Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-gvpc-3pj6-4m9w
  • NuGet/UmbracoCms.Core
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 8.0.3
  • 8.1.0
  • 8.1.1
  • 8.1.2
  • ...
2024-05-21T14:47:24Z Fix available
GHSA-j74q-mv2c-rxmp
  • NuGet/UmbracoCms.Core
  • NuGet/Umbraco.Cms.Web.BackOffice
Umbraco CMS Open Redirect Bypass Protection
  • 8.18.10
  • 8.18.11
  • 8.18.12
  • 8.18.13
  • 8.18.5
  • 8.18.6
  • 8.18.7
  • ...
2024-05-21T14:29:18Z Fix available
GHSA-hhc7-x9w4-cw47
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x64
  • NuGet/Microsoft.AspNetCore.App.Runtime.win-x86
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
  • 7.0.0
  • 7.0.1
  • 7.0.10
  • 7.0.11
  • 7.0.12
  • 7.0.13
  • 7.0.14
  • ...
2024-05-14T20:31:00Z Fix available
GHSA-7fcr-8qw6-92fr
  • NuGet/Microsoft.NetCore.App.Runtime.linux-arm
  • NuGet/Microsoft.NetCore.App.Runtime.linux-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-musl-x64
  • NuGet/Microsoft.NetCore.App.Runtime.linux-x64
  • NuGet/Microsoft.NetCore.App.Runtime.osx-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.osx-x64
  • NuGet/Microsoft.NetCore.App.Runtime.win-arm
  • NuGet/Microsoft.NetCore.App.Runtime.win-arm64
  • NuGet/Microsoft.NetCore.App.Runtime.win-x64
  • NuGet/Microsoft.NetCore.App.Runtime.win-x86
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
  • 7.0.0
  • 7.0.1
  • 7.0.10
  • 7.0.11
  • 7.0.12
  • 7.0.13
  • 7.0.14
  • ...
2024-05-14T20:30:57Z Fix available
GHSA-wchx-rm6h-7jf6
  • NuGet/Microsoft.PowerBI.JavaScript
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
  • 1.0.11-prevew
  • 1.0.11-preview
  • 1.0.12-preview
  • 1.1.0
  • 2.0.0
  • 2.10.0
  • 2.10.1
  • ...
2024-05-14T18:31:05Z No fix available
GHSA-8xfc-gm6g-vgpv
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
  • Maven/org.bouncycastle:bc-fips
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
  • 1.71
  • 1.71.1
  • 1.72
  • 1.73
  • 1.74
  • 1.75
  • 1.76
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-m44j-cfrm-g8qc
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
  • 1.71
  • 1.71.1
  • 1.72
  • 1.73
  • 1.74
  • 1.75
  • 1.76
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-v435-xc8x-wvr9
  • Maven/org.bouncycastle:bctls-fips
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
  • 1.0.0
  • 1.0.1
  • 1.0.10
  • 1.0.10.1
  • 1.0.10.2
  • 1.0.10.3
  • 1.0.11
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-x9vc-6hfv-hg8c
  • NuGet/Npgsql
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 2.0.11
  • 2.0.12
  • 2.0.12.1
  • 2.0.13-beta1
  • ...
2024-05-09T15:12:49Z Fix available
GHSA-287f-46j7-j4wh
  • NuGet/Umbraco.Workflow
  • NuGet/Plumber.Workflow
Umbraco Workflow's Backoffice users can execute arbitrary SQL
  • 10.0.0
  • 10.1.0
  • 10.1.0-rc1
  • 10.1.1
  • 10.1.2
  • 10.2.0
  • 10.2.0-rc1
  • ...
2024-04-24T17:04:34Z Fix available
GHSA-6qmx-42h2-j8h6
  • NuGet/Microsoft.WindowsDesktop.App.Runtime.win-arm64
  • NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x64
  • NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x86
.NET Elevation of Privilege Vulnerability
  • 5.0.0
  • 5.0.1
  • 5.0.10
  • 5.0.11
  • 5.0.12
  • 5.0.13
  • 5.0.14
  • ...
2024-04-17T18:21:57Z Fix available
GHSA-74p6-39f2-23v3
  • NuGet/Umbraco.Cms.Core
  • NuGet/Umbraco.Cms.Web.BackOffice
Blind SSRF Leads to Port Scan by using Webhooks
  • 13.0.0
  • 13.0.1
  • 13.0.2
  • 13.0.3
  • 13.1.0
  • 13.1.0-rc
  • 13.0.0
  • ...
2024-04-17T18:20:28Z Fix available
GHSA-x674-v45j-fwxw
  • NuGet/Microsoft.Identity.Client
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
  • 4.48.0
  • 4.48.1
  • 4.49.0
  • 4.49.1
  • 4.50.0
  • 4.51.0
  • 4.52.0
  • ...
2024-04-16T21:41:57Z Fix available
GHSA-5x7m-6737-26cr
  • NuGet/SixLabors.ImageSharp
SixLabors.ImageSharp vulnerable to data leakage
  • 1.0.0
  • 1.0.0-beta0001
  • 1.0.0-beta0002
  • 1.0.0-beta0003
  • 1.0.0-beta0004
  • 1.0.0-beta0005
  • 1.0.0-beta0006
  • ...
2024-04-15T20:24:06Z Fix available
GHSA-g85r-6x2q-45w7
  • NuGet/SixLabors.ImageSharp
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
  • 1.0.0
  • 1.0.0-beta0001
  • 1.0.0-beta0002
  • 1.0.0-beta0003
  • 1.0.0-beta0004
  • 1.0.0-beta0005
  • 1.0.0-beta0006
  • ...
2024-04-15T20:22:54Z Fix available
GHSA-vh2m-22xx-q94f
  • NuGet/OpenTelemetry.Instrumentation.Http
  • NuGet/OpenTelemetry.Instrumentation.AspNetCore
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
  • 1.0.0-rc10
  • 1.0.0-rc2
  • 1.0.0-rc3
  • 1.0.0-rc4
  • 1.0.0-rc5
  • 1.0.0-rc6
  • 1.0.0-rc7
  • ...
2024-04-12T22:54:09Z Fix available