Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-q3v2-xj35-9grx
  • NuGet/Umbraco.AI
Umbraco.AI discloses sensitive application configuration values 22 hours ago
  • Fix available
  • Severity - 4.9 (Medium)
MAL-2026-7451
  • NuGet/vspropertypages
Malicious code in vspropertypages (NuGet) 07 Jul
  • No fix available
MAL-2026-7450
  • NuGet/security_hacks
Malicious code in security_hacks (NuGet) 07 Jul
  • No fix available
MAL-2026-7448
  • NuGet/hackney.core.enums
Malicious code in hackney.core.enums (NuGet) 07 Jul
  • No fix available
MAL-2026-7449
  • NuGet/hackney.core.jwt
Malicious code in hackney.core.jwt (NuGet) 07 Jul
  • No fix available
GHSA-7jvp-hj45-2f2m
  • NuGet/Scriban
Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass) 06 Jul
  • Fix available
  • Severity - 7.7 (High)
GHSA-4j9m-h44m-2hv8
  • NuGet/Steeltoe.Configuration.Encryption
Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding 02 Jul
  • Fix available
  • Severity - 1.9 (Low)
GHSA-rxrh-4j9h-xgg9
  • NuGet/Steeltoe.Configuration.Abstractions
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted 02 Jul
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-7fqc-p256-7pwj
  • NuGet/Steeltoe.Security.Authentication.CloudFoundryBase
  • NuGet/Steeltoe.Security.Authentication.JwtBearer
  • NuGet/Steeltoe.Security.Authentication.OpenIdConnect
Steeltoe's static JWKS cache shared across schemes and never invalidated 02 Jul
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-227r-jm2g-7cp4
  • NuGet/Steeltoe.Management.Endpoint
  • NuGet/Steeltoe.Management.EndpointBase
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission 02 Jul
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-q62h-354g-5r85
  • NuGet/Steeltoe.Management.Endpoint
  • NuGet/Steeltoe.Management.EndpointCore
Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords 02 Jul
  • Fix available
  • Severity - 7.5 (High)
GHSA-j8ph-6fxj-g533
  • NuGet/Steeltoe.Discovery.Eureka
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch 02 Jul
  • Fix available
  • Severity - 7.5 (High)
GHSA-58f6-6rj2-3v8r
  • NuGet/Steeltoe.Management.Endpoint
  • NuGet/Steeltoe.Management.EndpointCore
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header 02 Jul
  • Fix available
  • Severity - 8.2 (High)
GHSA-85jm-cwp2-mvpv
  • NuGet/CefSharp.Common
CefSharp.Common: `FolderSchemeHandlerFactory` path boundary check can expose files outside the configured root folder 30 Jun
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-v5pm-xwqc-g5wc
  • NuGet/Microsoft.OpenApi
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing 30 Jun
  • Fix available
  • Severity - 7.5 (High)
GHSA-44cp-c3ww-9rv5
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • NuGet/Magick.NET-Q16-HDRI-x64
  • ... 12 more
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image 26 Jun
  • Fix available
  • Severity - 6.2 (Medium)