Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,785

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
ChakraCore RCE Vulnerability
GHSA-7c7v-g484-j4cf CVE-2018-0993 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra S...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-25vh-gq6v-hrx5 CVE-2018-0979 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra S...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-xmvg-c4x3-9qwp CVE-2018-0980 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra S...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-wc67-4cg3-35wf CVE-2018-0946 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engin...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-5439-x5v5-2vhj CVE-2018-0945 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engin...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-h5hw-qrrw-vfxg CVE-2018-0954 HIGH over 3 years ago
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-phcc-frh9-q545 CVE-2018-0934 HIGH over 3 years ago
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scrip...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-6v8r-83v3-rmrf CVE-2018-0936 HIGH over 3 years ago
ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-6c2v-xc8f-fvf7 CVE-2018-0937 HIGH over 3 years ago
ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, ak...
nuget
No PRs yet
ChakraCore information disclosure vulnerability
GHSA-xgcc-r2f3-rq6p CVE-2018-0939 MODERATE over 3 years ago
ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, ...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-7724-427r-8rvm CVE-2018-0943 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra S...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-wc4x-9h9p-9494 CVE-2018-0930 HIGH over 3 years ago
ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in ...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-h575-j3ph-hjvc CVE-2018-0931 HIGH over 3 years ago
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scrip...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-5q2v-52gc-4w7p CVE-2018-0925 HIGH over 3 years ago
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corrupt...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-3j65-2jcq-w9fr CVE-2018-0933 HIGH over 3 years ago
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scrip...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-wc52-2xwv-h7xr CVE-2018-0873 HIGH over 3 years ago
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the ...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-h9h7-4jfm-3fxr CVE-2018-0872 HIGH over 3 years ago
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-67f9-qmg7-fmcq CVE-2018-0874 HIGH over 3 years ago
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-399v-jg88-3gx6 CVE-2018-0856 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects i...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-7gjv-9m33-chg8 CVE-2018-0858 HIGH over 3 years ago
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corrupt...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-9pvj-pgg9-pvqq CVE-2018-0859 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-j762-mr2c-fmp9 CVE-2018-0838 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-v3xp-3wpq-rvhp CVE-2018-0860 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-q9x6-7hjh-q9fc CVE-2018-0857 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-h9wf-mpvf-9jqg CVE-2018-0837 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-5j48-826p-2w9r CVE-2018-0834 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-m8x8-5ch7-c5w9 CVE-2018-0836 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects i...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-3cwf-pwcg-57xr CVE-2018-0835 HIGH over 3 years ago
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to ho...
nuget
No PRs yet
.NET Core Denial of Service Vulnerability
GHSA-xcvr-qv8h-m7xw CVE-2018-0875 HIGH over 3 years ago
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests ...
nuget
No PRs yet
protobuf susceptible to buffer overflow
GHSA-jwvw-v7c5-m82h CVE-2015-5237 HIGH over 3 years ago
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
nuget packagist pypi
No PRs yet
Code Injection in Masuit.Tools.Core
GHSA-vh38-ghx6-vmvg CVE-2022-21167 HIGH over 3 years ago
All versions of package Masuit.Tools.Core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs comp...
nuget
No PRs yet
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
GHSA-g5c6-w479-93xm CVE-2010-1459 MODERATE over 3 years ago
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers t...
nuget
No PRs yet
CuteSoft CuteEditor Path Traversal vulnerability
GHSA-w327-wq28-3vmf CVE-2009-4665 MODERATE over 3 years ago
Directory traversal vulnerability in `CuteSoft_Client/CuteEditor/Load.ashx` in CuteSoft Components Cute Editor for ASP.NET allows remote attackers ...
nuget
No PRs yet
DotNetNuke Vulnerable to XSS in Pass-Through Values
GHSA-xr96-7ccp-pg5c CVE-2007-0660 MODERATE over 3 years ago
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN), caused by improper validation of user-supplied ...
nuget
No PRs yet
Apache log4net format string vulnerability causes DoS
GHSA-f9fr-w54q-772h CVE-2006-0743 MODERATE over 3 years ago
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corrup...
nuget
No PRs yet
Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp
GHSA-frxg-hf44-q765 CVE-2022-24849 MODERATE over 3 years ago
### Impact Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatS...
nuget
No PRs yet
YARP Denial of Service Vulnerability
GHSA-8xc6-g8xw-h2c4 CVE-2022-26924 HIGH over 3 years ago
### Impact A denial of service vulnerability exists in how YARP processes input. ### Patches If you're using YARP `1.0.0`, you should update to ...
nuget
No PRs yet
PowerShell Elevation of Privilege Vulnerability
GHSA-q7x5-x7rr-2859 CVE-2022-26788 HIGH over 3 years ago
PowerShell Elevation of Privilege Vulnerability.
nuget
No PRs yet
Azure SDK for .NET Information Disclosure Vulnerability.
GHSA-whph-446h-6m9v CVE-2022-26907 MODERATE over 3 years ago
Azure SDK for .NET Information Disclosure Vulnerability via undisclosed methods relating to lack of sanitization of exception messages.
nuget
No PRs yet
Improper Certificate Validation
GHSA-7mfr-774f-w5r9 CVE-2017-11770 HIGH over 3 years ago
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by i...
nuget
No PRs yet
Infinite loop in .Net Bond
GHSA-rqrc-8q8f-cp9c CVE-2020-1469 HIGH over 3 years ago
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. ...
nuget
No PRs yet
Path Traversal: 'dir/../../filename' in moment.locale
GHSA-8hfj-j24r-96c4 CVE-2022-24785 HIGH over 3 years ago
### Impact This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switc...
npm nuget
827
Dependabot PRs
10%
Merged
Server side request forgery in C1 CMS
GHSA-8pp6-8x4q-c5mx CVE-2022-24789 HIGH over 3 years ago
C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Req...
nuget
No PRs yet
Deserialization of Untrusted Data in SinGooCMS.Utility
GHSA-29rv-fqx2-4c9f CVE-2022-0749 CRITICAL over 3 years ago
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input af...
nuget
No PRs yet
Code injection in RazorEngine
GHSA-ph3v-2hq5-5qfq CVE-2021-46703 CRITICAL over 3 years ago
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed envi...
nuget
No PRs yet
Prototype Pollution in jquery.cookie
GHSA-gcx5-3p5f-f8vp CVE-2022-23395 MODERATE over 3 years ago
jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).
nuget
No PRs yet
Use after free in Animation
GHSA-vv6j-ww6x-54gx CVE-2022-0609 HIGH almost 4 years ago
CVE-2022-0609: Use after free in Animation - https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html - https://cve...
nuget
2
Dependabot PRs
100%
Merged
Path Traversal in SharpZipLib
GHSA-mm6g-mmq6-53ff CVE-2021-32842 MODERATE almost 4 years ago
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destina...
nuget
No PRs yet
Path Traversal in SharpZipLib
GHSA-2x7h-96h5-rq84 CVE-2021-32841 MODERATE almost 4 years ago
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destina...
nuget
No PRs yet
Path Traversal in SharpZipLib
GHSA-m22m-h4rf-pwq3 CVE-2021-32840 HIGH almost 4 years ago
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the pare...
nuget
No PRs yet