Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

nuget

nuget

744,963 packages · nuget.org

Moderate Security Advisories in nuget Clear Filters

Moderate
about 24 hours ago

FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint GSA_kwCzR0hTQS02Y3d4LTQyaHctdzY5Y84ABMyj

nuget FormCMS
Moderate
5 days ago

PiranhaCMS stored XSS GSA_kwCzR0hTQS00NTZ2LWY0MjUtOG1jds4ABMte

nuget Piranha
Moderate
8 days ago

DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile GSA_kwCzR0hTQS1qYzRnLWM4d3ctNTczOM4ABMkF

nuget DotNetNuke.Core
Moderate
9 days ago

DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field GSA_kwCzR0hTQS03cmNjLXE2cnEtanBjbc4ABMii

nuget DotNetNuke.Core
Moderate
9 days ago

DNN allows loading unused themes on anonymous clients through query parameters GSA_kwCzR0hTQS13cTJqLXc5cG0tN3gycM4ABMbR

nuget DotNetNuke.Core
Moderate
15 days ago

Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain GSA_kwCzR0hTQS13N3IzLW1nd2YtNG1xcc4ABMRD

nuget KubernetesClient
Moderate
about 1 month ago

FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS00ZnhmLXhncm0tOGZjas4ABLhm

nuget FormCMS
Moderate
about 1 month ago

ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree GSA_kwCzR0hTQS02aGd3LTZ4ODctNTc4eM4ABLZ9

nuget Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-x64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Moderate
2 months ago

SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks GSA_kwCzR0hTQS1yeG1xLW03OHctN3dtY84ABKp-

nuget SixLabors.ImageSharp
Moderate
2 months ago

Umbraco Delivery API allows for cached requests to be returned with an invalid API key GSA_kwCzR0hTQS03NXZxLXF2aHItN2Zmcs4ABKnl

nuget Umbraco.Cms.Api.Delivery
Moderate
3 months ago

Umbraco CMS disclosure of configured password requirements GSA_kwCzR0hTQS1wZ3ZjLTZoMnAtcTRmNs4ABJYa

nuget Umbraco.Cms
Moderate
3 months ago

DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed GSA_kwCzR0hTQS13d2M5LXdtbTMtMnBtZs4ABJSi

nuget DNN.PLATFORM
Moderate
3 months ago

DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects GSA_kwCzR0hTQS1wZjRoLXZydjYtY212cs4ABJSh

nuget DNN.PLATFORM
Moderate
4 months ago

Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates GSA_kwCzR0hTQS1weDJjLXI5MjQtbXdjY84ABJPC

nuget CouchbaseNetClient
Moderate
4 months ago

Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads GSA_kwCzR0hTQS1mcjZyLXA4aHYteDNjNM4ABIpe

nuget Umbraco.Cms
Moderate
4 months ago

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline GSA_kwCzR0hTQS1tNGhmLWZ4Y2ctY3AzNM4ABIVH

nuget DotNetNuke.Core
Moderate
4 months ago

Reflected Cross-Site Scripting (XSS) in module actions in edit mode GSA_kwCzR0hTQS03OW0zLXJ2eDItM3FxOc4ABIVG

nuget DotNetNuke.Core, DotNetNuke.Web
Moderate
5 months ago

Umbraco Makes User Enumeration Feasible Based on Timing of Login Response GSA_kwCzR0hTQS00ZzhtLTVtajUtYzh4Z84ABHiN

nuget Umbraco.Cms
Moderate
6 months ago

Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs GSA_kwCzR0hTQS1ycHE4LXE0NG0tMnJwZ84ABGqA

nuget Microsoft.Identity.Abstractions, Microsoft.Identity.Web
Moderate
6 months ago

DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) GSA_kwCzR0hTQS0zZjd2LXF4OTQtNjY2bc4ABGn9

nuget DotNetNuke.Core
Moderate
7 months ago

Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content GSA_kwCzR0hTQS13eDVoLXdxZnEtdjY5OM4ABFSM

nuget Umbraco.Cms.Web.Backoffice
Moderate
7 months ago

Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality GSA_kwCzR0hTQS02ZmZnLW1qZzctNTg1eM4ABFSL

nuget Umbraco.Cms.Api.Management
Moderate
7 months ago

OpenTelemetry .NET has Denial of Service (DoS) Vulnerability in API Package GSA_kwCzR0hTQS04Nzg1LXdjM3ctaDhxNs4ABFIu

nuget OpenTelemetry.Api
Moderate
7 months ago

Security Update for the OPC UA .NET Standard Stack GSA_kwCzR0hTQS1oOTU4LWZ4Z2ctZzd3M84ABFBN

nuget OPCFoundation.NetStandard.Opc.Ua.Core
Moderate
7 months ago

Security Update for the OPC UA .NET Standard Stack GSA_kwCzR0hTQS00cmNjLTdwZzctZjU3Zs4ABFBM

nuget OPCFoundation.NetStandard.Opc.Ua.Bindings.Https
Moderate
7 months ago

AutoQueryable leaks sensitive information GSA_kwCzR0hTQS1tNG1tLTUzNGgtNWNwNc4ABEqi

nuget AutoQueryable
Moderate
7 months ago

Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens GSA_kwCzR0hTQS1xeGo3LTJ4N3ctM21wcM4ABEoj

nuget Duende.AccessTokenManagement
Moderate
8 months ago

TShock allows chat while not fully connected, possible ban evasion GSA_kwCzR0hTQS1mOG14LWN3ZmgtN2hyMs4ABEGC

nuget tshock
Moderate
8 months ago

Snowflake.Data has weak temporary files permissions GSA_kwCzR0hTQS0ybXF3LXJxNW0tOGhjOM4ABD7O

nuget Snowflake.Data
Moderate
8 months ago

XSS/HTML Injection Vulnerability in Umbraco Preview Badge GSA_kwCzR0hTQS02OWNnLXc4dm0taDIyOc4ABDo-

nuget Umbraco.Cms
Moderate
8 months ago

Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes GSA_kwCzR0hTQS1obWc0LXd3bTUtcDk5Oc4ABDo8

nuget Umbraco.Cms
Moderate
8 months ago

XSS/HTML Injection Vulnerability in Umbraco Backoffice Components GSA_kwCzR0hTQS13djh2LXJtdzItMjV3Y84ABDow

npm, nuget @umbraco-cms/backoffice, Umbraco.Cms.StaticAssets
Moderate
9 months ago

Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length GSA_kwCzR0hTQS05djhtLXF2MjItZjI2OM4ABDXF

nuget Umbraco.Forms, UmbracoForms
Moderate
9 months ago

Piranha CMS Cross-site Scripting vulnerability GSA_kwCzR0hTQS1tbXg4LXZyZmctaGZtcc4ABCqI

nuget Piranha
Moderate
9 months ago

Piranha CMS Cross-site Scripting vulnerability GSA_kwCzR0hTQS1jbXdwLTQ0MngtM3Jjds4ABCqF

nuget Piranha
Moderate
9 months ago

Oqtane Framework Insecure Direct Object Reference vulnerability GSA_kwCzR0hTQS1oaGN3LXd3eHYtZzk1Y84ABCp7

nuget Oqtane.Server, Oqtane.Framework
Moderate
10 months ago

Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications GSA_kwCzR0hTQS1qNnZtLTRyN2cteDRncs4ABB4Y

nuget Devolutions.XTS.NET
Moderate
11 months ago

HTTP Client uses incorrect token after refresh GSA_kwCzR0hTQS03bXI3LTRmNTQtdmN4Nc4ABBEa

nuget Duende.AccessTokenManagement.OpenIdConnect
Moderate
11 months ago

ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e

nuget ICG.AspNetCore.Utilities.CloudStorage
Moderate
11 months ago

MPXJ has a Potential Path Traversal Vulnerability GSA_kwCzR0hTQS1qOTQ1LWM0NHYtOTdnNs4ABAt9

nuget, pypi, rubygems, maven MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
Moderate
11 months ago

Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out GSA_kwCzR0hTQS13eHc5LTZwdjktYzN4Y84ABAkj

nuget Umbraco.CMS
Moderate
11 months ago

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice GSA_kwCzR0hTQS01OTU1LWN3djQtaDdxaM4ABAki

nuget Umbraco.Cms, UmbracoCms
Moderate
11 months ago

Umbraco CMS logout page displayed before session expiration GSA_kwCzR0hTQS1mcDZxLWdjY3ctN3Fxbc4ABAkh

nuget UmbracoCMS, Umbraco.CMS
Moderate
11 months ago

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section GSA_kwCzR0hTQS1jNWc2LTZ4ZjctcXhwM84ABAkf

npm, nuget @umbraco-cms/backoffice, Umbraco.Cms.StaticAssets
Moderate
12 months ago

Security Update for the OPC UA .NET Standard Stack GSA_kwCzR0hTQS03dmZoLWNxcGMtNDI2N84ABAbj

nuget OPCFoundation.NetStandard.Opc.Ua.Core, OPCFoundation.NetStandard.Opc.Ua
Moderate
12 months ago

MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow GSA_kwCzR0hTQS00cW00LThoZzItZzJ4bc4ABAZj

nuget MessagePack
Moderate
about 1 year ago

CRLF Injection in RestSharp's `RestRequest.AddHeader` method GSA_kwCzR0hTQS00cnI2LTJ2OXYtd2NwY84AA_CY

nuget RestSharp
Moderate
about 1 year ago

Serilog Client IP Spoofing vulnerability GSA_kwCzR0hTQS01eDVxLWNxZjYtZ2o4cs4AA_CL

nuget Serilog.Enrichers.ClientInfo
Moderate
about 1 year ago

Umbraco CMS Improper Access Control vulnerability GSA_kwCzR0hTQS1ocnd3LXgzZnEteGN2aM4AA-z9

nuget Umbraco.Cms
Moderate
about 1 year ago

Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information GSA_kwCzR0hTQS03N2dqLWNyaHAtM2d2eM4AA-zy

nuget Umbraco.Cms.Api.Management
Moderate
about 1 year ago

Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability GSA_kwCzR0hTQS0zcjM0LXI2dzMtZnFwNs4AA-np

nuget Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Moderate
about 1 year ago

IdentityServer Open Redirect vulnerability GSA_kwCzR0hTQS01NXA3LXYyMjMteDM2Ns4AA-TC

nuget IdentityServer4
Moderate
about 1 year ago

IdentityServer Open Redirect vulnerability GSA_kwCzR0hTQS1mZjRxLTY0amMtZ3g5OM4AA-Sq

nuget IdentityServer4, Duende.IdentityServer
Moderate
about 1 year ago

SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder GSA_kwCzR0hTQS1xeHJ2LWdwNngtcmMyM84AA-FP

nuget SixLabors.ImageSharp
Moderate
about 1 year ago

Bootstrap Cross-Site Scripting (XSS) vulnerability GSA_kwCzR0hTQS12Yzh3LWpyOXYtdmo3Zs4AA90M

nuget, rubygems, npm bootstrap.sass, bootstrap
Moderate
over 1 year ago

Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality GSA_kwCzR0hTQS1ycGo5LXhqd20td3I2d84AA8jG

nuget Umbraco.Commerce
Moderate
over 1 year ago

Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane GSA_kwCzR0hTQS1ndnBjLTNwajYtNG05d84AA8W2

nuget UmbracoCms.Core
Moderate
over 1 year ago

Umbraco CMS Open Redirect Bypass Protection GSA_kwCzR0hTQS1qNzRxLW12MmMtcnhtcM4AA8Wz

nuget Umbraco.Cms.Web.BackOffice, UmbracoCms.Core
Moderate
over 1 year ago

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability GSA_kwCzR0hTQS1oaGM3LXg5dzQtY3c0N84AA8EU

nuget Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm
Moderate
over 1 year ago

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability GSA_kwCzR0hTQS03ZmNyLThxdzYtOTJmcs4AA8ET

nuget Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Moderate
over 1 year ago

Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability GSA_kwCzR0hTQS13Y2h4LXJtNmgtN2pmNs4AA8Cf

nuget Microsoft.PowerBI.JavaScript
Moderate
over 1 year ago

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") GSA_kwCzR0hTQS12NDM1LXhjOHgtd3ZyOc4AA76H

nuget, maven BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on, org.bouncycastle:bctls-fips
Moderate
over 1 year ago

