Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,784

Total Advisories

1,791

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
MPXJ has a Potential Path Traversal Vulnerability
GHSA-j945-c44v-97g6 CVE-2024-49771 MODERATE about 1 year ago
### Impact The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path co...
maven nuget pypi +1 more
No PRs yet
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
GHSA-wxw9-6pv9-c3xc CVE-2024-48929 MODERATE about 1 year ago
### Impact During an explicit sign-out, the server session is not fully terminated.
nuget
No PRs yet
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
GHSA-5955-cwv4-h7qh CVE-2024-48927 MODERATE about 1 year ago
### Impact There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. ### Workarounds Ser...
nuget
No PRs yet
Umbraco CMS logout page displayed before session expiration
GHSA-fp6q-gccw-7qqm CVE-2024-48926 MODERATE about 1 year ago
### Impact The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to bel...
nuget
No PRs yet
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
GHSA-4gp9-ff99-j6vj CVE-2024-48925 LOW about 1 year ago
### Impact An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information th...
nuget
No PRs yet
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
GHSA-c5g6-6xf7-qxp3 CVE-2024-47819 MODERATE about 1 year ago
### Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you ca...
npm nuget
No PRs yet
Security Update for the OPC UA .NET Standard Stack
GHSA-7vfh-cqpc-4267 CVE-2024-45526 MODERATE about 1 year ago
This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to trigger a gradual degradati...
nuget
No PRs yet
Security Update for the OPC UA .NET Standard Stack
GHSA-qm9f-c3v9-wphv HIGH about 1 year ago
This security update resolves a vulnerability in the OPC UA .NET Standard Stack that enables an unauthorized attacker to trigger a rapid increase i...
nuget
No PRs yet
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
GHSA-4qm4-8hg2-g2xm CVE-2024-48924 MODERATE about 1 year ago
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an...
nuget
13
Dependabot PRs
8%
Merged
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
GHSA-8g4q-xg66-9fp4 CVE-2024-43485 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
390
Dependabot PRs
2%
Merged
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
GHSA-f32c-w444-8ppv CVE-2024-43484 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
GHSA-qj66-m88j-hmgj CVE-2024-43483 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
62
Dependabot PRs
10%
Merged
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
GHSA-7vw9-cfwx-9gx9 CVE-2024-38229 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micr...
nuget
No PRs yet
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
GHSA-4rr6-2v9v-wcpc CVE-2024-45302 MODERATE about 1 year ago
### Summary The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.Add...
nuget
2
Dependabot PRs
Serilog Client IP Spoofing vulnerability
GHSA-5x5q-cqf6-gj8r CVE-2024-44930 MODERATE about 1 year ago
Serilog (before v2.1.0) contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifyin...
nuget
No PRs yet
Umbraco CMS Improper Access Control vulnerability
GHSA-hrww-x3fq-xcvh CVE-2024-43377 MODERATE over 1 year ago
### Impact As an authenticated user one can access a few unintended endpoints ### Explanation of the vulnerability Few endpoints in Umbraco Manage...
nuget
No PRs yet
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
GHSA-77gj-crhp-3gvx CVE-2024-43376 MODERATE over 1 year ago
### Impact Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. ### Explanation of the...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
GHSA-7qrv-8f9x-3h32 CVE-2024-38168 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability
GHSA-3r34-r6w3-fqp6 CVE-2024-38167 MODERATE over 1 year ago
# Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability ## <a name="executive-summary"></a>Executive summary Mic...
nuget
No PRs yet
IdentityServer Open Redirect vulnerability
GHSA-55p7-v223-x366 MODERATE over 1 year ago
### Impact It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trus...
nuget
No PRs yet
IdentityServer Open Redirect vulnerability
GHSA-ff4q-64jc-gx98 CVE-2024-39694 MODERATE over 1 year ago
### Impact It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trus...
nuget
3
Dependabot PRs
50%
Merged
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
GHSA-c3h4-9gc2-f7h4 CVE-2024-41799 HIGH over 1 year ago
### Impact _What kind of vulnerability is it? Who is impacted?_ Low permission users using the "Set .dme Path" privilege could potentially set mal...
nuget
No PRs yet
CLSA Directory Traversal vulnerability
GHSA-9xhh-3m78-gvgj CVE-2024-28698 CRITICAL over 1 year ago
Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to th...
nuget
No PRs yet
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder
GHSA-qxrv-gp6x-rc23 CVE-2024-41132 MODERATE over 1 year ago
### Impact _What kind of vulnerability is it? Who is impacted?_ A vulnerability discovered in the ImageSharp library, where the processing of spec...
nuget
No PRs yet
SixLabors ImageSharp Out-of-bounds Write
GHSA-63p8-c4ww-9cg7 CVE-2024-41131 HIGH over 1 year ago
### Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially...
nuget
No PRs yet
