Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,785

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
orchardcore is vulnerable to Cross-site Scripting
GHSA-6w5m-jgc5-8cgc CVE-2022-0159 MODERATE almost 4 years ago
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nuget
No PRs yet
Denial of service in CBOR library
GHSA-6r92-cgxc-r5fg CVE-2024-21909 HIGH almost 4 years ago
### Impact Due to this library's use of an inefficient algorithm, it is vulnerable to a denial of service attack when a maliciously crafted input i...
nuget
No PRs yet
Umbraco Persistent Password Reset Poison
GHSA-r8pr-83cc-ccv7 CVE-2022-22691 HIGH almost 4 years ago
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. ...
nuget
No PRs yet
Umbraco ApplicationURL Overwrite
GHSA-jrmq-rv9w-63rv CVE-2022-22690 HIGH almost 4 years ago
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to...
nuget
No PRs yet
Cross-site Scripting OrchardCore.Application.Cms.Targets
GHSA-r8hp-5m7c-jhv4 CVE-2022-0274 MODERATE almost 4 years ago
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
nuget
No PRs yet
Allocation of Resources Without Limits or Throttling in Apache Avro
GHSA-868x-rg4c-cjqg CVE-2021-43045 HIGH almost 4 years ago
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. ...
nuget
No PRs yet
AjaxNetProfessional deserializes arbitrary JavaScript objects
GHSA-5q7q-qqw2-hjq7 CVE-2021-43853 HIGH almost 4 years ago
### Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of ar...
nuget
No PRs yet
Remote Code Execution in AjaxNetProfessional
GHSA-74r6-grj9-8rq6 CVE-2021-23758 CRITICAL almost 4 years ago
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET c...
nuget
No PRs yet
Remote Code Execution in AjaxNetProfessional
GHSA-6r7c-6w96-8pvw CRITICAL almost 4 years ago
### Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of ar...
nuget
No PRs yet
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core
GHSA-mjww-934m-h4jw CVE-2020-29457 MODERATE about 4 years ago
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.
nuget
No PRs yet
Cross-Site Request Forgery in PiranhaCMS
GHSA-ppq7-88c7-q879 CVE-2021-25976 HIGH about 4 years ago
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the ...
nuget
No PRs yet
Improper Verification of Cryptographic Signature in starkbank-ecdsa
GHSA-j3jw-j2j8-2wv9 CVE-2021-43569 CRITICAL about 4 years ago
The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers...
nuget
No PRs yet
Signature verification vulnerability in Stark Bank ecdsa libraries
GHSA-9wx7-jrvc-28mm HIGH about 4 years ago
An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user wi...
maven npm nuget +1 more
No PRs yet
Missing Authorization with Default Settings in Dashboard UI
GHSA-7rq6-7gv8-c37h CVE-2021-41238 HIGH about 4 years ago
Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom...
nuget
2
Dependabot PRs
Cross-site scripting vulnerability in TinyMCE plugins
GHSA-r8hm-w5f7-wj39 CVE-2024-21910 MODERATE about 4 years ago
### Impact A cross-site scripting (XSS) vulnerability was discovered in the URL processing logic of the `image` and `link` plugins. The vulnerabili...
npm nuget packagist +1 more
No PRs yet
Cross-site Scripting in PiranhaCMS
GHSA-jvjp-vh27-r9h5 CVE-2021-25977 MODERATE about 4 years ago
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially...
nuget
No PRs yet
XSS in `*Text` options of the Datepicker widget in jquery-ui
GHSA-j7qv-pgf6-hvh4 CVE-2021-41183 MODERATE about 4 years ago
### Impact Accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. For example, ...
maven npm nuget
No PRs yet
XSS in the `of` option of the `.position()` util in jquery-ui
GHSA-gpqq-952q-5327 CVE-2021-41184 MODERATE about 4 years ago
### Impact Accepting the value of the `of` option of the [`.position()`](https://api.jqueryui.com/position/) util from untrusted sources may execut...
maven npm nuget
No PRs yet
XSS in the `altField` option of the Datepicker widget in jquery-ui
GHSA-9gj3-hwp5-pmwc CVE-2021-41182 MODERATE about 4 years ago
### Impact Accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. For example, in...
maven npm nuget
No PRs yet
Cross-site scripting vulnerability in TinyMCE
GHSA-5h9g-x5rv-25wg CVE-2024-21908 MODERATE about 4 years ago
### Impact A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed a...
npm nuget packagist
No PRs yet
Credential Disclosure in System.DirectoryServices.Protocols
GHSA-9cxh-gqpx-qc5m CVE-2021-41355 MODERATE about 4 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what de...