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. GSA_kwCzR0hTQS04eGZjLWdtNmctdmdwds4AA75b

nuget, maven BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bc-fips, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Moderate
over 1 year ago

Umbraco Workflow's Backoffice users can execute arbitrary SQL GSA_kwCzR0hTQS0yODdmLTQ2ajctajR3aM4AA7R8

nuget Plumber.Workflow, Umbraco.Workflow
Moderate
over 1 year ago

Blind SSRF Leads to Port Scan by using Webhooks GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7

nuget Umbraco.Cms.Web.BackOffice, Umbraco.Cms.Core
Moderate
over 1 year ago

SixLabors.ImageSharp vulnerable to data leakage GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg

nuget SixLabors.ImageSharp
Moderate
over 1 year ago

SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf

nuget SixLabors.ImageSharp
Moderate
over 1 year ago

Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore GSA_kwCzR0hTQS12aDJtLTIyeHgtcTk0Zs4AA6-B

nuget OpenTelemetry.Instrumentation.AspNetCore, OpenTelemetry.Instrumentation.Http
Moderate
over 1 year ago

Azure Identity Library for .NET Information Disclosure Vulnerability GSA_kwCzR0hTQS13dnhjLTg1NWYtanZyds4AA6y0

nuget Azure.Identity
Moderate
over 1 year ago

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te

packagist, nuget, npm tinymce/tinymce, TinyMCE, tinymce
Moderate
over 1 year ago

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td

nuget, npm, packagist TinyMCE, tinymce, tinymce/tinymce
Moderate
over 1 year ago

FullStackHero's WebAPI Boilerplate host header injection vulnerability GSA_kwCzR0hTQS03NXgyLTZoNG0taDZteM4AA5oj

nuget FullStackHero.WebAPI.Boilerplate
Moderate
over 1 year ago

Cross-site Scripting in Serenity GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi

npm, nuget @serenity-is/corelib, Serenity.Net.Core
Moderate
over 1 year ago

.NET Information Disclosure Vulnerability GSA_kwCzR0hTQS12aDU1LTc4Nmctd2p3as4AA5C3

nuget Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.win-x64, System.Security.Cryptography.Xml
Moderate
over 1 year ago

Microsoft ASP.NET Core project templates vulnerable to denial of service GSA_kwCzR0hTQS01OWo3LWdocmctZmo1Ms4AA4Tk

nuget Microsoft.IdentityModel.JsonWebTokens, System.IdentityModel.Tokens.Jwt
Moderate
over 1 year ago

OWASP.AntiSamy mXSS when preserving comments GSA_kwCzR0hTQS04eDZmLTk1NmYtcTQzd84AA4Jk

nuget OWASP.AntiSamy
Moderate
almost 2 years ago

Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) GSA_kwCzR0hTQS1od2NjLTRjdjgtY2YzaM4AA4AE

nuget Snowflake.Data
Moderate
almost 2 years ago

Privilege Escalation using Spoofing GSA_kwCzR0hTQS1jZnI1LTdwNTQtNHFnOM4AA3ud

nuget Umbraco.CMS
Moderate
almost 2 years ago

DOM-XSS on Backoffice login screen. GSA_kwCzR0hTQS12OThtLTM5OHgtMjY5cs4AA3ub

nuget Umbraco.CMS
Moderate
almost 2 years ago

Ajax Pro Cross-site Scripting GSA_kwCzR0hTQS04djZqLWdjNzQtZm1wcM4AA3hz

nuget AjaxNetProfessional
Moderate
almost 2 years ago

TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj

nuget, packagist, npm TinyMCE, tinymce/tinymce, tinymce
Moderate
almost 2 years ago

Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability GSA_kwCzR0hTQS0zZngzLTg1cjQtOGozd84AA3Hx

nuget Microsoft.AspNetCore.Components
Moderate
almost 2 years ago

TinyMCE XSS vulnerability in notificationManager.open API GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG

packagist, nuget, npm tinymce/tinymce, TinyMCE, tinymce
Moderate
almost 2 years ago

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF

packagist, nuget, npm tinymce/tinymce, TinyMCE, tinymce
Moderate
almost 2 years ago

Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free GSA_kwCzR0hTQS1qcmYyLWg1ajYtM3Jycc4AA2kC

nuget Bunkum
Moderate
almost 2 years ago

Microsoft Common Data Model SDK Denial of Service Vulnerability GSA_kwCzR0hTQS12bTJtLTdocHctZnBtcc4AA2XX

pypi, maven, nuget commondatamodel-objectmodel, com.microsoft.commondatamodel:objectmodel, Microsoft.CommonDataModel.ObjectModel
Moderate
almost 2 years ago

HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content GSA_kwCzR0hTQS00M2NwLTZwM3EtMnBjNM4AA2Px

nuget HtmlSanitizer
Moderate
about 2 years ago

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability GSA_kwCzR0hTQS1oM2h2LTYzcTUtamdwcs4AA11k

nuget Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-arm64
Moderate
over 2 years ago

SSCMS vulnerable to Cross Site Scripting GSA_kwCzR0hTQS02M2M2LXc1NTYtM2g3cc4AAzc2

nuget SSCMS
Moderate
over 2 years ago

Exposure of Sensitive Information in OPC UA .NET Standard Reference Server GSA_kwCzR0hTQS00Y3ZwLWhyNjMtODIyas4AAzGJ

nuget OPCFoundation.NetStandard.Opc.Ua.Server, OPCFoundation.NetStandard.Opc.Ua.Core
Moderate
over 2 years ago

User account enumeration in Serenity GSA_kwCzR0hTQS13N2ptLTl4NG0tOHFjM84AAy_c

nuget Serenity.Net.Web, Serenity.Net.Core
Moderate
over 2 years ago

Cross Site Scripting (XSS) in Serenity GSA_kwCzR0hTQS05M2g2LXd4N3ItbWdmcM4AAy_b

nuget Serenity.Net.Services, Serenity.Net.Core
Moderate
over 2 years ago

Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader GSA_kwCzR0hTQS0zdzl3LTk4MzMtZ2Nwds4AAxJI

nuget directxtex_uwp, directxtex_desktop_win10, directxtex_desktop_2019
Moderate
almost 3 years ago

Cross-site scripting vulnerability in TinyMCE alerts GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk

nuget, packagist, npm TinyMCE, tinymce/tinymce, tinymce
Moderate
almost 3 years ago

DSInternals Credential Roaming Elevation of Privilege Vulnerability GSA_kwCzR0hTQS12eDJ4LTljZmYtZmhqd84AAwLo

nuget DSInternals.Common
Moderate
almost 3 years ago

Remote code execution vulnerability in dependency System.Drawing.Common GSA_kwCzR0hTQS1ncHY1LXJwNnctNThyOM4AAv_m

nuget Akka
Moderate
almost 3 years ago

.NET Information Disclosure Vulnerability GSA_kwCzR0hTQS04ZzJwLTVwcWgtNWptY84AAvv2

nuget Microsoft.Data.SqlClient, System.Data.SqlClient
Moderate
almost 3 years ago

.NET Core Information Disclosure Vulnerability GSA_kwCzR0hTQS12Z3dxLWhmcWMtNTh3ds4AAvfI

nuget Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-arm64, Microsoft.NETCore.App.Runtime.win-arm, Microsoft.NETCore.App.Runtime.osx-x64, Microsoft.NETCore.App.Runtime.Mono.osx-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64, Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64, Microsoft.NETCore.App.Runtime.Mono.linux-x64, Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64, Microsoft.NETCore.App.Runtime.Mono.linux-arm64, Microsoft.NETCore.App.Runtime.Mono.linux-arm, Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm, Microsoft.NETCore.App.Runtime.rhel.6-x64, Microsoft.NETCore.App
Moderate
almost 3 years ago

.NET Remote Code Execution Vulnerability GSA_kwCzR0hTQS1jNnc4LTdtcDMtMzRqOc4AAvat

nuget Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64, Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64, Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm, Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm, Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86, Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64, Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64, Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm, Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-arm64, Microsoft.NETCore.App.Runtime.win-arm, Microsoft.NETCore.App.Runtime.osx-x64, Microsoft.NETCore.App.Runtime.Mono.osx-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64, Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64, Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64, Microsoft.NETCore.App.Runtime.Mono.linux-x64, Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64, Microsoft.NETCore.App.Runtime.Mono.linux-arm64, Microsoft.NETCore.App.Runtime.Mono.linux-arm, Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm
Moderate
almost 3 years ago

