Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-438c-3975-5x3f
  • npm/tinymce
  • NuGet/TinyMCE
  • Packagist/tinymce/tinymce
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
  • 3.4.3.2
  • 3.4.4
  • 3.4.5
  • 3.4.7
  • 3.5.0
  • 3.5.0.1
  • 3.5.1
  • ...
2024-03-26T21:23:47Z Fix available
GHSA-5359-pvf2-pw78
  • Packagist/tinymce/tinymce
  • npm/tinymce
  • NuGet/TinyMCE
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
  • 4.0.0
  • 4.0.1
  • 4.0.10
  • 4.0.11
  • 4.0.12
  • 4.0.13
  • 4.0.14
  • ...
2024-03-26T21:23:45Z Fix available
GHSA-rf39-3f98-xr7r
  • NuGet/wix
  • NuGet/WixToolset.Sdk
WiX based installers are vulnerable to binary hijack when run as SYSTEM
  • 3.10.0
  • 3.10.0.1719-pre
  • 3.10.0.1726-pre
  • 3.10.0.2103-pre
  • 3.10.0.2103-pre1
  • 3.10.1
  • 3.10.2
  • ...
2024-03-25T19:42:32Z Fix available
GHSA-jx4p-m4wm-vvjg
  • NuGet/wix
  • NuGet/WixToolset.Util.wixext
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
  • 3.10.0
  • 3.10.0.1719-pre
  • 3.10.0.1726-pre
  • 3.10.0.2103-pre
  • 3.10.0.2103-pre1
  • 3.10.1
  • 3.10.2
  • ...
2024-03-25T19:42:17Z Fix available
GHSA-g4v6-69p6-q3p4
  • NuGet/PanelSwWix4.Sdk
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
  • See details.
2024-03-25T19:36:25Z Fix available
GHSA-wq88-fq4x-h2pm
  • NuGet/PanelSW.Custom.WiX
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
  • 3.12.0-b100
  • 3.12.0-b45
  • 3.12.0-b48
  • 3.12.0-b53
  • 3.12.0-b57
  • 3.12.0-b59
  • 3.12.0-b60
  • ...
2024-03-25T19:35:53Z Fix available
GHSA-552f-97wf-pmpq
  • NuGet/UmbracoCMS
Umbraco possible user enumeration
  • See details.
2024-03-20T17:54:35Z Fix available
GHSA-32jq-mv89-5rx7
  • NuGet/CoreWCF.NetFramingBase
CoreWCF NetFraming based services can leave connections open when they should be closed
  • 1.4.0
  • 1.4.1
  • 1.5.0
  • 1.5.1
2024-03-15T19:20:17Z Fix available
GHSA-2x7m-gf85-3745
  • NuGet/Microsoft.Native.Quic.MsQuic.OpenSSL
  • NuGet/Microsoft.Native.Quic.MsQuic.Schannel
Remote Denial of Service Vulnerability in Microsoft QUIC
  • 1.8.0
  • 1.8.0
2024-03-13T17:14:43Z Fix available
GHSA-5fxj-whcv-crrc
  • NuGet/Microsoft.NETCore.App.Runtime.linux-arm
  • NuGet/Microsoft.NETCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.NETCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.NETCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.NETCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.NETCore.App.Runtime.linux-x64
  • NuGet/Microsoft.NETCore.App.Runtime.osx-arm64
  • NuGet/Microsoft.NETCore.App.Runtime.osx-x64
  • NuGet/Microsoft.NETCore.App.Runtime.win-arm
  • NuGet/Microsoft.NETCore.App.Runtime.win-arm64
  • NuGet/Microsoft.NETCore.App.Runtime.win-x64
  • NuGet/Microsoft.NETCore.App.Runtime.win-x86
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
  • 7.0.0
  • 7.0.1
  • 7.0.10
  • 7.0.11
  • 7.0.12
  • 7.0.13
  • 7.0.14
  • ...
2024-03-12T20:07:59Z Fix available
GHSA-65x7-c272-7g7r
  • NuGet/SixLabors.ImageSharp
Use After Free in SixLabors.ImageSharp
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.1.0
  • 3.1.1
  • 3.1.2
  • 1.0.0
  • ...
2024-03-05T16:26:15Z Fix available
GHSA-75x2-6h4m-h6mx
  • NuGet/FullStackHero.WebAPI.Boilerplate
FullStackHero's WebAPI Boilerplate host header injection vulnerability
  • 1.0.0
2024-02-29T03:33:18Z No fix available
GHSA-5jjq-8cvj-v6m9
  • NuGet/Serenity.Net.Core
  • npm/@serenity-is/corelib
Cross-site Scripting in Serenity
  • 5.0.0
  • 5.0.1
  • 5.0.10
  • 5.0.11
  • 5.0.12
  • 5.0.13
  • 5.0.17
  • ...
2024-02-19T06:30:33Z Fix available
GHSA-68w7-72jg-6qpp
  • NuGet/NuGet.CommandLine
  • NuGet/NuGet.Packaging
NuGet Client Security Feature Bypass Vulnerability
  • 4.6.2
  • 4.6.3
  • 4.6.4
  • 4.7.1
  • 4.7.2
  • 4.7.3
  • 4.8.2
  • ...
2024-02-13T21:18:10Z Fix available
GHSA-g74q-5xw3-j7q9
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x86
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
  • 3.0.0
  • 3.0.0-preview5-19227-01
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.1.0
  • 3.1.1
  • ...
2024-02-13T19:49:43Z Fix available
GHSA-8v28-3g86-chj5
  • NuGet/PanelSwWix4.Sdk
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
  • See details.
2024-02-08T18:24:35Z Fix available