Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,784

Total Advisories

1,790

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
GHSA-3m8r-w7xg-jqvw CVE-2025-64095 CRITICAL 29 days ago
### Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. ### Description An unaut...
nuget
No PRs yet
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
GHSA-hmvq-8p83-cq52 CVE-2025-64094 MODERATE 29 days ago
### Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. ### Details DNN validates the contents ...
nuget
No PRs yet
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
GHSA-2374-6cvw-qmx6 CVE-2025-62802 MODERATE 29 days ago
### Summary The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other securit...
nuget
No PRs yet
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)
GHSA-9pp9-cfwx-54rm CVE-2025-62171 MODERATE 30 days ago
## Summary CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but **the fix is incomplete and ineffective**. The latest version **7.1.2-5...
nuget
1
Dependabot PRs
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
GHSA-wpp4-vqfq-v4hp CVE-2025-62594 MODERATE about 1 month ago
## Summary A single root cause in the CLAHE implementation — tile width/height becoming zero — produces two distinct but related unsafe behaviors....
nuget
No PRs yet
Piranha CMS vulnerable to stored cross-site scripting (XSS)
GHSA-3qcp-9v8c-6jp7 CVE-2025-61413 MODERATE about 1 month ago
A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web sc...
nuget
No PRs yet
Mammoth is vulnerable to Directory Traversal
GHSA-rmjr-87wv-gf87 CVE-2025-11849 MODERATE about 1 month ago
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the packa...
maven npm nuget +1 more
No PRs yet
Smidge is vulnerable to Path Traversal
GHSA-9rvm-p3qm-f4vv CVE-2025-11842 MODERATE about 1 month ago
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Han...
nuget
No PRs yet
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability
GHSA-4mjw-xr5x-prpc CVE-2025-54539 CRITICAL about 1 month ago
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveM...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability
GHSA-gwq6-fmvp-qp68 CVE-2025-55248 MODERATE about 1 month ago
# Microsoft Security Advisory CVE-2025-55248 | .NET Information Disclosure Vulnerability ## <a name="executive-summary"></a>Executive summary Mic...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability
GHSA-w3q9-fxm7-j8fq CVE-2025-55247 HIGH about 1 month ago
# Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
GHSA-5rrx-jjjq-q2r5 CVE-2025-55315 CRITICAL about 1 month ago
# Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Mic...
nuget
3
Dependabot PRs
Amazon.IonDotnet is vulnerable to Denial of Service attacks
GHSA-q5r6-9qwq-g2wj CVE-2025-11573 HIGH about 2 months ago
### Summary Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under cert...
nuget
No PRs yet
Akka.Remote TLS did not properly implement certificate-based authentication
GHSA-jhpv-4q4f-43g5 CVE-2025-61778 CRITICAL about 2 months ago
### Impact This is a critical network security vulnerability for Akka.Remote **users who have SSL / TLS enabled** on their Akka.Remote connections...
nuget
No PRs yet
FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint
GHSA-6cwx-42hw-w69c CVE-2025-55797 MODERATE about 2 months ago
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to acce...
nuget
No PRs yet
PiranhaCMS stored XSS
GHSA-456v-f425-8mcv CVE-2025-57692 MODERATE 2 months ago
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitr...
nuget
No PRs yet
DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
GHSA-jc4g-c8ww-5738 CVE-2025-59821 MODERATE 2 months ago
# Summary A reflected cross-site scripting (XSS) vulnerability exists under certain conditions, using a specially crafter url to view a user profil...
nuget
No PRs yet
DNN Vulnerable to Stored XSS Using Backend Admin Credentials
GHSA-gj8m-5492-q98h CVE-2025-59546 LOW 2 months ago
# Summary Users that can edit modules could set a title that includes scripts. # Description Some users (administrators and content editors) can s...
nuget
No PRs yet
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
GHSA-2qxc-mf4x-wr29 CVE-2025-59545 CRITICAL 2 months ago
# Summary The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be...
nuget
No PRs yet
DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field
GHSA-7rcc-q6rq-jpcm CVE-2025-59539 MODERATE 2 months ago
## Summary Users can use special syntax to inject javascript code in their profile biography field. Although there was sanitization in place, it di...
nuget
No PRs yet
DNN allows loading unused themes on anonymous clients through query parameters
GHSA-wq2j-w9pm-7x2p CVE-2025-59535 MODERATE 2 months ago
### Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page...
nuget
No PRs yet
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain
GHSA-w7r3-mgwf-4mqq CVE-2025-9708 MODERATE 2 months ago
A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certif...
nuget
No PRs yet
ImageMagick BlobStream Forward-Seek Under-Allocation
GHSA-23hg-53q6-hqfg CVE-2025-57807 LOW 3 months ago
**Reporter:** Lumina Mescuwa **Product:** ImageMagick 7 (MagickCore) **Component:** `MagickCore/blob.c` (Blob I/O - BlobStream) **Tested:** 7...
nuget
No PRs yet
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability
GHSA-4fxf-xgrm-8fcj CVE-2025-56236 MODERATE 3 months ago
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files ...
nuget
No PRs yet
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow
GHSA-mxvv-97wh-cfmm CVE-2025-57803 HIGH 3 months ago
## Summary A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses `bytes_per_line` (stride) to a tiny value while th...
nuget
No PRs yet
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution
GHSA-9ccg-6pjw-x645 CVE-2025-55298 HIGH 3 months ago