OrchardCore vulnerable to HTML injection GSA_kwCzR0hTQS01Z2c5LWd3ajQtbXFtas4AAvKC

nuget OrchardCore

Filter by Severity

High 429 Moderate 199 Critical 47 Low 31

Filter by Package

DotNetNuke.Core 17 tinymce 9 TinyMCE 9 tinymce/tinymce 9 Microsoft.ChakraCore 8 Umbraco.Cms 7 jquery-ui 6 org.webjars.npm:jquery-ui 6 bootstrap 6 jQuery.UI.Combined 6 Microsoft.NETCore.App.Runtime.linux-musl-arm64 5 bootstrap.sass 5 Microsoft.NETCore.App.Runtime.linux-arm64 5 Umbraco.CMS 4 UmbracoCms 4 Microsoft.NETCore.App.Runtime.win-arm64 4 Microsoft.NETCore.App.Runtime.win-arm 4 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 4 Microsoft.AspNetCore.All 4 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 4 org.webjars:bootstrap 4 Microsoft.NETCore.App.Runtime.linux-musl-x64 4 OPCFoundation.NetStandard.Opc.Ua 4 Microsoft.NETCore.App.Runtime.Mono.linux-x64 4 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 4 Piranha 4 bootstrap 4 jQuery 4 Microsoft.NETCore.App.Runtime.Mono.linux-arm 4 jquery 4 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 4 Microsoft.NETCore.App.Runtime.osx-x64 4 twbs/bootstrap 4 Microsoft.NETCore.App.Runtime.Mono.linux-arm64 4 Microsoft.NETCore.App 4 OPCFoundation.NetStandard.Opc.Ua.Core 4 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 4 Microsoft.NETCore.App.Runtime.linux-arm 4 Microsoft.NETCore.App.Runtime.Mono.osx-x64 4 Microsoft.NETCore.App.Runtime.win-x86 4 Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 4 Microsoft.NETCore.App.Runtime.win-x64 4 Microsoft.NETCore.App.Runtime.linux-x64 4 Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 4 SixLabors.ImageSharp 4 SharpZipLib 3 jquery-ui-rails 3 org.webjars.npm:jquery 3 UmbracoCms.Core 3 SSCMS 3 bootstrap-sass 3 bootstrap-sass 3 Microsoft.AspNetCore.App 3 Microsoft.NETCore.App.Runtime.linux-musl-arm 3 Serenity.Net.Core 3 Microsoft.AspNetCore.App.Runtime.linux-x64 2 OPCFoundation.NetStandard.Opc.Ua.Server 2 Umbraco.Cms.Web.BackOffice 2 Microsoft.NetCore.App.Runtime.linux-musl-arm 2 Microsoft.NetCore.App.Runtime.osx-x64 2 Microsoft.AspNetCore.App.Runtime.osx-arm64 2 Umbraco.Cms.StaticAssets 2 DotNetNuke.Web 2 Microsoft.NetCore.App.Runtime.linux-musl-x64 2 Microsoft.NetCore.App.Runtime.win-arm 2 DNN.PLATFORM 2 Microsoft.AspNetCore.App.Runtime.win-arm 2 Microsoft.NetCore.App.Runtime.linux-arm 2 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 2 Microsoft.NetCore.App.Runtime.win-x64 2 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 2 Microsoft.NetCore.App.Runtime.osx-arm64 2 org.bouncycastle:bctls-jdk14 2 Microsoft.NetCore.App.Runtime.win-x86 2 Microsoft.AspNetCore.App.Runtime.win-x64 2 Microsoft.NetCore.App.Runtime.win-arm64 2 OrchardCore 2 Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm 2 Microsoft.AspNetCore.App.Runtime.win-arm64 2 Microsoft.AspNetCore.App.Runtime.osx-x64 2 Microsoft.AspNetCore.Mvc 2 Microsoft.NETCore.App.Runtime.rhel.6-x64 2 Microsoft.NETCore.App.Runtime.browser-wasm 2 org.bouncycastle:bctls-jdk15to18 2 @umbraco-cms/backoffice 2 Umbraco.Cms.Api.Management 2 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 2 NuGet.Commands 2 FormCMS 2 BouncyCastle.Cryptography 2 ServiceStack 2 Microsoft.AspNetCore.App.Runtime.linux-arm 2 