Security Advisories
Browse security advisories and track which Dependabot PRs address them.
24,785
Total Advisories
1,792
With Dependabot PRs
3,506
Critical Severity
8,617
High Severity
Improper Certificate Validation in Microsoft .NET Framework components
GHSA-jc8g-xhw5-6x46 CVE-2018-0786 HIGH about 7 years ago
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow...
nuget
No PRs yet
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
GHSA-ch6p-4jcm-h8vh CVE-2017-0248 MODERATE about 7 years ago
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they p...
nuget
No PRs yet
OPC UA applications can allow a remote attacker to determine a Server's private key
GHSA-gr4c-5rq6-cgh3 CVE-2018-7559 MODERATE about 7 years ago
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code...
nuget
No PRs yet
Denial of service in ASP.NET Core
GHSA-mv2r-q4g5-j8q5 CVE-2018-8269 HIGH about 7 years ago
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affe...
nuget
No PRs yet
ASP.NET Core fails to properly validate web requests
GHSA-6xh7-4v2w-36q6 CVE-2017-0247 HIGH about 7 years ago
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-...
nuget
No PRs yet
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
GHSA-j8f4-2w4p-mhjc CVE-2017-0256 MODERATE about 7 years ago
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
nuget
No PRs yet
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
GHSA-qhqf-ghgh-x2m4 CVE-2017-0249 HIGH about 7 years ago
See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0249
nuget
No PRs yet
ASP.NET Core allow an elevation of privilege
GHSA-365p-96qv-xr7g CVE-2018-0787 HIGH about 7 years ago
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate w...
nuget
No PRs yet
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
GHSA-vhvh-528q-ff3p CVE-2018-8171 HIGH about 7 years ago
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Featu...
nuget
No PRs yet
Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests
GHSA-j378-6mmw-hqfr CVE-2018-8409 HIGH about 7 years ago
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This af...
nuget
No PRs yet
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
GHSA-35hc-x2cw-2j4v CVE-2018-0765 HIGH about 7 years ago
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulner...
nuget
No PRs yet
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
GHSA-782p-53wq-cxmj CVE-2018-12086 HIGH about 7 years ago
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
nuget
No PRs yet
Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
GHSA-8336-mxp6-v5h9 CVE-2018-12087 MODERATE about 7 years ago
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece...
nuget
No PRs yet
DNN (aka DotNetNuke) has Remote Code Execution via a cookie
GHSA-x2rg-fmcv-crq5 CVE-2017-9822 HIGH about 7 years ago
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
nuget
No PRs yet
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
GHSA-5c66-x4wm-rjfx CVE-2016-7119 MODERATE about 7 years ago
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users t...
nuget
No PRs yet
The installation wizard in DotNetNuke (DNN) allows privilege escalation
GHSA-x8f7-h444-97w4 CVE-2015-2794 CRITICAL about 7 years ago
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direc...
nuget
No PRs yet
Moderate severity vulnerability that affects DotNetNuke.Core
GHSA-v76m-f5cx-8rg4 CVE-2015-1566 MODERATE about 7 years ago
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspec...
nuget
No PRs yet
Critical severity vulnerability that affects recurly-api-client
GHSA-xpwp-rq3x-x6v7 CVE-2017-0907 CRITICAL about 7 years ago
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forge...
nuget
No PRs yet
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
GHSA-rr3c-f55v-qhv5 CVE-2018-0764 HIGH about 7 years ago
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial o...
nuget
No PRs yet
High severity vulnerability that affects DotNetNuke.Core
GHSA-g8j6-m4p7-5rfq CVE-2017-0929 HIGH about 7 years ago
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be ab...
nuget
No PRs yet
DotNetZip Zip-Slip Vulnerability
GHSA-7378-6268-4278 CVE-2018-1002205 MODERATE about 7 years ago
DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in ...
nuget
No PRs yet
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed
GHSA-rpch-cqj9-h65r CVE-2018-1000210 HIGH about 7 years ago
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize(...
nuget
No PRs yet
Denial of Service in jquery
GHSA-mhpp-875w-9cpv CVE-2016-10707 HIGH almost 8 years ago
Affected versions of `jquery` use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase charac...
npm
nuget
No PRs yet
Cross-Site Scripting (XSS) in jquery
GHSA-rmxg-73gg-4p98 CVE-2015-9251 MODERATE almost 8 years ago
Affected versions of `jquery` interpret `text/javascript` responses from cross-origin ajax requests, and automatically execute the contents in `jQu...
maven
npm
nuget
+1 more
No PRs yet
Cross-site Scripting in jquery-ui
GHSA-wcm2-9c89-wmfm CVE-2010-5312 MODERATE about 8 years ago
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject a...
maven
npm
nuget
+1 more
No PRs yet
jquery-ui Tooltip widget vulnerable to XSS
GHSA-qqxp-xp9v-vvx6 CVE-2012-6662 MODERATE about 8 years ago
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 all...
maven
npm
nuget
+1 more
No PRs yet
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
GHSA-hpcf-8vf9-q4gj CVE-2016-7103 MODERATE about 8 years ago
Affected versions of `jquery-ui` are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the `...
maven
npm
nuget
+1 more
No PRs yet