Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,785

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
Improper Authentication
GHSA-qxx8-292g-2w66 HIGH over 4 years ago
### Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. Thi...
nuget
No PRs yet
XML External Entity attack in log4net
GHSA-2cwj-8chv-9pp9 CVE-2018-1285 CRITICAL almost 5 years ago
Apache log4net before 2.0.10 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attack...
nuget
29
Dependabot PRs
13%
Merged
Signature validation bypass in ServiceStack
GHSA-v5rv-hpxg-8x49 CVE-2020-28042 MODERATE almost 5 years ago
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid ...
nuget
No PRs yet
Regular Expression Denial of Service in jquery-validation
GHSA-jxwx-85vp-gvwm CVE-2021-21252 HIGH almost 5 years ago
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expr...
npm nuget
5
Dependabot PRs
20%
Merged
Cross-site scripting vulnerability in TinyMCE
GHSA-w7jx-j77m-wp65 CVE-2024-21911 MODERATE almost 5 years ago
### Impact A cross-site scripting (XSS) vulnerability was discovered in the URL sanitization logic of the core parser. The vulnerability allowed ar...
npm nuget packagist
No PRs yet
XSS in HtmlSanitizer
GHSA-8j9v-h2vp-2hhv CVE-2020-26293 LOW almost 5 years ago
### Impact If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer...
nuget
No PRs yet
Denial of Service in i18n
GHSA-hfvc-g252-rp4g CVE-2020-7791 HIGH almost 5 years ago
This affects the package i18n before version 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concr...
nuget
No PRs yet
Inappropriate implementation in V8
GHSA-m7mf-48hp-5qmr CVE-2020-16009 HIGH almost 5 years ago
CVE-2020-16009: Inappropriate implementation in V8 - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html - https:...
nuget
No PRs yet
Use after free in CefSharp
GHSA-gvqv-779r-4jgp CVE-2020-16017 HIGH about 5 years ago
CVE-2020-16017: Use after free in site isolation - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html - https...
nuget
No PRs yet
Inappropriate implementation in V8 in CefSharp
GHSA-x7fx-mcc9-27j7 CVE-2020-16013 HIGH about 5 years ago
High CVE-2020-16013: Inappropriate implementation in V8. - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.htm...
nuget
No PRs yet
Heap buffer overflow in CefSharp
GHSA-pv36-h7jh-qm62 CVE-2020-15999 MODERATE about 5 years ago
### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrar...
nuget
No PRs yet
personnummer/csharp vulnerable to Improper Input Validation
GHSA-qv8q-v995-72gr LOW about 5 years ago
This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packag...
nuget
No PRs yet
Cross-Site Scripting in jquery
GHSA-2pqj-h3vj-pqgw CVE-2012-6708 MODERATE about 5 years ago
Affected versions of `jquery` are vulnerable to cross-site scripting. This occurs because the main `jquery` function uses a regular expression to d...
maven npm nuget
No PRs yet
Insecure defaults in UmbracoForms
GHSA-8m73-w2r2-6xxj CVE-2020-7685 HIGH over 5 years ago
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file t...
nuget
No PRs yet
Potential XSS vulnerability in jQuery
GHSA-jpcq-cgw6-v4j6 CVE-2020-11023 MODERATE over 5 years ago
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation me...
maven nuget rubygems
19
Dependabot PRs
23%
Merged
Potential XSS vulnerability in jQuery
GHSA-gxr4-xjj5-5px2 CVE-2020-11022 MODERATE over 5 years ago
### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()...
maven npm nuget
241
Dependabot PRs
13%
Merged
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
GHSA-9475-xg6m-j7pw CVE-2020-5268 MODERATE over 5 years ago
### Impact Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also...
nuget
No PRs yet
Internal NCryptDecrypt method could be used externally from WindowsHello library.
GHSA-wvpv-ffcv-r6cw CVE-2020-11005 MODERATE over 5 years ago
### Impact Every user of the library before version 1.0.4. ### Patches Patched in 1.0.4+. ### Workarounds None. ### References https://github.co...
nuget
No PRs yet
Missing Token Replay Detection in Saml2 Authentication services for ASP.NET
GHSA-g6j2-ch25-5mmv CVE-2020-5261 HIGH over 5 years ago
### Impact Token Replay Detection is an important defence in depth measure for Single Sign On solutions. In all previous 2.X versions, the Token Re...
nuget
No PRs yet
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
GHSA-7q36-4xx7-xcxf CVE-2020-5234 MODERATE almost 6 years ago
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by ei...
nuget
1
Dependabot PRs
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
GHSA-5whq-j5qg-wjvp CVE-2019-12562 MODERATE about 6 years ago
Cross-site scripting (XSS) is possible in DNN (formerly DotNetNuke) before 9.4.0 by remote authenticated users via the Display Name field in the ad...
nuget
No PRs yet
Improper Authentication in Auth0.AuthenticationApi
GHSA-c9cg-q8r2-xvjq CVE-2019-16929 HIGH about 6 years ago
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
nuget
No PRs yet
High severity vulnerability that affects PeterO.Cbor
GHSA-cxw4-9qv9-vx5h HIGH about 6 years ago
### Impact The CBOR library supports optional tags that enable CBOR objects to contain references to objects within them. Versions earlier than 4.0...
