Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,830

Total Advisories

1,801

With Dependabot PRs

3,510

Critical Severity

8,627

High Severity

Clear All Filters
DNN Vulnerable to Stored XSS Using Backend Admin Credentials
GHSA-gj8m-5492-q98h CVE-2025-59546 LOW 2 months ago
# Summary Users that can edit modules could set a title that includes scripts. # Description Some users (administrators and content editors) can s...
nuget
No PRs yet
ImageMagick BlobStream Forward-Seek Under-Allocation
GHSA-23hg-53q6-hqfg CVE-2025-57807 LOW 3 months ago
**Reporter:** Lumina Mescuwa **Product:** ImageMagick 7 (MagickCore) **Component:** `MagickCore/blob.c` (Blob I/O - BlobStream) **Tested:** 7...
nuget
No PRs yet
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash
GHSA-fh55-q5pj-pxgw CVE-2025-55212 LOW 3 months ago
## Summary Passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, Thumbn...
nuget
No PRs yet
ImageMagick has a heap-buffer-overflow
GHSA-fff3-4rp7-px97 LOW 3 months ago
### Summary While Processing a crafted TIFF file, imagemagick crashes. ### Details Following is the imagemagick version: ``` imagemagick_git/build...
nuget
No PRs yet
ImageMagick has a Memory Leak in magick stream
GHSA-cfh4-9f7v-fhrc CVE-2025-53019 LOW 3 months ago
## Summary In ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory...
nuget
No PRs yet
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename
GHSA-hm4x-r5hc-794f CVE-2025-53014 LOW 3 months ago
# Heap Buffer Overflow in InterpretImageFilename ## Summary A heap buffer overflow was identified in the `InterpretImageFilename` function of Imag...
nuget
No PRs yet
DNN site Import could use an external source with a crafted request
GHSA-62mf-vhhw-xmf8 CVE-2025-48376 LOW 6 months ago
A malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported.
nuget
No PRs yet
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
GHSA-2qrj-g9hq-chph CVE-2025-47280 LOW 7 months ago
### Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workf...
nuget
No PRs yet
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file
GHSA-c82r-c9f7-f5mj CVE-2025-46326 LOW 7 months ago
# Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET (“Connector”). When using the Easy Logging feature ...
nuget
No PRs yet
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package
GHSA-mgr7-5782-6jh9 LOW 11 months ago
### Impact The Heartcore headless client library depends on [Refit ](https://github.com/reactiveui/refit) to assist in making HTTP requests to Hear...
nuget
No PRs yet
Oqtane Framework Insecure Direct Object Reference vulnerability
GHSA-2hr5-cvwp-jr5w CVE-2024-55186 LOW 12 months ago
An IDOR (Insecure Direct Object Reference) vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of ot...
nuget
No PRs yet
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
GHSA-v9xq-2mvm-x8xc CVE-2024-49755 LOW about 1 year ago
### Impact IdentityServer's local API authentication handler performs insufficient validation of the `cnf` claim in DPoP access tokens. This allows...
nuget
4
Dependabot PRs
66%
Merged
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
GHSA-4gp9-ff99-j6vj CVE-2024-48925 LOW about 1 year ago
### Impact An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information th...
nuget
No PRs yet
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
GHSA-vmcp-66r5-3pcp CVE-2024-40636 LOW over 1 year ago
### Summary When utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry, an err...
nuget
No PRs yet
Umbraco Forms components vulnerable to Stored Cross-site Scripting
GHSA-p572-p2rj-q5f4 CVE-2024-35239 LOW over 1 year ago
### Impact Authenticated user that has access to edit Forms may inject unsafe code into Forms components. ### Patches Issue can be mitigated by c...
nuget
No PRs yet
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
GHSA-x674-v45j-fwxw CVE-2024-27086 LOW over 1 year ago
>[!IMPORTANT] >**ONLY** applications targeting Xamarin Android and .NET Android (MAUI) are impacted. All others can safely dismiss this CVE. ### I...
nuget
No PRs yet
Umbraco possible user enumeration
GHSA-552f-97wf-pmpq CVE-2024-28868 LOW over 1 year ago
### Impact A user enumeration attack is possible. ### Affected versions Umbraco 10 with access to the native login screen ### Patches This is fix...
nuget
1
Dependabot PRs
100%
Merged
Stored XSS via SVG File Upload
GHSA-6xmx-85x3-4cv2 CVE-2023-49279 LOW almost 2 years ago
#### Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media di...
nuget
No PRs yet
Brute force exploit can be used to collect valid usernames
GHSA-7x74-h8cw-qhxq CVE-2023-49278 LOW almost 2 years ago
#### Impact A brute force exploit that can be used to collect valid usernames is possible. #### Explanation of the vulnerability It's a brute for...
nuget
No PRs yet
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
GHSA-8qp8-9rpw-j46c CVE-2023-49274 LOW almost 2 years ago
#### Impact A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled #### Explanation of the vulnerab...
nuget
3
Dependabot PRs
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
GHSA-6324-52pr-h4p5 CVE-2023-49089 LOW almost 2 years ago
#### Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. #### E...
nuget
3
Dependabot PRs
Backoffice User can bypass "Publish" restriction
GHSA-335x-5wcm-8jv2 CVE-2023-48227 LOW almost 2 years ago
#### Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. #### Explanation ...
nuget
No PRs yet
Possible injection of HTML into user invite mails
GHSA-xxc6-35r7-796w CVE-2023-38694 LOW almost 2 years ago
#### Impact A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. #### Explana...
nuget
No PRs yet
Stale copy of the public suffix list
GHSA-w4x6-hh3x-wjrx LOW almost 2 years ago
We have identified that this project contains an out-of-date version of the Public Suffix List (https://publicsuffix.org/). We are carrying out res...
nuget
No PRs yet
Exposure of Sensitive Information in Elastic APM .NET Agent
GHSA-hx93-gc73-5rpr CVE-2021-22143 LOW about 2 years ago
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent...
nuget
No PRs yet
Moq v4.20.0-rc to 4.20.1 share hashed user data
GHSA-6r78-m64m-qwcf LOW over 2 years ago
Moq v4.20.0-rc to 4.20.1 include support for [SponsorLink](https://github.com/devlooped/SponsorLink), which runs an obfuscated DLL at build time th...
nuget
No PRs yet
EnumStringValues vulnerable to Uncontrolled Resource Consumption
GHSA-vq23-hwg7-hxrh CVE-2020-36620 LOW almost 3 years ago
A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStrin...
nuget
No PRs yet
Temporary File Information Disclosure vulnerability in MPXJ
GHSA-jf2p-4gqj-849g CVE-2022-41954 LOW about 3 years ago
### Impact On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created ...
maven nuget pypi
No PRs yet
XSS in HtmlSanitizer
GHSA-8j9v-h2vp-2hhv CVE-2020-26293 LOW almost 5 years ago
### Impact If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer...
nuget
No PRs yet
personnummer/csharp vulnerable to Improper Input Validation
GHSA-qv8q-v995-72gr LOW about 5 years ago
This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packag...
nuget
No PRs yet
Low severity vulnerability that affects Gw2Sharp
GHSA-4vr3-9v7h-5f8v LOW over 6 years ago
## Leaking cached authenticated requests ### Impact If you've been using one `MemoryCacheMethod` object in multiple instances of `Gw2WebApiClient`...
nuget
No PRs yet