Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,785

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
ASP.NET Core and Visual Studio Denial of Service Vulnerability
GHSA-242j-2gm6-5rwx CVE-2021-1723 HIGH over 3 years ago
A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the w...
nuget
No PRs yet
Umbraco CMS vulnerable to stored XSS
GHSA-95qr-67rx-9pgh CVE-2020-5809 MODERATE over 3 years ago
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when ...
nuget
No PRs yet
QuantConnect Lean vulnerable to insecure deserialization
GHSA-ww7r-278h-48mh CVE-2020-20136 CRITICAL over 3 years ago
QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeN...
nuget
No PRs yet
Integer overflow in the bundled Brotli C library
GHSA-5v8v-66v8-mwm7 CVE-2020-8927 MODERATE over 3 years ago
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression...
cargo nuget
2
Dependabot PRs
Cookie parsing failure
GHSA-hxrm-9w7p-39cc CVE-2020-1045 HIGH over 3 years ago
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes...
nuget
92
Dependabot PRs
10%
Merged
ASP.NET Core Denial of Service Vulnerability
GHSA-f8qx-mjcq-wfgx CVE-2020-1597 HIGH over 3 years ago
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka `ASP.NET Core Denial of Service Vulnerability`.
nuget
No PRs yet
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
GHSA-g5vf-38cp-4px9 CVE-2020-1147 HIGH over 3 years ago
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source...
nuget
No PRs yet
GleamTech FileUltimate Cross-site Scripting
GHSA-rrwx-8wm4-qhh4 CVE-2020-15015 MODERATE over 3 years ago
The FileExplorer component in GleamTech FileUltimate 6.1.5 allows XSS via an SVG document.
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-g3m9-qrfj-xw4g CVE-2020-1073 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
ASP.NET Core Denial of Service Vulnerability
GHSA-3cf7-7wq6-8842 CVE-2020-1161 HIGH over 3 years ago
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
nuget
No PRs yet
.NET Core & .NET Framework Denial of Service Vulnerability
GHSA-3w5p-jhp5-c29q CVE-2020-1108 HIGH over 3 years ago
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial o...
nuget
5
Dependabot PRs
ChakraCore RCE Vulnerability
GHSA-9hjg-j983-mqcc CVE-2020-1065 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
ChakraCore Remote Code Execution Vulnerability
GHSA-8xv4-c7rq-j577 CVE-2020-1037 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), ...
nuget
No PRs yet
ChakraCore Remote Code Execution Vulnerability
GHSA-233h-59m2-qqf2 CVE-2020-0970 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-jr84-p554-62pm CVE-2020-0969 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), ...
nuget
No PRs yet
AutoUpdater.NET allows XXE
GHSA-75p2-hgw4-g7f7 CVE-2019-20627 CRITICAL over 3 years ago
AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.
nuget
No PRs yet
Umbraco CMS Authenticated File Upload
GHSA-h68c-4jh3-cp9j CVE-2020-9471 HIGH over 3 years ago
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-g67x-mgrv-m3gv CVE-2020-0812 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L,...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-pg99-mp4c-75g6 CVE-2020-0811 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L,...
nuget
No PRs yet
DNN File Upload Vulnerability
GHSA-vjcm-j85r-7p68 CVE-2020-5188 MODERATE over 3 years ago
DNN (formerly DotNetNuke) through 9.4.4 has a File upload vulnerability via bypassing client-side file extension check
nuget
No PRs yet
DNN Path Traversal via Zip Slip
GHSA-4qf5-7xc2-wqpg CVE-2020-5187 HIGH over 3 years ago
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal via unsafe handling of zip files
nuget
No PRs yet
DNN XSS Vulnerability
GHSA-9phr-h5mx-4fp6 CVE-2020-5186 MODERATE over 3 years ago
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-fhc8-h6hr-h9mq CVE-2020-0767 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-g6mc-8679-ghx9 CVE-2020-0713 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-w6qf-35f2-j6h7 CVE-2020-0712 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-67xp-4726-4978 CVE-2020-0710 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-63fw-7jgf-5hwv CVE-2020-0711 HIGH over 3 years ago
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memor...
