Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,785

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
MsQuic Remote Denial of Service Vulnerability
GHSA-fr44-546p-7xcp CVE-2023-36435 HIGH about 2 years ago
### Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. ### Patches The following ...
nuget
No PRs yet
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
GHSA-xh5m-8qqp-c5x7 CVE-2023-38171 HIGH about 2 years ago
### Impact The MsQuic server application or process will crash, resulting in a denial of service. ### Patches The following patch was made: - Don...
nuget
No PRs yet
Azure Identity SDK Remote Code Execution Vulnerability
GHSA-5mfx-4wcx-rv27 CVE-2023-36414 HIGH about 2 years ago
Azure Identity SDK is vulnerable to remote code execution.
nuget
150
Dependabot PRs
Microsoft Common Data Model SDK Denial of Service Vulnerability
GHSA-vm2m-7hpw-fpmq CVE-2023-36566 MODERATE about 2 years ago
Microsoft Common Data Model SDK Denial of Service Vulnerability
maven nuget pypi
No PRs yet
Vulnerable version of libwebp and can be exploited with a malicious source image
GHSA-wqcr-xm43-hpqr HIGH about 2 years ago
### Impact This vulnerability affects deployments of FreeImage that involve decoding or processing malicious source .webp files. If you only proce...
nuget
No PRs yet
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
GHSA-4c29-gfrp-g6x9 HIGH about 2 years ago
Google is aware that an exploit for CVE-2023-5217 exists in the wild. Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome ...
nuget
No PRs yet
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
GHSA-43cp-6p3q-2pc4 CVE-2023-44390 MODERATE about 2 years ago
### Impact The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed ele...
nuget
4
Dependabot PRs
Imageflow affected by libwebp zero-day and should not be used with malicious source images.
GHSA-7vpr-3ppw-qrpj HIGH about 2 years ago
### Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only proce...
nuget
No PRs yet
CefSharp affected by heap buffer overflow in WebP
GHSA-j646-gj5p-p45g CRITICAL about 2 years ago
**Google is aware that an exploit for [CVE-2023-4863](https://www.cve.org/CVERecord?id=CVE-2023-4863) exists in the wild.** ### Description Heap ...
nuget
No PRs yet
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
GHSA-fv2h-753j-9g39 CVE-2023-41890 HIGH about 2 years ago
### Impact When a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity p...
nuget
No PRs yet
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
GHSA-3qf9-qxfj-4whc CVE-2023-36792 HIGH about 2 years ago
# Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability
GHSA-38fq-h5hc-gwv8 CVE-2023-36794 HIGH about 2 years ago
# Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability
GHSA-g4p8-g7mq-wpx4 CVE-2023-36793 HIGH about 2 years ago
# Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability
GHSA-h7jm-g87p-5935 CVE-2023-36796 HIGH about 2 years ago
# Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability
GHSA-h3hv-63q5-jgpr CVE-2023-36799 MODERATE about 2 years ago
# Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft...
nuget
No PRs yet
.NET Information Disclosure Vulnerability
GHSA-j8rm-cm55-qqj6 CVE-2023-35391 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-35391: .NET Information Disclosure Vulnerability ## <a name="executive-summary"></a>Executive summary Micr...
nuget
No PRs yet
Moq v4.20.0-rc to 4.20.1 share hashed user data
GHSA-6r78-m64m-qwcf LOW over 2 years ago
Moq v4.20.0-rc to 4.20.1 include support for [SponsorLink](https://github.com/devlooped/SponsorLink), which runs an obfuscated DLL at build time th...
nuget
No PRs yet
.NET Remote Code Execution Vulnerability
GHSA-p8rx-fwgq-rh2f CVE-2023-35390 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-35390: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-p57v-gv7q-4xfm CVE-2023-38178 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-vmch-3w2x-vhgq CVE-2023-38180 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft...
nuget
No PRs yet
Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions
GHSA-h8wc-r4jh-mg7m CVE-2023-37267 HIGH over 2 years ago
Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. ### Impact An unauthorized user gaining ...
nuget
3
Dependabot PRs
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability
GHSA-485r-rp8v-998v CVE-2023-33127 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
GHSA-25c8-p796-jg6r CVE-2023-33170 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## Executive summary Microsoft is releasing this securit...
nuget
No PRs yet
YARP Denial of Service Vulnerability
GHSA-jrjw-qgr2-wfcg CVE-2023-33141 HIGH over 2 years ago
### Impact A denial of service vulnerability exists in YARP. ### Patches If you're using YARP 1.x, you should update to NuGet package version [1.1...
nuget
No PRs yet
Dynamic Linq vulnerable to remote code execution
GHSA-w65q-jcmv-28gj CVE-2023-32571 CRITICAL over 2 years ago
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including...