nuget
No PRs yet
High severity vulnerability that affects System.Management.Automation
GHSA-62gw-3rmj-wmp2 CVE-2019-1301 HIGH about 6 years ago
# Microsoft Security Advisory CVE-2019-1301: Denial of Service Vulnerability in PowerShell Core ## Executive Summary A denial of service vulnerab...
nuget
No PRs yet
Directory Traversal in SharpCompress
GHSA-fxh6-w476-hgr4 CVE-2018-1002206 MODERATE about 6 years ago
SharpCompress prior to version 0.21 is vulnerable to path traversal issue in archive extraction.
nuget
No PRs yet
Uncontrolled Resource Consumption in MetadataExtractor
GHSA-cwqq-w8c3-r2jw CVE-2019-14262 HIGH over 6 years ago
MetadataExtractor 2.1.0 allows stack consumption.
nuget
No PRs yet
Vulnerability in Azure Active Directory Authentication Library
GHSA-xc6x-cq47-9chw CVE-2019-1258 HIGH over 6 years ago
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches to...
nuget
No PRs yet
Cross-site scripting in CLEditor
GHSA-hh56-x62g-gvhc CVE-2019-1010113 MODERATE over 6 years ago
Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrar...
nuget
No PRs yet
System.Management.Automation subject to bypass via script debugging
GHSA-5frh-8cmj-gc59 CVE-2019-1167 MODERATE over 6 years ago
## Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability # Microsoft Security Advi...
nuget
No PRs yet
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation
GHSA-958r-g534-ccmr CVE-2019-9845 CRITICAL over 6 years ago
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because...
nuget
No PRs yet
Inadequate Encryption Strength in DotNetNuke
GHSA-h595-8pw6-5q6v CVE-2018-15811 HIGH over 6 years ago
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
nuget
No PRs yet
Insufficient Entropy in DotNetNuke
GHSA-pf46-gqg9-j3v3 CVE-2018-15812 HIGH over 6 years ago
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
nuget
No PRs yet
Insufficient Entropy in DotNetNuke
GHSA-xx3h-j3cx-8qfj CVE-2018-18326 HIGH over 6 years ago
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issu...
nuget
No PRs yet
Inadequate Encryption Strength in DotNetNuke
GHSA-j3g9-6fx5-gjv7 CVE-2018-18325 HIGH over 6 years ago
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomple...
nuget
No PRs yet
Low severity vulnerability that affects Gw2Sharp
GHSA-4vr3-9v7h-5f8v LOW over 6 years ago
## Leaking cached authenticated requests ### Impact If you've been using one `MemoryCacheMethod` object in multiple instances of `Gw2WebApiClient`...
nuget
No PRs yet
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
GHSA-6c3j-c64m-qhgq CVE-2019-11358 MODERATE over 6 years ago
jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.pr...
npm nuget pypi +1 more
6
Dependabot PRs
16%
Merged
Critical severity vulnerability that affects Auth0-WCF-Service-JWT
GHSA-qpvx-gpqm-g98j CVE-2019-7644 CRITICAL over 6 years ago
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signatur...
nuget
No PRs yet
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-6jf5-rmhv-38cw CVE-2019-0639 HIGH over 6 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-pjpj-f6r8-56rm CVE-2019-0609 HIGH over 6 years ago
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine...
nuget
No PRs yet
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-fv38-4c3m-25v8 CVE-2019-0592 HIGH over 6 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...
nuget
No PRs yet
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-7ph8-f946-q5r7 CVE-2019-0611 HIGH over 6 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...
nuget
No PRs yet
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-8qh8-cv77-h83g CVE-2019-0769 HIGH over 6 years ago
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engin...
nuget
No PRs yet
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
GHSA-jhx3-2w5x-x39x CVE-2019-0746 MODERATE over 6 years ago
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripti...
nuget
No PRs yet
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-3w9q-c44j-37jj CVE-2019-0773 HIGH over 6 years ago
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engin...
nuget
No PRs yet
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-fvpg-qx3g-7mp7 CVE-2019-0771 HIGH over 6 years ago
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engin...
nuget
No PRs yet
Bootstrap Vulnerable to Cross-Site Scripting
GHSA-9v3m-8fp8-mj99 CVE-2019-8331 MODERATE almost 7 years ago
Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of th...
npm nuget rubygems
27
Dependabot PRs
11%
Merged
Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass
GHSA-fxwm-579q-49qq CVE-2019-8331 MODERATE almost 7 years ago
In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, ...
nuget
68
Dependabot PRs
7%
Merged
bootstrap Cross-site Scripting vulnerability
GHSA-ph58-4vrj-w6hr CVE-2018-20677 MODERATE almost 7 years ago
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
maven npm nuget +2 more
No PRs yet
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
GHSA-cgpw-2gph-2r9g MODERATE about 7 years ago
Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploi...
nuget
No PRs yet
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
GHSA-3m2r-q8x3-xmf7 MODERATE about 7 years ago
Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where a specially crafted request can cause excess ...
nuget
No PRs yet