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
GHSA-vmcp-66r5-3pcp CVE-2024-40636 LOW over 1 year ago
### Summary When utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry, an err...
nuget
No PRs yet
Mimekit has vulnerable dependency that can lead to denial of service
GHSA-gmc6-fwg3-75m5 HIGH over 1 year ago
### Summary Denial of service vulnerability. ### Details See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/anno...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
GHSA-447r-wph3-92pm CVE-2024-38095 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
2
Dependabot PRs
Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability
GHSA-hq7w-xv5x-g34j CVE-2024-38081 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Mic...
nuget
2
Dependabot PRs
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
GHSA-chfc-9w6m-75rf CVE-2024-35264 CRITICAL over 1 year ago
# Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micr...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
GHSA-hh2w-p6rv-4g7w CVE-2024-30105 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
306
Dependabot PRs
1%
Merged
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
GHSA-fg4q-ccq8-3r5q CVE-2024-39677 HIGH over 1 year ago
### Impact A SQL injection vulnerability exists in some types implementing `ILiteralType.ObjectToSQLString`. Callers of these methods are exposed t...
nuget
2
Dependabot PRs
50%
Merged
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
GHSA-4q2p-hwmr-qcxc CVE-2024-33862 HIGH over 1 year ago
A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.5.374.54 could allow remote attackers to exhaust...
nuget
No PRs yet
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
GHSA-9hcv-j9pv-qmph CVE-2024-38356 MODERATE over 1 year ago
### Impact A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content extractio...
npm nuget packagist
No PRs yet
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
GHSA-w9jx-4g6g-rp7x CVE-2024-38357 MODERATE over 1 year ago
### Impact A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content parsing c...
npm nuget packagist
No PRs yet
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
GHSA-m5vv-6r4h-3vj9 CVE-2024-35255 MODERATE over 1 year ago
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.
maven npm nuget +1 more
14
Dependabot PRs
21%
Merged
Azure Storage Movement Client Library Denial of Service Vulnerability
GHSA-32f8-hmr3-7vxg CVE-2024-35252 HIGH over 1 year ago
Azure Storage Movement Client Library Denial of Service Vulnerability
nuget
No PRs yet
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
GHSA-rpj9-xjwm-wr6w CVE-2024-35240 MODERATE over 1 year ago
### Impact Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality ### Patches 12.1.4, 10.0.5 ### R...
nuget
No PRs yet
Umbraco Forms components vulnerable to Stored Cross-site Scripting
GHSA-p572-p2rj-q5f4 CVE-2024-35239 LOW over 1 year ago
### Impact Authenticated user that has access to edit Forms may inject unsafe code into Forms components. ### Patches Issue can be mitigated by c...
nuget
No PRs yet
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
GHSA-gvpc-3pj6-4m9w CVE-2024-35218 MODERATE over 1 year ago
### Impact Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or applicati...
nuget
1
Dependabot PRs
100%
Merged
Umbraco CMS Open Redirect Bypass Protection
GHSA-j74q-mv2c-rxmp CVE-2024-34071 MODERATE over 1 year ago
### Impact Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backo...
nuget
1
Dependabot PRs
100%
Merged
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
GHSA-hhc7-x9w4-cw47 CVE-2024-30046 MODERATE over 1 year ago
# Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
GHSA-7fcr-8qw6-92fr CVE-2024-30045 MODERATE over 1 year ago
# Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micr...
nuget
No PRs yet
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
GHSA-wchx-rm6h-7jf6 CVE-2024-30054 MODERATE over 1 year ago
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
nuget
No PRs yet
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
GHSA-v435-xc8x-wvr9 CVE-2024-30171 MODERATE over 1 year ago
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because...
maven nuget
No PRs yet
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
GHSA-8xfc-gm6g-vgpv CVE-2024-29857 MODERATE over 1 year ago
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2....
maven nuget
5
Dependabot PRs
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
GHSA-m44j-cfrm-g8qc CVE-2024-30172 MODERATE over 1 year ago
An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can oc...
nuget
6
Dependabot PRs
16%
Merged
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
GHSA-x9vc-6hfv-hg8c CVE-2024-32655 HIGH over 1 year ago
### Summary The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length ...
nuget
42
Dependabot PRs
7%
Merged
Umbraco Workflow's Backoffice users can execute arbitrary SQL
GHSA-287f-46j7-j4wh CVE-2024-32872 MODERATE over 1 year ago
### Impact Backoffice users can execute arbitrary SQL. ### Explanation of the vulnerability A Backoffice user can modify requests to a particular...
nuget
No PRs yet
.NET Elevation of Privilege Vulnerability
GHSA-6qmx-42h2-j8h6 CVE-2024-21409 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Mic...
nuget
No PRs yet