Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,785

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
DNS NuGet package uses insufficiently random values
GHSA-g3wc-xv93-445q CVE-2021-4248 CRITICAL almost 3 years ago
A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the...
nuget
No PRs yet
.NET Remote Code Execution Vulnerability
GHSA-2c7v-qcjp-4mg2 CVE-2022-41089 HIGH almost 3 years ago
# Microsoft Security Advisory CVE-2022-41089: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micro...
nuget
No PRs yet
Cross-site scripting vulnerability in TinyMCE alerts
GHSA-gg8r-xjwq-4w92 CVE-2022-23494 MODERATE almost 3 years ago
### Impact A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicio...
npm nuget packagist
14
Dependabot PRs
18%
Merged
DSInternals Credential Roaming Elevation of Privilege Vulnerability
GHSA-vx2x-9cff-fhjw MODERATE almost 3 years ago
### Impact A vulnerability exists in the `DSInternals.Common.Data.RoamedCredential.Save()` method, which incorrectly parses the `msPKIAccountCrede...
nuget
No PRs yet
Temporary File Information Disclosure vulnerability in MPXJ
GHSA-jf2p-4gqj-849g CVE-2022-41954 LOW about 3 years ago
### Impact On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created ...
maven nuget pypi
No PRs yet
Remote code execution vulnerability in dependency System.Drawing.Common
GHSA-gpv5-rp6w-58r8 MODERATE about 3 years ago
### Impact The core Akka module depended on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Co...
nuget
17
Dependabot PRs
.NET Information Disclosure Vulnerability
GHSA-8g2p-5pqh-5jmc CVE-2022-41064 MODERATE about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlC...
nuget
No PRs yet
.NET Core Elevation of Privilege Vulnerability
GHSA-rh58-r7jh-xhx3 CVE-2021-26423 HIGH about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provid...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-485p-mrj5-8w2v CVE-2022-23267 HIGH about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory a...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-cw98-9j8w-wxv9 CVE-2022-24464 HIGH about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory ...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-x459-p2rx-f8ff CVE-2022-21986 HIGH about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides gu...
nuget
No PRs yet
.NET Core Information Disclosure Vulnerability
GHSA-vgwq-hfqc-58wv CVE-2021-34485 MODERATE about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advis...
nuget
No PRs yet
.NET Remote Code Execution Vulnerability
GHSA-c6w8-7mp3-34j9 CVE-2022-24512 MODERATE about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory ...
nuget
No PRs yet
NuGet Elevation of Privilege Vulnerability
GHSA-g3q9-xf95-8hp5 CVE-2022-41032 HIGH about 3 years ago
## Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0.0-rc, .NET 6.0, .NET Core 3....
nuget
No PRs yet
OrchardCore vulnerable to HTML injection
GHSA-5gg9-gwj4-mqmj CVE-2022-32173 MODERATE about 3 years ago
OrchardCore versions starting with 1.0.0-rc1-11259 and prior to 1.4.0 are vulnerable to HTML injection. The vulnerability allows an authenticated u...
nuget
No PRs yet
DNN vulnerable to Relative Path Traversal
GHSA-9w72-2f23-57gm CVE-2022-2922 MODERATE about 3 years ago
DNN (GitHub repository dnnsoftware/dnn.platform) prior to 9.11.0 is vulnerable to Relative Path Traversal. Version 9.11.0 contains a patch for this...
nuget
No PRs yet
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
GHSA-gfhp-jgp6-838j CVE-2022-39256 CRITICAL about 3 years ago
### Impact This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is ...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-r8m2-4x37-6592 CVE-2022-38013 HIGH about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provid...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-fcg8-mg9g-6hc4 CVE-2022-29145 HIGH about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory a...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-3rq8-h3gj-r5c6 CVE-2022-29117 HIGH about 3 years ago
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory a...
nuget
No PRs yet
Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server
GHSA-mw9h-hcp7-fgc6 CVE-2022-33916 MODERATE over 3 years ago
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
nuget
No PRs yet
Incorrect Access Control and Cross Site Scripting in Jellyfin
GHSA-qwp3-5fw3-5wgv CVE-2022-35909 HIGH over 3 years ago
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. This lack of access control can be leveraged to ...
nuget
No PRs yet
Use of Hard-coded Credentials in AgileConfig.Client
GHSA-mj5w-w588-j6xg CVE-2022-35540 CRITICAL over 3 years ago
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.
nuget
No PRs yet
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
GHSA-h6gj-6jjq-h8g9 CVE-2022-31160 MODERATE over 3 years ago
### Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. ...
maven npm nuget
No PRs yet
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
GHSA-64x4-9hc6-r2h6 CVE-2022-30187 MODERATE over 3 years ago
### Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-891...
