Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
773502
AlmaLinux
5298
Alpaquita
11489
Alpine
4284
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
574
Bitnami
8375
Chainguard
9338
CleanStart
1780
CRAN
14
crates.io
2562
Debian
59799
Echo
6689
GHC
3
GIT
93590
GitHub Actions
54
Go
8169
Hackage
32
Hex
187
Julia
1091
Linux
25417
Mageia
6025
Maven
6695
MinimOS
89043
npm
222633
NuGet
1771
opam
19
openEuler
7237
openSUSE
13501
OSS-Fuzz
3960
Packagist
6697
Pub
11
PyPI
23806
Red Hat
21280
Rocky Linux
3672
Root
17504
RubyGems
4559
SUSE
21408
SwiftURL
58
TuxCare
5651
Ubuntu
57258
VSCode
20
Wolfi
6530
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-q3v2-xj35-9grx
NuGet/Umbraco.AI
Umbraco.AI discloses sensitive application configuration values
22 hours ago
Fix available
Severity - 4.9 (Medium)
MAL-2026-7451
NuGet/vspropertypages
Malicious code in vspropertypages (NuGet)
07 Jul
No fix available
MAL-2026-7450
NuGet/security_hacks
Malicious code in security_hacks (NuGet)
07 Jul
No fix available
MAL-2026-7448
NuGet/hackney.core.enums
Malicious code in hackney.core.enums (NuGet)
07 Jul
No fix available
MAL-2026-7449
NuGet/hackney.core.jwt
Malicious code in hackney.core.jwt (NuGet)
07 Jul
No fix available
GHSA-7jvp-hj45-2f2m
NuGet/Scriban
Scriban: Template Writes to Arbitrary CLR Properties via
`
TypedObjectAccessor
`
(Mass Assignment +
`
private
`
/
`
init
`
/
`
internal
`
Setter Bypass)
06 Jul
Fix available
Severity - 7.7 (High)
GHSA-4j9m-h44m-2hv8
NuGet/Steeltoe.Configuration.Encryption
Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding
02 Jul
Fix available
Severity - 1.9 (Low)
GHSA-rxrh-4j9h-xgg9
NuGet/Steeltoe.Configuration.Abstractions
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted
02 Jul
Fix available
Severity - 4.7 (Medium)
GHSA-7fqc-p256-7pwj
NuGet/Steeltoe.Security.Authentication.CloudFoundryBase
NuGet/Steeltoe.Security.Authentication.JwtBearer
NuGet/Steeltoe.Security.Authentication.OpenIdConnect
Steeltoe's static JWKS cache shared across schemes and never invalidated
02 Jul
Fix available
Severity - 5.9 (Medium)
GHSA-227r-jm2g-7cp4
NuGet/Steeltoe.Management.Endpoint
NuGet/Steeltoe.Management.EndpointBase
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission
02 Jul
Fix available
Severity - 6.5 (Medium)
GHSA-q62h-354g-5r85
NuGet/Steeltoe.Management.Endpoint
NuGet/Steeltoe.Management.EndpointCore
Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords
02 Jul
Fix available
Severity - 7.5 (High)
GHSA-j8ph-6fxj-g533
NuGet/Steeltoe.Discovery.Eureka
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
02 Jul
Fix available
Severity - 7.5 (High)
GHSA-58f6-6rj2-3v8r
NuGet/Steeltoe.Management.Endpoint
NuGet/Steeltoe.Management.EndpointCore
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
02 Jul
Fix available
Severity - 8.2 (High)
GHSA-85jm-cwp2-mvpv
NuGet/CefSharp.Common
CefSharp.Common:
`
FolderSchemeHandlerFactory
`
path boundary check can expose files outside the configured root folder
30 Jun
Fix available
Severity - 5.3 (Medium)
GHSA-v5pm-xwqc-g5wc
NuGet/Microsoft.OpenApi
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
30 Jun
Fix available
Severity - 7.5 (High)
GHSA-44cp-c3ww-9rv5
NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
NuGet/Magick.NET-Q16-HDRI-arm64
NuGet/Magick.NET-Q16-HDRI-x64
... 12 more
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
26 Jun
Fix available
Severity - 6.2 (Medium)
Load more...
NuGet - OSV