Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-5gg9-gwj4-mqmj
  • NuGet/OrchardCore
OrchardCore vulnerable to HTML injection
  • 1.0.0
  • 1.0.0-rc2-13450
  • 1.1.0
  • 1.2.0
  • 1.2.1
  • 1.2.2
  • 1.3.0
2022-10-04T22:45:28.941775Z Fix available
GHSA-9w72-2f23-57gm
  • NuGet/DotNetNuke.Core
  • NuGet/DotNetNuke.Web
DNN vulnerable to Relative Path Traversal
  • 6.0.0
  • 7.0.0
  • 7.0.6.121
  • 7.1.0
  • 7.1.2
  • 7.2.0.613
  • 7.3.0.499
  • ...
2022-10-03T22:37:18.506097Z Fix available
GHSA-gfhp-jgp6-838j
  • NuGet/CompositeC1.Core
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
  • 4.2.0
  • 4.2.1
  • 4.3.0
  • 4.3.0-beta1
  • 5.0.0
  • 5.1.0
  • 5.2.0
  • ...
2022-09-30T05:47:20.206128Z Fix available
GHSA-hpw7-3vq3-mmv6
  • NuGet/Wire
Insecure deserialization in Wire
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 0.7.0
  • ...
2022-09-25T03:32:20.333912Z No fix available
GHSA-qhqf-ghgh-x2m4
  • NuGet/Microsoft.AspNetCore.Mvc
  • NuGet/Microsoft.AspNetCore.Mvc
  • NuGet/Microsoft.AspNetCore.Mvc.Core
  • NuGet/Microsoft.AspNetCore.Mvc.Core
  • NuGet/System.Net.Http
  • NuGet/System.Net.Http
  • NuGet/System.Text.Encodings.Web
  • NuGet/System.Text.Encodings.Web
  • NuGet/System.Net.Http.WinHttpHandler
  • NuGet/System.Net.Http.WinHttpHandler
  • NuGet/System.Net.Security
  • NuGet/System.Net.Security
  • NuGet/System.Net.WebSockets.Client
  • NuGet/System.Net.WebSockets.Client
  • NuGet/Microsoft.AspNetCore.Mvc.Abstractions
  • NuGet/Microsoft.AspNetCore.Mvc.Abstractions
  • NuGet/Microsoft.AspNetCore.Mvc.ApiExplorer
  • NuGet/Microsoft.AspNetCore.Mvc.ApiExplorer
  • NuGet/Microsoft.AspNetCore.Mvc.Cors
  • NuGet/Microsoft.AspNetCore.Mvc.Cors
  • NuGet/Microsoft.AspNetCore.Mvc.DataAnnotations
  • NuGet/Microsoft.AspNetCore.Mvc.DataAnnotations
  • NuGet/Microsoft.AspNetCore.Mvc.Formatters.Json
  • NuGet/Microsoft.AspNetCore.Mvc.Formatters.Json
  • NuGet/Microsoft.AspNetCore.Mvc.Formatters.Xml
  • NuGet/Microsoft.AspNetCore.Mvc.Formatters.Xml
  • NuGet/Microsoft.AspNetCore.Mvc.Localization
  • NuGet/Microsoft.AspNetCore.Mvc.Localization
  • NuGet/Microsoft.AspNetCore.Mvc.Razor.Host
  • NuGet/Microsoft.AspNetCore.Mvc.Razor.Host
  • NuGet/Microsoft.AspNetCore.Mvc.Razor
  • NuGet/Microsoft.AspNetCore.Mvc.Razor
  • NuGet/Microsoft.AspNetCore.Mvc.TagHelpers
  • NuGet/Microsoft.AspNetCore.Mvc.TagHelpers
  • NuGet/Microsoft.AspNetCore.Mvc.ViewFeatures
  • NuGet/Microsoft.AspNetCore.Mvc.ViewFeatures
  • NuGet/Microsoft.AspNetCore.Mvc.WebApiCompatShim
  • NuGet/Microsoft.AspNetCore.Mvc.WebApiCompatShim
  • NuGet/DisCatSharp
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.1.0
  • 1.1.1
  • 1.1.2
  • ...
2022-09-25T03:31:48.187439Z Fix available
GHSA-8m73-w2r2-6xxj
  • NuGet/UmbracoForms
Insecure defaults in UmbracoForms
  • 4.0.0
  • 4.0.1
  • 4.0.1-Build111
  • 4.0.2
  • 4.0.3
  • 4.1.0
  • 4.1.1
  • ...
2022-09-25T03:30:27.058794Z No fix available
GHSA-hh56-x62g-gvhc
  • NuGet/CLEditor
Cross-site scripting in CLEditor
  • 1.3.0
  • 1.4.1
  • 1.4.3
  • 1.4.4
  • 1.4.5
2022-09-25T03:30:14.230510Z No fix available
GHSA-vh38-ghx6-vmvg
  • NuGet/Masuit.Tools.Core
Code Injection in Masuit.Tools.Core
  • 1.0.0
  • 1.7.7
  • 1.7.9
  • 1.8.0
  • 1.8.1
  • 1.8.2
  • 1.8.3
  • ...
2022-09-24T03:29:59.583738Z No fix available
GHSA-mv2r-q4g5-j8q5
  • NuGet/Microsoft.Data.OData
  • NuGet/Microsoft.AspNetCore.DataProtection.AzureStorage
  • NuGet/Microsoft.AspNetCore.DataProtection.AzureStorage
  • NuGet/Microsoft.AspNetCore.All
  • NuGet/Microsoft.AspNetCore.All
Denial of service in ASP.NET Core
  • 5.0.0.50403
  • 5.0.1
  • 5.0.1-rc
  • 5.0.2
  • 5.0.2-rc
  • 5.1.0
  • 5.1.0-rc
  • ...
2022-09-22T04:12:10.872878Z Fix available
GHSA-2m65-m22p-9wjw
  • NuGet/System.Security.Cryptography.Xml
  • NuGet/System.Security.Cryptography.Xml
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x86
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x86
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm
.NET Information Disclosure Vulnerability
  • 4.4.0
  • 4.4.0-preview1-25305-02
  • 4.4.0-preview2-25405-01
  • 4.4.1
  • 4.4.2
  • 4.5.0
  • 4.5.0-preview1-25914-04
  • ...
2022-09-22T04:02:12.148308Z Fix available
GHSA-xr8f-59pp-rxxh
  • NuGet/Microsoft.AspNetCore.SpaServices
  • NuGet/Microsoft.AspNetCore.SpaServices
Elevation of privilege in ASP.NET Core
  • 2.2.0
  • 2.1.0
  • 2.1.1
2022-09-22T04:02:09.561312Z Fix available
GHSA-5q7q-qqw2-hjq7
  • NuGet/AjaxNetProfessional
AjaxNetProfessional deserializes arbitrary JavaScript objects
  • 21.10.30
  • 21.11.22
  • 21.11.29
  • 21.12.21.1
  • 21.12.8.1
2022-09-22T03:56:57.630535Z Fix available
GHSA-jc8g-xhw5-6x46
  • NuGet/Microsoft.NETCore.UniversalWindowsPlatform
  • NuGet/Microsoft.NETCore.UniversalWindowsPlatform
  • NuGet/Microsoft.NETCore.UniversalWindowsPlatform
  • NuGet/Microsoft.NETCore.UniversalWindowsPlatform
  • NuGet/System.ServiceModel.Primitives
  • NuGet/System.ServiceModel.Primitives
  • NuGet/System.ServiceModel.Primitives
  • NuGet/System.ServiceModel.Http
  • NuGet/System.ServiceModel.Http
  • NuGet/System.ServiceModel.Http
  • NuGet/System.ServiceModel.NetTcp
  • NuGet/System.ServiceModel.NetTcp
  • NuGet/System.ServiceModel.NetTcp
  • NuGet/System.ServiceModel.Duplex
  • NuGet/System.ServiceModel.Duplex
  • NuGet/System.ServiceModel.Duplex
  • NuGet/System.ServiceModel.Security
  • NuGet/System.ServiceModel.Security
  • NuGet/System.ServiceModel.Security
  • NuGet/System.Private.ServiceModel
  • NuGet/System.Private.ServiceModel
  • NuGet/System.Private.ServiceModel
Improper Certificate Validation in Microsoft .NET Framework components
  • 5.2.0
  • 5.2.1
  • 5.2.2
  • 5.2.3
  • 5.3.0
  • 5.3.1
  • 5.3.2
  • ...
2022-09-22T03:52:24.841964Z Fix available
GHSA-q7cg-43mg-qp69
  • NuGet/Microsoft.AspNetCore.Authentication.JwtBearer
  • NuGet/Microsoft.AspNetCore.Authentication.JwtBearer
  • NuGet/Microsoft.AspNetCore.Authentication.JwtBearer
ASP.NET Core Information Disclosure Vulnerability
  • 2.1.0
  • 2.1.1
  • 2.1.2
  • 3.0.0
  • 3.0.2
  • 3.0.3
  • 3.1.0
  • ...
2022-09-22T03:51:56.962863Z Fix available
GHSA-2cwj-8chv-9pp9
  • NuGet/log4net
XML External Entity attack in log4net
  • 1.2.10
  • 1.2.11
  • 2.0.0
  • 2.0.1
  • 2.0.2
  • 2.0.3
  • 2.0.4
  • ...
2022-09-22T03:47:43.032330Z Fix available
GHSA-fvxf-r9fw-49pc
  • NuGet/OPCFoundation.NetStandard.Opc.Ua.Core
Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core
  • 0.0.3
  • 0.0.6
  • 0.0.7
  • 0.0.8
  • 0.0.9
  • 0.1.0
  • 0.1.1
  • ...
2022-09-21T03:49:01.163245Z Fix available