3uf
Brute force exploit can be used to collect valid usernamesEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS04cXA4LTlycHctajQ2Y84AA3ue
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS1jZnI1LTdwNTQtNHFnOM4AA3ud
Privilege Escalation using SpoofingEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS02MzI0LTUycHItaDRwNc4AA3uc
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS12OThtLTM5OHgtMjY5cs4AA3ub
DOM-XSS on Backoffice login screen.Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS0zMzV4LTV3Y20tOGp2Ms4AA3ua
Backoffice User can bypass "Publish" restrictionEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS14eGM2LTM1cjctNzk2d84AA3uY
Possible injection of HTML into user invite mailsEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS14MzRqLXd4cTgtN3Zjbc4AAb4d
Umbraco CMS vulnerable to CSRFEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS01ZjZwLTRoeHEtcmp4bc4AAb4c
Umbraco CMS vulnerable to CSRFEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 1
Ecosystems: 12
Packages: 8,642
Repositories: 1
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
Microsoft.ChakraCore
247
Microsoft.AspNetCore.App.Runtime.win-x86
19
DotNetNuke.Core
19
Microsoft.AspNetCore.App.Runtime.win-x64
19
Microsoft.AspNetCore.App.Runtime.win-arm
18
Microsoft.AspNetCore.App.Runtime.osx-x64
17
Microsoft.AspNetCore.App.Runtime.linux-arm
17
Microsoft.AspNetCore.App.Runtime.linux-x64
17
Microsoft.AspNetCore.App.Runtime.linux-arm64
17
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
17
Microsoft.AspNetCore.App.Runtime.win-arm64
16
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
16
Microsoft.NETCore.App.Runtime.win-x86
12
Microsoft.AspNetCore.App.Runtime.linux-musl-arm
12
Microsoft.NETCore.App.Runtime.win-x64
12
Microsoft.NETCore.App.Runtime.win-arm64
12
tinymce
11
tinymce/tinymce
11
TinyMCE
11
Microsoft.NetCore.App.Runtime.win-arm
11
Microsoft.NetCore.App.Runtime.win-arm64
11
Microsoft.NetCore.App.Runtime.win-x64
11
Microsoft.NetCore.App.Runtime.win-x86
11
Microsoft.NETCore.App
10
Microsoft.AspNetCore.App.Runtime.osx-arm64
10
Microsoft.AspNetCore.All
10
Umbraco.CMS
10
Microsoft.NETCore.App.Runtime.linux-arm
9
Microsoft.NETCore.App.Runtime.linux-arm64
9
Microsoft.NETCore.App.Runtime.linux-musl-arm64
9
Microsoft.NETCore.App.Runtime.linux-musl-x64
9
Microsoft.NETCore.App.Runtime.linux-x64
9
Microsoft.NETCore.App.Runtime.osx-x64
8
Microsoft.NETCore.App.Runtime.win-arm
8
Microsoft.AspNetCore.App
8
OPCFoundation.NetStandard.Opc.Ua.Core
8
jquery
8
jquery-rails
8
org.webjars.npm:jquery
8
jquery-ui
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
Microsoft.NETCore.App.Runtime.linux-musl-arm
7
CefSharp.Common
7
jQuery
7
Microsoft.NetCore.App.Runtime.linux-musl-arm64
6
Microsoft.NetCore.App.Runtime.osx-x64
6
Microsoft.NetCore.App.Runtime.osx-arm64
6
Microsoft.NetCore.App.Runtime.linux-x64
6
Microsoft.NetCore.App.Runtime.linux-musl-x64
6
Microsoft.NetCore.App.Runtime.linux-musl-arm
6
Microsoft.NetCore.App.Runtime.linux-arm64
6
Microsoft.NetCore.App.Runtime.linux-arm
6
Microsoft.AspNetCore.Mvc.Core
6
System.Text.Encodings.Web
5
Microsoft.AspNetCore.Mvc.Cors
5
System.Net.Http
5
Microsoft.WindowsDesktop.App.Runtime.win-x64
5
Microsoft.WindowsDesktop.App.Runtime.win-x86
5
Microsoft.AspNetCore.Server.Kestrel.Core
5
Microsoft.NETCore.App.Runtime.Mono.osx-x64
5
Microsoft.NETCore.App.Runtime.rhel.6-x64
5
Microsoft.NETCore.App.Runtime.Mono.linux-x64
5
Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64