nuget
No PRs yet
Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability
GHSA-gh24-9qjj-mr67 CVE-2023-33126 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
.NET Remote Code Execution Vulnerability
GHSA-x469-cv7m-77r9 CVE-2023-33128 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
.NET Denial of Service vulnerability
GHSA-555c-2p6r-68mm CVE-2023-29331 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft...
nuget
127
Dependabot PRs
.NET Elevation of Privilege Vulnerability
GHSA-jx7q-xxmw-44vf CVE-2023-24936 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-24936: .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Micr...
nuget
No PRs yet
.NET Remote Code Execution Vulnerability
GHSA-jh2h-qcrw-ghg7 CVE-2023-24895 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-24895: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
.NET Remote Code Execution Vulnerability
GHSA-88q2-h5g3-p4pg CVE-2023-24897 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-24897: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
NuGet Client Remote Code Execution Vulnerability
GHSA-6qmf-mmc7-6c2p CVE-2023-29337 HIGH over 2 years ago
### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisor...
nuget
No PRs yet
tgstation-server cached user logins in legacy server
GHSA-42r6-p4px-qvv6 CVE-2018-17107 HIGH over 2 years ago
Please note this advisory is for a historical preexisting issue in the legacy server from 2018. It has long since been triaged. It is being moved h...
nuget
No PRs yet
Snowflake Connector .Net Command Injection
GHSA-223g-8w3x-98wr CVE-2023-34230 HIGH over 2 years ago
### Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentic...
nuget
No PRs yet
SSCMS vulnerable to Cross Site Scripting
GHSA-63c6-w556-3h7q CVE-2023-2862 MODERATE over 2 years ago
A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file `/api/st...
nuget
No PRs yet
Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server
GHSA-vpf7-r2fv-75m9 CVE-2023-27321 HIGH over 2 years ago
This security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows remote attackers to send malicious requests ...
nuget
No PRs yet
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server
GHSA-4cvp-hr63-822j CVE-2023-31048 MODERATE over 2 years ago
This security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows remote attackers to send malicious requests ...
nuget
No PRs yet
User account enumeration in Serenity
GHSA-w7jm-9x4m-8qc3 CVE-2023-31286 MODERATE over 2 years ago
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the exist...
nuget
No PRs yet
Insufficient token expiration in Serenity
GHSA-2hp9-3xfr-r9w2 CVE-2023-31287 HIGH over 2 years ago
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is u...
nuget
No PRs yet
Cross Site Scripting (XSS) in Serenity
GHSA-93h6-wx7r-mgfp CVE-2023-31285 MODERATE over 2 years ago
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not...
nuget
No PRs yet
Directory traversal + file write causing arbitrary code execution
GHSA-9p5f-5x8v-x65m CVE-2023-30626 HIGH over 2 years ago
### Impact Frederic Linn (@FredericLinn) has reported a series of vulnerabilities that can result in directory traversal, file write, and potential...
nuget
No PRs yet
.NET Remote Code Execution vulnerability
GHSA-w4m3-43gp-x8hx CVE-2023-28260 HIGH over 2 years ago
# Microsoft Security Advisory CVE-2023-28260: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer
GHSA-838x-pcvx-6p5w CVE-2023-28638 HIGH over 2 years ago
### Impact This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to us...
nuget
No PRs yet
LiteDB may deserialize bad JSON on object type using _type
GHSA-3x49-g6rc-c284 CVE-2022-23535 CRITICAL almost 3 years ago
### Impact LiteDB use a special field in JSON documents to cast diferent types from `BsonDocument` do POCO classes. When instance of an object are ...
nuget
No PRs yet
MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data
GHSA-7j9m-j397-g4wx CVE-2022-48282 HIGH almost 3 years ago
Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services....
nuget
13
Dependabot PRs
23%
Merged
.NET Remote Code Execution Vulnerability
GHSA-824j-wqm8-89mj CVE-2023-21808 HIGH almost 3 years ago
# Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
GHSA-3w9w-9833-gcpv MODERATE almost 3 years ago
### Impact A memory overwrite bug was reported by a security researcher in the **ConvertToSinglePlane** method via the *texconv* command-line tool ...
nuget
No PRs yet
Component takeover in Oracle Data Provider for .NET
GHSA-5pm2-9mr2-3frq CVE-2023-21893 HIGH almost 3 years ago
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Dif...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-8f7f-vqg5-jrv9 CVE-2023-21538 HIGH almost 3 years ago
# Microsoft Security Advisory CVE-2023-21538: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft...
nuget
No PRs yet
EnumStringValues vulnerable to Uncontrolled Resource Consumption
GHSA-vq23-hwg7-hxrh CVE-2020-36620 LOW almost 3 years ago
A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStrin...
nuget
No PRs yet