Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,788

Total Advisories

1,796

With Dependabot PRs

3,506

Critical Severity

8,618

High Severity

Clear All Filters
Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability
GHSA-w3q9-fxm7-j8fq CVE-2025-55247 HIGH about 2 months ago
# Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
Amazon.IonDotnet is vulnerable to Denial of Service attacks
GHSA-q5r6-9qwq-g2wj CVE-2025-11573 HIGH about 2 months ago
### Summary Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under cert...
nuget
No PRs yet
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow
GHSA-mxvv-97wh-cfmm CVE-2025-57803 HIGH 3 months ago
## Summary A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses `bytes_per_line` (stride) to a tiny value while th...
nuget
No PRs yet
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution
GHSA-9ccg-6pjw-x645 CVE-2025-55298 HIGH 3 months ago
## Summary A format string bug vulnerability exists in `InterpretImageFilename` function where user input is directly passed to `FormatLocaleString...
nuget
No PRs yet
imagemagick: integer overflows in MNG magnification
GHSA-qp29-wxp5-wh82 CVE-2025-55154 HIGH 3 months ago
## **Vulnerability Details** The magnified size calculations in `ReadOneMNGIMage` (in `coders/png.c`) are unsafe and can overflow, leading to memo...
nuget
No PRs yet
imagemagick: heap-buffer overflow read in MNG magnification with alpha
GHSA-cjc8-g9w8-chfw CVE-2025-55004 HIGH 3 months ago
## **Vulnerability Details** When performing image magnification in `ReadOneMNGIMage` (in `coders/png.c`), there is an issue around the handling o...
nuget
No PRs yet
ImageMagick has a Stack Buffer Overflow in image.c
GHSA-qh3h-j545-h8c9 CVE-2025-53101 HIGH 3 months ago
Hi, we have found a stack buffer overflow and would like to report this issue. Could you confirm if this qualifies as a security vulnerability? I a...
nuget
No PRs yet
ImageMagick has XMP profile write that triggers hang due to unbounded loop
GHSA-vmhh-8rxq-fp9g CVE-2025-53015 HIGH 4 months ago
### Summary Infinite lines occur when writing during a specific XMP file conversion command ### Details ``` #0 GetXmpNumeratorAndDenominator (deno...
nuget
5
Dependabot PRs
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
GHSA-mgfv-2362-jq96 CVE-2025-52488 HIGH 5 months ago
DNN.PLATFORM allows a specially crafted series of malicious interaction can expose NTLM hashes to a third party SMB server. This vulnerability is f...
nuget
1
Dependabot PRs
DNN.PLATFORM possibly allows bypass of IP Filters
GHSA-fjhg-3mrh-mm7h CVE-2025-52487 HIGH 5 months ago
DNN.PLATFORM allows a specially crafted request or proxy to be created that would bypass the design of DNN Login IP Filters allowing login attempts...
nuget
No PRs yet
DotVVM allows path traversal when deployed in Debug mode
GHSA-6q65-j4jw-9cg8 HIGH 6 months ago
### Description There is a path traversal vulnerability in any DotVVM application started in Debug mode, if at least one resource with the `FileRe...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability
GHSA-266m-wp2v-x7mq CVE-2025-30399 HIGH 6 months ago
# Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is r...
nuget
No PRs yet
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability
GHSA-h4j7-5rxr-p4wc CVE-2025-26646 HIGH 7 months ago
# Microsoft Security Advisory CVE-2025-26646: .NET Spoofing Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is relea...
nuget
No PRs yet
Infinite loop condition in Amazon.IonDotnet
GHSA-gm2p-wf5c-w3pj CVE-2025-3857 HIGH 7 months ago
## Summary [Amazon.IonDotnet (ion-dotnet)](https://github.com/amazon-ion/ion-dotnet) is a .NET library with an implementation of the [Ion data ser...
nuget
No PRs yet
CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows
GHSA-f87w-3j5w-v58p HIGH 8 months ago
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to per...
nuget
No PRs yet
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
GHSA-q62r-8ppj-xvf4 CVE-2025-32017 HIGH 8 months ago
### Impact Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to up...
nuget
4
Dependabot PRs
25%
Merged
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
GHSA-2865-hh9g-w894 CVE-2025-24070 HIGH 9 months ago
# Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability ## Executive summary Microsoft is releasing this security...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability
GHSA-hpw7-8qpc-34p3 CVE-2025-24043 HIGH 9 months ago
# Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Mi...
nuget
No PRs yet
DoS Vulnerability in TraceContextPropagator.Extract - OpenTelemetry.Api
GHSA-vc29-vg52-6643 HIGH 9 months ago
### Impact _What kind of vulnerability is it? Who is impacted?_ A vulnerability in `OpenTelemetry.Api` package `1.10.0` to `1.11.1` could cause a ...
nuget
No PRs yet
Out-of-bounds Write in SixLabors ImageSharp
GHSA-2cmq-823j-5qj8 CVE-2025-27598 HIGH 9 months ago
### Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially...
nuget
16
Dependabot PRs
6%
Merged
Property reflection in System.Linq.Dynamic.Core
GHSA-4cv2-4hjh-77rx CVE-2024-51417 HIGH 10 months ago
An issue in System.Linq.Dynamic.Core versions before v.1.6.0 allow remote access to properties on reflection types and static properties/fields.
nuget
8
Dependabot PRs
37%
Merged
Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability
GHSA-gjf6-3w4p-7xfh CVE-2025-21176 HIGH 11 months ago
# Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Execu...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability
GHSA-jjcv-wr2g-4rv4 CVE-2025-21172 HIGH 11 months ago
# Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Execu...
nuget
No PRs yet
Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability
GHSA-p54p-p3qm-8vgj CVE-2025-21171 HIGH 11 months ago
# Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micr...
nuget
No PRs yet
Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials
GHSA-86c2-4x57-wc8g CVE-2024-50338 HIGH 11 months ago
### Description The [Git credential protocol](https://git-scm.com/docs/git-credential#IOFMT) is text-based over standard input/output, and consists...
nuget
No PRs yet
Oqtane Framework Incorrect Access Control vulnerability
GHSA-995c-qww8-64fj CVE-2024-55470 HIGH 12 months ago
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation ...
nuget
No PRs yet
TShock Security Escalation Exploit
GHSA-hvm9-wc8j-mgrc HIGH 12 months ago
### Impact An issue with the way OTAPI manages client connections results in stale UUIDs remaining on `RemoteClient` instances after a player disco...
nuget
No PRs yet
DotNetZip Directory Traversal vulnerability
GHSA-xhg6-9j5j-w4vf CVE-2024-48510 HIGH about 1 year ago
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEnt...
nuget
No PRs yet
.NET Denial of Service Vulnerability
GHSA-6x36-qxmj-rv4p CVE-2024-43499 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-43499 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
GHSA-2qw8-ppr5-m96c CVE-2024-43383 HIGH about 1 year ago
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4...
nuget
7
Dependabot PRs
Security Update for the OPC UA .NET Standard Stack
GHSA-qm9f-c3v9-wphv HIGH about 1 year ago
This security update resolves a vulnerability in the OPC UA .NET Standard Stack that enables an unauthorized attacker to trigger a rapid increase i...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
GHSA-8g4q-xg66-9fp4 CVE-2024-43485 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
392
Dependabot PRs
2%
Merged
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
GHSA-f32c-w444-8ppv CVE-2024-43484 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
GHSA-qj66-m88j-hmgj CVE-2024-43483 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
62
Dependabot PRs
10%
Merged
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
GHSA-7vw9-cfwx-9gx9 CVE-2024-38229 HIGH about 1 year ago
# Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Micr...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
GHSA-7qrv-8f9x-3h32 CVE-2024-38168 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
No PRs yet
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
GHSA-c3h4-9gc2-f7h4 CVE-2024-41799 HIGH over 1 year ago
### Impact _What kind of vulnerability is it? Who is impacted?_ Low permission users using the "Set .dme Path" privilege could potentially set mal...
nuget
No PRs yet
SixLabors ImageSharp Out-of-bounds Write
GHSA-63p8-c4ww-9cg7 CVE-2024-41131 HIGH over 1 year ago
### Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially...
nuget
No PRs yet
Mimekit has vulnerable dependency that can lead to denial of service
GHSA-gmc6-fwg3-75m5 HIGH over 1 year ago
### Summary Denial of service vulnerability. ### Details See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/anno...
nuget
No PRs yet
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
GHSA-447r-wph3-92pm CVE-2024-38095 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
2
Dependabot PRs
Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability
GHSA-hq7w-xv5x-g34j CVE-2024-38081 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Mic...
nuget
2
Dependabot PRs
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
GHSA-hh2w-p6rv-4g7w CVE-2024-30105 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsof...
nuget
307
Dependabot PRs
1%
Merged
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
GHSA-fg4q-ccq8-3r5q CVE-2024-39677 HIGH over 1 year ago
### Impact A SQL injection vulnerability exists in some types implementing `ILiteralType.ObjectToSQLString`. Callers of these methods are exposed t...
nuget
2
Dependabot PRs
50%
Merged
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
GHSA-4q2p-hwmr-qcxc CVE-2024-33862 HIGH over 1 year ago
A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.5.374.54 could allow remote attackers to exhaust...
nuget
No PRs yet
Azure Storage Movement Client Library Denial of Service Vulnerability
GHSA-32f8-hmr3-7vxg CVE-2024-35252 HIGH over 1 year ago
Azure Storage Movement Client Library Denial of Service Vulnerability
nuget
No PRs yet
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
GHSA-x9vc-6hfv-hg8c CVE-2024-32655 HIGH over 1 year ago
### Summary The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length ...
nuget
42
Dependabot PRs
7%
Merged
.NET Elevation of Privilege Vulnerability
GHSA-6qmx-42h2-j8h6 CVE-2024-21409 HIGH over 1 year ago
# Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Mic...
nuget
No PRs yet
WiX based installers are vulnerable to binary hijack when run as SYSTEM
GHSA-rf39-3f98-xr7r CVE-2024-29187 HIGH over 1 year ago
### Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected a...
nuget
No PRs yet
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
GHSA-jx4p-m4wm-vvjg CVE-2024-29188 HIGH over 1 year ago
### Summary The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. ### Details...
nuget
No PRs yet
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
GHSA-g4v6-69p6-q3p4 HIGH over 1 year ago
# Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected ag...
nuget
No PRs yet