org.bouncycastle:bcprov-jdk15on 2 Microsoft.AspNetCore.App.Runtime.linux-arm64 2 sharpcompress 2 org.bouncycastle:bctls-jdk18on 2 IdentityServer4 2 bootstrap 2 org.bouncycastle:bcprov-jdk15to18 2 Microsoft.AspNetCore.Server.Kestrel.Core 2 Microsoft.AspNetCore.App.Runtime.win-x86 2 Microsoft.NetCore.App.Runtime.linux-x64 2 Microsoft.NetCore.App.Runtime.linux-musl-arm64 2 org.bouncycastle:bcprov-jdk14 2 Microsoft.NetCore.App.Runtime.linux-arm64 2 org.bouncycastle:bcprov-jdk18on 2 Snowflake.Data 2 BouncyCastle 2 Azure.Storage.Queues 1 System.ServiceModel.Http 1 Duende.AccessTokenManagement.OpenIdConnect 1 GleamTech.FileUltimate 1 UmbracoCMS 1 Microsoft.Identity.Abstractions 1 Microsoft.NETCore.App.Host.win-x64 1 OpenTelemetry.Instrumentation.AspNetCore 1 CefSharp.Common 1 CoreFtp 1 MessagePack 1 OrchardCore.Application.Cms.Targets 1 bootstrap-select 1 typo3/cms-core 1 Microsoft.AspNetCore.Mvc.Cors 1 UmbracoCMS.Core 1 RestSharp 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64 1 System.Private.ServiceModel 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64 1 SSH.NET 1 Microsoft.AspNetCore.Mvc.Localization 1 Oqtane.Framework 1 KubernetesClient 1 net.sf.mpxj-for-vb 1 directxtex_uwp 1 CefSharp.Wpf 1 Microsoft.AspNetCore.Mvc.Core 1 Microsoft.NETCore.App.Runtime.android-arm64 1 DSInternals.Common 1 OWASP.AntiSamy 1 System.Text.Encodings.Web 1 log4net 1 ZKEACMS.Publisher 1 Microsoft.AspNetCore.Mvc.ApiExplorer 1 CouchbaseNetClient 1 Magick.NET-Q8-x86 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86 1 Magick.NET-Q16-AnyCPU 1 mongodb.driver 1 net.sf.mpxj 1 Microsoft.PowerBI.JavaScript 1 Umbraco.Cms.Api.Delivery 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64 1 Umbraco.Cms.Web.Backoffice 1 @serenity-is/corelib 1 CefSharp.Wpf.HwndHost 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86 1 Magick.NET-Q16-HDRI-x86 1 Microsoft.NETCore.App.Runtime.ios-x64 1 Magick.NET-Q16-x64 1 Microsoft.Rest.ClientRuntime 1 HtmlSanitizer 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64 1 Microsoft.NETCore.App.Runtime.ios-arm 1 System.Net.Http 1 CuteEditor 1 Microsoft.NETCore.App.Host.linux-arm 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64 1 Serilog.Enrichers.ClientInfo 1 System.Private.Uri 1 Magick.NET-Q16-HDRI-x64 1 Magick.NET-Q16-OpenMP-arm64 1 System.IdentityModel.Tokens.Jwt 1 commondatamodel-objectmodel 1 Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm 1 ICG.AspNetCore.Utilities.CloudStorage 1 Serenity.Net.Web 1 Microsoft.NETCore.App.Runtime.android-arm 1 tshock 1 Microsoft.NETCore.App.Host.linux-x64 1 Microsoft.AspNetCore.Mvc.Formatters.Xml 1 Magick.NET-Q8-x64 1 Microsoft.AspNetCore.Server.IIS 1 FullStackHero.WebAPI.Boilerplate 1 Microsoft.NETCore.App.Host.rhel.6-x64 1 MPXJ.Net 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm 1 compu-brotli-sys 1 Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64 1 Magick.NET-Q16-HDRI-AnyCPU 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64 1 net.sf.mpxj-for-csharp 1 Magick.NET-Q16-HDRI-OpenMP-arm64 1 Microsoft.AspNetCore.Mvc.ViewFeatures 1 azure-storage-blob 1 Microsoft.AspNetCore.Mvc.WebApiCompatShim 1 umbraco 1 Bunkum 1 Microsoft.NETCore.App.Host.linux-musl-arm64 1 com.azure:azure-storage-blob 1