nuget
No PRs yet
Umbraco CMS vulnerable to CSRF
GHSA-gqqf-8cx6-9r7h CVE-2020-7210 MODERATE over 3 years ago
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
nuget
No PRs yet
Remote code execution in Microsoft.WindowsDesktop.App.Ref
GHSA-r4mw-gxf7-vxr9 CVE-2020-0606 HIGH over 3 years ago
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successf...
nuget
No PRs yet
Remote code execution in ASP.NET Core
GHSA-655q-9gvg-q4cm CVE-2020-0603 HIGH over 3 years ago
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfu...
nuget
No PRs yet
Denial of service in ASP.NET Core
GHSA-23cv-jh4v-vffm CVE-2020-0602 MODERATE over 3 years ago
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
nuget
No PRs yet
Open redirect in ASP.NET Core
GHSA-prrf-397v-83xh CVE-2019-1075 MODERATE over 3 years ago
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
nuget
No PRs yet
Blogifier does not properly restrict APIs
GHSA-qcx4-gfh8-w5p5 CVE-2019-12277 CRITICAL over 3 years ago
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for `..` in a pathname. The issue is patched in...
nuget
No PRs yet
Denial of service in ASP.NET Core
GHSA-4jxx-4qxw-prxm CVE-2019-0982 HIGH over 3 years ago
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
nuget
No PRs yet
Denial of service in ASP.NET Core
GHSA-5f2m-466j-3848 CVE-2019-0981 HIGH over 3 years ago
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial ...
nuget
No PRs yet
Denial of service in ASP.NET Core
GHSA-xhfc-gr8f-ffwc CVE-2019-0980 HIGH over 3 years ago
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial ...
nuget
No PRs yet
SiteServer CMS RCE via unsafe file upload
GHSA-ff4w-8chr-w2x9 CVE-2019-11401 HIGH over 3 years ago
A issue was discovered in SiteServer CMS prior to version 6.12. It allows remote attackers to execute arbitrary code because an administrator can a...
nuget
No PRs yet
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
GHSA-9fc5-q25c-r2wr CVE-2014-4172 CRITICAL over 3 years ago
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3....
maven nuget packagist
No PRs yet
DotNetNuke (DNN) Open redirect vulnerability
GHSA-mj48-f959-pqph CVE-2013-7335 MODERATE over 3 years ago
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites ...
nuget
No PRs yet
Umbraco CMS vulnerable to CSRF
GHSA-5f6p-4hxq-rjxm CVE-2015-8814 HIGH over 3 years ago
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demo...
nuget
No PRs yet
Umbraco CMS vulnerable to CSRF
GHSA-x34j-wxq8-7vcm CVE-2015-8813 HIGH over 3 years ago
The `Page_Load` function in [Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs](https://github.com/umbraco/Umbraco-CMS/commit/92...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-68cp-h96v-gg3x CVE-2017-0224 HIGH over 3 years ago
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-rm8g-7g54-w6fh CVE-2017-0235 HIGH over 3 years ago
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-ghwq-7v3r-5433 CVE-2017-0252 CRITICAL over 3 years ago
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Sc...
nuget
No PRs yet
New Relic .NET Agent contains SQL Injection
GHSA-2rvx-cvfc-mcp2 CVE-2017-9246 CRITICAL over 3 years ago
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of th...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-448h-7hmp-99fg CVE-2017-0223 CRITICAL over 3 years ago
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Sc...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-6p7q-85qq-7c43 CVE-2017-0234 HIGH over 3 years ago
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory...
nuget
No PRs yet
ChakraCore RCE Vulnerability
GHSA-p3rw-88pp-w4jh CVE-2017-0236 HIGH over 3 years ago
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory...
nuget
No PRs yet
ChakraCore information disclosure vulnerability
GHSA-pjpr-2qqp-gprf CVE-2017-0208 MODERATE over 3 years ago
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An at...
nuget
No PRs yet
Deserialization of Untrusted Data in NancyFX Nancy
GHSA-mx3q-j2g2-5qxq CVE-2017-9785 CRITICAL over 3 years ago
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
nuget
No PRs yet