Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-32f8-hmr3-7vxg
  • NuGet/Microsoft.Azure.Storage.DataMovement
Azure Storage Movement Client Library Denial of Service Vulnerability
  • 0.1.0
  • 0.10.0
  • 0.10.1
  • 0.11.0
  • 0.12.0
  • 0.2.0
  • 0.3.0
  • ...
2024-06-11T18:30:50Z Fix available
GHSA-m5vv-6r4h-3vj9
  • PyPI/azure-identity
  • npm/@azure/identity
  • Maven/com.azure:azure-identity
  • npm/@azure/msal-node
  • NuGet/Microsoft.Identity.Client
  • Go/github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • Maven/com.microsoft.azure:msal4j
  • NuGet/Azure.Identity
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
  • 1.0.0
  • 1.0.0b1
  • 1.0.0b2
  • 1.0.0b3
  • 1.0.0b4
  • 1.0.1
  • 1.1.0
  • ...
2024-06-11T18:30:50Z Fix available
GHSA-rpj9-xjwm-wr6w
  • NuGet/Umbraco.Commerce
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
  • 12.0.0
  • 12.1.0
  • 12.1.0-rc1
  • 12.1.1
  • 12.1.2
  • 12.1.3
  • 10.0.0
  • ...
2024-05-28T21:18:04Z Fix available
GHSA-p572-p2rj-q5f4
  • NuGet/Umbraco.Forms
Umbraco Forms components vulnerable to Stored Cross-site Scripting
  • 13.0.0
  • 12.0.0
  • 12.1.0
  • 12.1.0-rc1
  • 12.1.1
  • 12.1.2
  • 12.2.0
  • ...
2024-05-28T20:40:31Z Fix available
GHSA-gvpc-3pj6-4m9w
  • NuGet/UmbracoCms.Core
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 8.0.3
  • 8.1.0
  • 8.1.1
  • 8.1.2
  • ...
2024-05-21T14:47:24Z Fix available
GHSA-j74q-mv2c-rxmp
  • NuGet/UmbracoCms.Core
  • NuGet/Umbraco.Cms.Web.BackOffice
Umbraco CMS Open Redirect Bypass Protection
  • 8.18.10
  • 8.18.11
  • 8.18.12
  • 8.18.13
  • 8.18.5
  • 8.18.6
  • 8.18.7
  • ...
2024-05-21T14:29:18Z Fix available
GHSA-hhc7-x9w4-cw47
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x86
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
  • 7.0.0
  • 7.0.1
  • 7.0.10
  • 7.0.11
  • 7.0.12
  • 7.0.13
  • 7.0.14
  • ...
2024-05-14T20:31:00Z Fix available
GHSA-7fcr-8qw6-92fr
  • NuGet/Microsoft.NetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.NetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.NetCore.App.Runtime.osx-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.NetCore.App.Runtime.win-arm
  • NuGet/Microsoft.NetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.win-x64
  • NuGet/Microsoft.NetCore.App.Runtime.win-x86
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
  • 7.0.0
  • 7.0.1
  • 7.0.10
  • 7.0.11
  • 7.0.12
  • 7.0.13
  • 7.0.14
  • ...
2024-05-14T20:30:57Z Fix available
GHSA-wchx-rm6h-7jf6
  • NuGet/Microsoft.PowerBI.JavaScript
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
  • 1.0.11-prevew
  • 1.0.11-preview
  • 1.0.12-preview
  • 1.1.0
  • 2.0.0
  • 2.10.0
  • 2.10.1
  • ...
2024-05-14T18:31:05Z No fix available
GHSA-8xfc-gm6g-vgpv
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
  • Maven/org.bouncycastle:bc-fips
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
  • 1.71
  • 1.71.1
  • 1.72
  • 1.73
  • 1.74
  • 1.75
  • 1.76
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-m44j-cfrm-g8qc
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
  • 1.71
  • 1.71.1
  • 1.72
  • 1.73
  • 1.74
  • 1.75
  • 1.76
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-v435-xc8x-wvr9
  • Maven/org.bouncycastle:bctls-fips
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
  • 1.0.0
  • 1.0.1
  • 1.0.10
  • 1.0.10.1
  • 1.0.10.2
  • 1.0.10.3
  • 1.0.11
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-x9vc-6hfv-hg8c
  • NuGet/Npgsql
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 2.0.11
  • 2.0.12
  • 2.0.12.1
  • 2.0.13-beta1
  • ...
2024-05-09T15:12:49Z Fix available
GHSA-287f-46j7-j4wh
  • NuGet/Umbraco.Workflow
  • NuGet/Plumber.Workflow
Umbraco Workflow's Backoffice users can execute arbitrary SQL
  • 10.0.0
  • 10.1.0
  • 10.1.0-rc1
  • 10.1.1
  • 10.1.2
  • 10.2.0
  • 10.2.0-rc1
  • ...
2024-04-24T17:04:34Z Fix available
GHSA-6qmx-42h2-j8h6
  • NuGet/Microsoft.WindowsDesktop.App.Runtime.win-arm64
  • NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x64
  • NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x86
.NET Elevation of Privilege Vulnerability
  • 5.0.0
  • 5.0.1
  • 5.0.10
  • 5.0.11
  • 5.0.12
  • 5.0.13
  • 5.0.14
  • ...
2024-04-17T18:21:57Z Fix available
GHSA-74p6-39f2-23v3
  • NuGet/Umbraco.Cms.Core
  • NuGet/Umbraco.Cms.Web.BackOffice
Blind SSRF Leads to Port Scan by using Webhooks
  • 13.0.0
  • 13.0.1
  • 13.0.2
  • 13.0.3
  • 13.1.0
  • 13.1.0-rc
  • 13.0.0
  • ...
2024-04-17T18:20:28Z Fix available