Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-vmw2-qwm8-x84c
  • NuGet/Marten
 Marten has an injection vulnerability in its full-text search regConfig parameter yesterday
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-88q9-cmp2-c2vq
  • NuGet/OxidizePdf.NET
  • PyPI/oxidize-pdf
  • crates.io/oxidize-pdf
 oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) 5 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-6c8g-7p36-r338
  • NuGet/SharpCompress
 SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant) 08 May
  • No fix available
  • Severity - 5.9 (Medium)
GHSA-wfr5-454p-mjc2
  • NuGet/OpenTelemetry.Exporter.Instana
 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured 08 May
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-7j59-v9qr-6fq9
  • Go/github.com/microsoft/kiota-http-go
  • Maven/com.microsoft.kiota:microsoft-kiota-abstractions
  • NuGet/Microsoft.Kiota.Abstractions
  • PyPI/microsoft-kiota-http
  • npm/kiota-typescript
 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect 07 May
  • Fix available
  • Severity - 7.0 (High)
GHSA-2cwq-pwfr-wcw3
  • NuGet/Nerdbank.MessagePack
 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException 06 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-pggp-6c3x-2xmx
  • NuGet/Snappier
 Snappier has an infinite loop during SnappyStream decompression with malformed framed input 06 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-w2jh-77fq-7gp8
  • NuGet/OpenTelemetry.OpAmp.Client
 OpAMP client reads unbounded HTTP response bodies 05 May
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-8rq5-wwpp-fmj2
  • NuGet/YAFNET.Core
 YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers 05 May
  • Fix available
  • Severity - 7.3 (High)
GHSA-xhw7-j96h-c3g5
  • NuGet/YAFNET.Core
 YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` 05 May
  • Fix available
  • Severity - 8.8 (High)
GHSA-33gv-fc78-qgf5
  • NuGet/YAFNET.Core
 YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header 05 May
  • Fix available
  • Severity - 8.1 (High)
GHSA-4625-4j76-fww9
  • NuGet/OpenTelemetry.Exporter.OpenTelemetryProtocol
 OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter 30 Apr
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-55m9-299j-53c7
  • NuGet/OpenTelemetry.Exporter.OneCollector
 OneCollector exporter reads unbounded HTTP response bodies 29 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-vc24-j8c5-2vw4
  • NuGet/OpenTelemetry.Resources.Azure
 OpenTelemetry.Resources.Azure has an unbounded HTTP response body read 29 Apr
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-88hf-wf7h-7w4m
  • NuGet/OpenTelemetry.Exporter.Zipkin
 OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure 28 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-rrjr-v56m-ww88
  • NuGet/ParquetSharp
 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width 24 Apr
  • Fix available
  • Severity - 5.3 (Medium)
Load more...