Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pgvc-6h2p-q4f6
  • NuGet/Umbraco.Cms
Umbraco CMS disclosure of configured password requirements 24 Jun
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mgfv-2362-jq96
  • NuGet/DNN.PLATFORM
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input 20 Jun
  • Fix available
  • Severity - 8.6 (High)
GHSA-fjhg-3mrh-mm7h
  • NuGet/DNN.PLATFORM
DNN.PLATFORM possibly allows bypass of IP Filters 20 Jun
  • Fix available
  • Severity - 8.8 (High)
GHSA-wwc9-wmm3-2pmf
  • NuGet/DNN.PLATFORM
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed 20 Jun
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-pf4h-vrv6-cmvr
  • NuGet/DNN.PLATFORM
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects 20 Jun
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-6q65-j4jw-9cg8
  • NuGet/DotVVM
DotVVM allows path traversal when deployed in Debug mode 19 Jun
  • Fix available
  • Severity - 7.5 (High)
GHSA-px2c-r924-mwcc
  • NuGet/CouchbaseNetClient
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates 18 Jun
  • No fix available
  • Severity - 4.9 (Medium)
GHSA-266m-wp2v-x7mq
  • NuGet/Microsoft.NetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.NetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.NetCore.App.Runtime.osx-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.NetCore.App.Runtime.win-arm
  • NuGet/Microsoft.NetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.win-x64
  • NuGet/Microsoft.NetCore.App.Runtime.win-x86
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability 11 Jun
  • Fix available
  • Severity - 7.5 (High)
GHSA-fr6r-p8hv-x3c4
  • NuGet/Umbraco.Cms
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads 04 Jun
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-m4hf-fxcg-cp34
  • NuGet/DotNetNuke.Core
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline 23 May
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-79m3-rvx2-3qq9
  • NuGet/DotNetNuke.Web
  • NuGet/DotNetNuke.Core
Reflected Cross-Site Scripting (XSS) in module actions in edit mode 23 May
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-62mf-vhhw-xmf8
  • NuGet/DotNetNuke.SiteExportImport
DNN site Import could use an external source with a crafted request 23 May
  • Fix available
  • Severity - 3.5 (Low)
GHSA-h4j7-5rxr-p4wc
  • NuGet/Microsoft.Build.Tasks.Core
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability 13 May
  • Fix available
  • Severity - 8.0 (High)
GHSA-2qrj-g9hq-chph
  • NuGet/Umbraco.Forms
  • NuGet/UmbracoForms
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow 13 May
  • Fix available
  • Severity - 2.3 (Low)
GHSA-4g8m-5mj5-c8xg
  • NuGet/Umbraco.Cms
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response 06 May
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-c82r-c9f7-f5mj
  • NuGet/Snowflake.Data
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file 28 Apr
  • Fix available
  • Severity - 3.3 (Low)