## Summary A format string bug vulnerability exists in `InterpretImageFilename` function where user input is directly passed to `FormatLocaleString...
nuget
No PRs yet
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash
GHSA-fh55-q5pj-pxgw CVE-2025-55212 LOW 3 months ago
## Summary Passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, Thumbn...
nuget
No PRs yet
ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree
GHSA-6hgw-6x87-578x CVE-2025-55160 MODERATE 3 months ago
## Summary - **Target:** ImageMagick (commit `ecc9a5eb456747374bae8e07038ba10b3d8821b3`) - **Type:** Undefined Behavior (function-type-mismatch) in...
nuget
No PRs yet
imagemagick: integer overflows in MNG magnification
GHSA-qp29-wxp5-wh82 CVE-2025-55154 HIGH 3 months ago
## **Vulnerability Details** The magnified size calculations in `ReadOneMNGIMage` (in `coders/png.c`) are unsafe and can overflow, leading to memo...
nuget
No PRs yet
imagemagick: heap-buffer overflow read in MNG magnification with alpha
GHSA-cjc8-g9w8-chfw CVE-2025-55004 HIGH 3 months ago
## **Vulnerability Details** When performing image magnification in `ReadOneMNGIMage` (in `coders/png.c`), there is an issue around the handling o...
nuget
No PRs yet
ImageMagick has a heap-buffer-overflow
GHSA-fff3-4rp7-px97 LOW 3 months ago
### Summary While Processing a crafted TIFF file, imagemagick crashes. ### Details Following is the imagemagick version: ``` imagemagick_git/build...
nuget
No PRs yet
ImageMagick has a Memory Leak in magick stream
GHSA-cfh4-9f7v-fhrc CVE-2025-53019 LOW 3 months ago
## Summary In ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory...
nuget
No PRs yet
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename
GHSA-hm4x-r5hc-794f CVE-2025-53014 LOW 3 months ago
# Heap Buffer Overflow in InterpretImageFilename ## Summary A heap buffer overflow was identified in the `InterpretImageFilename` function of Imag...
nuget
No PRs yet
ImageMagick has a Stack Buffer Overflow in image.c
GHSA-qh3h-j545-h8c9 CVE-2025-53101 HIGH 3 months ago
Hi, we have found a stack buffer overflow and would like to report this issue. Could you confirm if this qualifies as a security vulnerability? I a...
nuget
No PRs yet
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks
GHSA-rxmq-m78w-7wmc CVE-2025-54575 MODERATE 4 months ago
### Impact A specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp G...
nuget
No PRs yet
Umbraco Delivery API allows for cached requests to be returned with an invalid API key
GHSA-75vq-qvhr-7ffr CVE-2025-54425 MODERATE 4 months ago
### Impact Umbraco's [content delivery API](https://docs.umbraco.com/umbraco-cms/reference/content-delivery-api) can be restricted from public acce...
nuget
18
Dependabot PRs
5%
Merged
ImageMagick has XMP profile write that triggers hang due to unbounded loop
GHSA-vmhh-8rxq-fp9g CVE-2025-53015 HIGH 4 months ago
### Summary Infinite lines occur when writing during a specific XMP file conversion command ### Details ``` #0 GetXmpNumeratorAndDenominator (deno...
nuget
5
Dependabot PRs
Umbraco CMS disclosure of configured password requirements
GHSA-pgvc-6h2p-q4f6 CVE-2025-49147 MODERATE 5 months ago
### Impact Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements....
nuget
7
Dependabot PRs
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
GHSA-mgfv-2362-jq96 CVE-2025-52488 HIGH 5 months ago
DNN.PLATFORM allows a specially crafted series of malicious interaction can expose NTLM hashes to a third party SMB server. This vulnerability is f...
nuget
1
Dependabot PRs
DNN.PLATFORM possibly allows bypass of IP Filters
GHSA-fjhg-3mrh-mm7h CVE-2025-52487 HIGH 5 months ago
DNN.PLATFORM allows a specially crafted request or proxy to be created that would bypass the design of DNN Login IP Filters allowing login attempts...
nuget
No PRs yet
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
GHSA-wwc9-wmm3-2pmf CVE-2025-52485 MODERATE 5 months ago
DNN.PLATFORM allows a specially crafted request can inject scripts in the Activity Feed Attachments endpoint which will then render in the feed, re...
nuget
No PRs yet
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
GHSA-pf4h-vrv6-cmvr CVE-2025-52486 MODERATE 5 months ago
DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulne...
nuget
No PRs yet
DotVVM allows path traversal when deployed in Debug mode
GHSA-6q65-j4jw-9cg8 HIGH 5 months ago
### Description There is a path traversal vulnerability in any DotVVM application started in Debug mode, if at least one resource with the `FileRe...
nuget
No PRs yet
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates
GHSA-px2c-r924-mwcc CVE-2025-49015 MODERATE 5 months ago
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability
GHSA-266m-wp2v-x7mq CVE-2025-30399 HIGH 6 months ago
# Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is r...
nuget
No PRs yet
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
GHSA-fr6r-p8hv-x3c4 CVE-2025-48953 MODERATE 6 months ago
### Impact Via a manipulated API request it's possible to upload a file that doesn't adhere with the configured allowable file extensions. ### Pat...
nuget
4
Dependabot PRs
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
GHSA-m4hf-fxcg-cp34 CVE-2025-48378 MODERATE 6 months ago
Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks.
nuget
No PRs yet
Reflected Cross-Site Scripting (XSS) in module actions in edit mode
GHSA-79m3-rvx2-3qq9 CVE-2025-48377 MODERATE 6 months ago
A specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions.
nuget
No PRs yet
DNN site Import could use an external source with a crafted request
GHSA-62mf-vhhw-xmf8 CVE-2025-48376 LOW 6 months ago
A malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported.
nuget
No PRs yet
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability
GHSA-h4j7-5rxr-p4wc CVE-2025-26646 HIGH 7 months ago
# Microsoft Security Advisory CVE-2025-26646: .NET Spoofing Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is relea...
nuget
No PRs yet