maven nuget pypi
No PRs yet
Moment.js vulnerable to Inefficient Regular Expression Complexity
GHSA-wc69-rhjr-hc9g CVE-2022-31129 HIGH over 3 years ago
### Impact * using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity ...
npm nuget
No PRs yet
Improper Handling of Exceptional Conditions in Newtonsoft.Json
GHSA-5crp-9r3c-p9vr CVE-2024-21907 HIGH over 3 years ago
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lea...
nuget
No PRs yet
Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core
GHSA-r7pq-3x6p-7jcm CVE-2022-29863 HIGH over 3 years ago
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory excep...
nuget
No PRs yet
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
GHSA-vhfw-v69p-crcw CVE-2022-29864 HIGH over 3 years ago
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory excep...
nuget
No PRs yet
Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core
GHSA-fvxf-r9fw-49pc CVE-2022-29865 HIGH over 3 years ago
A vulnerability was discovered in the OPC UA .NET Standard Stack that - allows a malicious client or server to bypass the application authenticati...
nuget
No PRs yet
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
GHSA-6fp8-cxc9-4fr9 CVE-2022-29866 HIGH over 3 years ago
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server t...
nuget
No PRs yet
Security Update for the OPC UA .NET Standard Stack
GHSA-5q2v-6j86-5h9v CVE-2022-29862 HIGH over 3 years ago
A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully craf...
nuget
No PRs yet
Potential leak of NuGet.org API key
GHSA-3885-8gqc-3wpf CVE-2022-30184 MODERATE over 3 years ago
### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet (...
nuget
No PRs yet
Cross site scripting in SSCMS
GHSA-4qf6-vpj8-p4r6 CVE-2022-30349 MODERATE over 3 years ago
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
nuget
No PRs yet
Weak private key generation in SSH.NET
GHSA-72p8-v4hg-v45p CVE-2022-29245 MODERATE over 3 years ago
During an **X25519** key exchange, the client’s private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.ra...
nuget
4
Dependabot PRs
25%
Merged
Cross-site Scripting in ZKEACMS
GHSA-hc72-vj3g-5g2g CVE-2022-29362 MODERATE over 3 years ago
A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts o...
nuget
No PRs yet
Cross site scripting in SiteServer CMS
GHSA-2xwp-7j3p-c78x CVE-2021-42656 MODERATE over 3 years ago
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
nuget
No PRs yet
SQL injection in SiteServer CMS
GHSA-5xr5-v2h7-2w7w CVE-2021-42655 HIGH over 3 years ago
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
nuget
No PRs yet
ChakraCore information disclosure vulnerability
GHSA-vvvh-5xrm-pxff CVE-2020-0813 HIGH over 3 years ago
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with in...
nuget
No PRs yet
NuGet Package Manager Tampering Vulnerability
GHSA-3hcm-6fjc-47qq CVE-2019-0976 MODERATE over 3 years ago
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of th...
nuget
No PRs yet
Elevation of privilege in ASP.NET Core
GHSA-xr8f-59pp-rxxh CVE-2019-1302 MODERATE over 3 years ago
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly s...
nuget
No PRs yet
Cross site scripting attack in ServiceStack Framework
GHSA-vcfc-9wcp-j623 CVE-2019-1010199 MODERATE over 3 years ago
ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server respons...
nuget
No PRs yet
Chakra Scripting Engine RCE Vulnerability
GHSA-g8q3-rcf9-qx4q CVE-2019-1024 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). ...
nuget
No PRs yet
Chakra Scripting Engine RCE via Out-of-bounds write
GHSA-v8jw-x9wq-hw4v CVE-2019-1052 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). ...
nuget
No PRs yet
ChakraCore RCE via Out-of-bounds write
GHSA-4v6q-gjm6-6vv4 CVE-2019-1002 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). ...
nuget
No PRs yet
Chakra Scripting Engine RCE via Out-of-bounds write
GHSA-fxrx-5j36-pwg5 CVE-2019-1051 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). ...
nuget
No PRs yet
Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption
GHSA-jgrp-6qqq-3284 CVE-2021-42279 HIGH over 3 years ago
Chakra Scripting Engine and ChakraCore are vulnerable to memory corruption due to an out-of-bounds write. The Microsoft advisory for CVE-2021-42279...
nuget
No PRs yet
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener
GHSA-p9rv-qgqw-jx2w CVE-2021-20331 MODERATE over 3 years ago
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured b...
nuget
No PRs yet
.NET Core Remote Code Execution Vulnerability
GHSA-rxg9-xrhp-64gj CVE-2021-24112 CRITICAL over 3 years ago
A remote code execution vulnerability exists when parsing certain types of graphics files. This vulnerability only exists on systems running on Mac...
nuget
3
Dependabot PRs
Denial of service in .NET core
GHSA-3gp9-h8hw-pxpw CVE-2021-1721 MODERATE over 3 years ago
.NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certifi...
nuget
No PRs yet