5
Microsoft.NETCore.App.Runtime.Mono.linux-arm64
5
CefSharp.Wpf.HwndHost
5
CefSharp.Wpf
5
CefSharp.WinForms
5
SixLabors.ImageSharp
5
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64
5
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64
5
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64
5
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64
5
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64
5
Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64
5
Microsoft.NETCore.App.Runtime.Mono.linux-arm
5
org.bouncycastle:bcprov-jdk15to18
4
org.bouncycastle:bcprov-jdk15on
4
System.Net.Http.WinHttpHandler
4
System.Net.Security
4
System.Net.WebSockets.Client
4
Microsoft.AspNetCore.Mvc.Abstractions
4
Microsoft.AspNetCore.Mvc.ApiExplorer
4
Microsoft.AspNetCore.Mvc.DataAnnotations
4
Microsoft.AspNetCore.Mvc.Formatters.Json
4
Microsoft.AspNetCore.Mvc.Formatters.Xml
4
Microsoft.AspNetCore.Mvc.Localization
4
Microsoft.AspNetCore.Mvc.Razor.Host
4
Microsoft.AspNetCore.Mvc.Razor
4
Microsoft.AspNetCore.Mvc.TagHelpers
4
Microsoft.AspNetCore.Mvc.ViewFeatures
4
Microsoft.AspNetCore.Mvc.WebApiCompatShim
4
Microsoft.WindowsDesktop.App.Runtime.win-arm64
4
SSCMS
4
Serenity.Net.Core
4
org.bouncycastle:bcprov-jdk14
4
Microsoft.AspNetCore.Mvc
4
SharpZipLib
4
NuGet.Commands
4
BouncyCastle
4
NuGet.CommandLine
4
OPCFoundation.NetStandard.Opc.Ua
4
AjaxNetProfessional
4
OPCFoundation.NetStandard.Opc.Ua.Server
3
Umbraco.Cms.Core
3
Umbraco.Cms.Web.BackOffice
3
Microsoft.Native.Quic.MsQuic.OpenSSL
3
Microsoft.Native.Quic.MsQuic.Schannel
3
System.Security.Cryptography.Xml
3
django-tinymce
3
wix
3
Sustainsys.Saml2
3
Microsoft.NETCore.App.Runtime.osx-arm64
3
System.Private.Uri
3
UmbracoCms
3
CefSharp.Common.NETCore
3
UmbracoCms.Core
3
Azure.Identity
3
org.bouncycastle:bcpkix-jdk18on
3
org.bouncycastle:bctls-jdk15to18
3
org.bouncycastle:bctls-jdk14
3
org.bouncycastle:bctls-jdk18on
3
org.bouncycastle:bcpkix-jdk15to18
3
org.bouncycastle:bcpkix-jdk14
3
BouncyCastle.Cryptography
3
org.bouncycastle:bcprov-jdk18on
3
Microsoft.NETCore.App.Runtime.Mono.ios-arm64
2
Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.ios-arm
2
Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64
2
Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.android-arm
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm
2
Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.android-arm64
2
Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.android-x64
2
Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86
2
Microsoft.NETCore.App.Runtime.Mono.android-x86
2
Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64
2
Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64
2
Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64
2
Microsoft.NETCore.App.Runtime.Mono.browser-wasm
2
Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64
2
Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64
2
moment
2
Moment.js
2
Snowflake.Data
2
starkbank-ecdsa
2
System.Management.Automation
2
UmbracoCMS.Core
2
Microsoft.NETCore.App.Runtime.browser-wasm
2
ServiceStack
2
Microsoft.Owin
2
Microsoft.AspNetCore.Http.Connections
2
jquery-validation
2
Microsoft.Identity.Client
2
jQuery.Validation
2
DisCatSharp
2
PeterO.Cbor
2
sharpcompress
2
Bootstrap.Less
2
bootstrap
2
bootstrap.sass
2
System.Data.SqlClient
2
Microsoft.Data.SqlClient
2
Google.Protobuf
2
google/protobuf
2
github.com/protocolbuffers/protobuf
2
Filter by Repository