Filter by Repository

https://github.com/umbraco/Umbraco-CMS 23 https://github.com/dnnsoftware/Dnn.Platform 9 https://github.com/tinymce/tinymce 9 https://github.com/dotnet/runtime 8 https://github.com/OPCFoundation/UA-.NETStandard 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/github/advisory-database 6 https://github.com/jquery/jquery 5 https://github.com/jquery/jquery-ui 5 https://github.com/PiranhaCMS/piranha.core 4 https://github.com/SixLabors/ImageSharp 4 https://github.com/twbs/bootstrap 4 https://github.com/icsharpcode/SharpZipLib 3 https://github.com/dotnet/aspnetcore 3 https://github.com/Azure/azure-sdk-for-net 2 https://github.com/DuendeSoftware/IdentityServer 2 https://github.com/ServiceStack/ServiceStack 2 https://github.com/serenity-is/Serenity 2 https://github.com/adamhathcock/sharpcompress 2 https://github.com/open-telemetry/opentelemetry-dotnet 2 https://github.com/siteserver/cms 2 https://github.com/snowflakedb/snowflake-connector-net 2 https://github.com/bcgit/bc-csharp 2 https://github.com/orchardcms/orchardcore 2 https://github.com/FormCms/FormCms 2 https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage 1 https://github.com/kubernetes/kubernetes 1 https://github.com/microsoft/DirectXTex 1 https://github.com/NuGet/NuGet.Client 1 https://github.com/DuendeSoftware/Duende.AccessTokenManagement 1 https://github.com/SeriaWei/ZKEACMS 1 https://github.com/dnnsoftware/dnn.platform 1 https://github.com/restsharp/RestSharp 1 https://github.com/neuecc/MessagePack-CSharp 1 https://github.com/umbraco/Umbraco.Workflow.Issues 1 https://github.com/mongodb/mongo-csharp-driver 1 https://github.com/umbraco/Umbraco.Commerce.Issues 1 https://github.com/couchbase/couchbase-net-client 1 https://github.com/mganss/HtmlSanitizer 1 https://github.com/pentesttoolscom/vulnerability-research 1 https://github.com/Sustainsys/Saml2 1 https://github.com/oqtane/oqtane.framework 1 https://github.com/MessagePack-CSharp/MessagePack-CSharp 1 https://github.com/snapappointments/bootstrap-select 1 https://github.com/DuendeSoftware/foss 1 https://github.com/haf/DotNetZip.Semverd 1 https://github.com/LittleBigRefresh/Bunkum 1 https://github.com/AzureAD/microsoft-identity-web 1 https://github.com/joniles/mpxj 1 https://github.com/dotnet/corefx 1 https://github.com/umbraco/Umbraco.Forms.Issues 1 https://github.com/spassarop/antisamy-dotnet 1 https://github.com/OPCFoundation/UA-.NET-Legacy 1 https://gitlab.com/eLeN3Re/cve-2020-9472 1 https://github.com/Aiko-IT-Systems/DisCatSharp 1 https://github.com/PowerShell/PowerShell 1 https://github.com/apache/logging-log4net 1 https://github.com/cefsharp/CefSharp 1 https://github.com/Devolutions/XTS.NET 1 https://github.com/michaelschwarz/Ajax.NET-Professional 1 https://github.com/OrchardCMS/OrchardCore 1 https://github.com/MichaelGrafnetter/DSInternals 1 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet 1 https://github.com/NuGet/Home 1 https://github.com/Pryaxis/TShock 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/akkadotnet/akka.net 1 https://github.com/google/brotli 1 https://github.com/SeppPenner/WindowsHello 1 https://github.com/sshnet/NET 1 https://github.com/serilog-contrib/serilog-enrichers-clientinfo 1 https://github.com/ImageMagick/ImageMagick 1