nuget
No PRs yet
Remote Code Execution in Halibut
GHSA-hpf7-4c2g-9chf CVE-2021-31819 CRITICAL about 4 years ago
In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust ea...
nuget
No PRs yet
Partial path traversal in sharpcompress
GHSA-jp7f-grcv-6mjf CVE-2021-39208 MODERATE about 4 years ago
SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent ext...
nuget
No PRs yet
Prototype Pollution in set-value
GHSA-4jqc-8m5r-9rpr CVE-2021-23440 HIGH about 4 years ago
This affects the package `set-value`. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the...
npm nuget
No PRs yet
Path traversal in elFinder.NetCore
GHSA-9rjp-r58j-fxgq CVE-2021-23428 HIGH about 4 years ago
This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitat...
nuget
No PRs yet
Imporoper path validation in elFinder.NetCore
GHSA-wmpm-fq7r-jq56 CVE-2021-23427 CRITICAL about 4 years ago
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to...
nuget
No PRs yet
ASP.NET Core Information Disclosure Vulnerability
GHSA-q7cg-43mg-qp69 CVE-2021-34532 MODERATE over 4 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advis...
nuget
No PRs yet
Directory Traversal in elFinder.AspNet
GHSA-pjxv-w3qj-j8m3 CVE-2021-23415 HIGH over 4 years ago
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file ...
nuget
No PRs yet
Regular Expression Denial of Service in System.Text.RegularExpressions
GHSA-cmhx-cq75-c4mj CVE-2019-0820 HIGH over 4 years ago
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Deni...
nuget
43
Dependabot PRs
6%
Merged
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
GHSA-j66f-h9hm-975m CVE-2020-9472 MODERATE over 4 years ago
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
nuget
No PRs yet
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
GHSA-9q94-v7ch-mxqw CVE-2020-8867 MODERATE over 4 years ago
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.0...
nuget
No PRs yet
Path Traversal in elFinder.Net.Core
GHSA-mvvp-gwgc-5hrp CVE-2021-23407 HIGH over 4 years ago
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to cr...
nuget
No PRs yet
Remote code execution in ChakraCore
GHSA-wc43-7wj6-4ggr CVE-2020-1180 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Remote code execution in ChakraCore
GHSA-xxfr-jrgh-x392 CVE-2020-1172 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Remote code execution in ChakraCore
GHSA-9f8c-f7h4-xghf CVE-2020-1057 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Missing Authorization in FastReport
GHSA-v726-3vg9-cp34 CVE-2020-27998 CRITICAL over 4 years ago
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof,...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-pfrg-w49c-8432 CVE-2020-0768 HIGH over 4 years ago
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine...
nuget
No PRs yet
Out-of-bounds Write in ChakraCore
GHSA-vpc2-7xmf-ppmf CVE-2020-17048 HIGH over 4 years ago
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.
nuget
No PRs yet
Out-of-bounds Write in ChakraCore
GHSA-88cw-3m6x-49f7 CVE-2020-17054 HIGH over 4 years ago
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.
nuget
No PRs yet
Out-of-bounds Write in ChakraCore
GHSA-c8qc-62qv-5p2x CVE-2020-0828 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Out-of-bounds Write in ChakraCore
GHSA-h2xm-2p6w-mj2v CVE-2020-0831 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-6cc6-66f5-mxjj CVE-2020-0826 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-86gw-g9jv-8vfg CVE-2020-0833 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting En...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-g644-6fg4-hrh9 CVE-2020-0830 HIGH over 4 years ago
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-jv2c-mhcq-6wp4 CVE-2020-0829 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-2qgv-2cv4-g4cg CVE-2020-0832 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting En...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-5p67-cp9c-hqw4 CVE-2020-0848 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-wvhv-rr3v-vhpj CVE-2020-0823 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-j89m-gcjf-6ghp CVE-2020-0825 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Out-of-bounds write in ChakraCore
GHSA-7j34-xq9v-9mqg CVE-2020-0827 HIGH over 4 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet