OSV - Open Source Vulnerabilities

GHSA-3qcp-9v8c-6jp7

NuGet/Piranha

Piranha CMS vulnerable to stored cross-site scripting (XSS)

yesterday

No fix available
Severity - 5.3 (Medium)

GHSA-rmjr-87wv-gf87

npm/mammoth
Maven/org.zwobble.mammoth:mammoth
PyPI/mammoth
NuGet/Mammoth

Mammoth is vulnerable to Directory Traversal

17 Oct

Fix available
Severity - 5.4 (Medium)

GHSA-9rvm-p3qm-f4vv

NuGet/Smidge

Smidge is vulnerable to Path Traversal

16 Oct

Fix available
Severity - 5.3 (Medium)

GHSA-4mjw-xr5x-prpc

NuGet/Apache.NMS.AMQP

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

16 Oct

Fix available
Severity - 9.8 (Critical)

GHSA-gwq6-fmvp-qp68

NuGet/Microsoft.NetCore.App.Runtime.linux-arm
NuGet/Microsoft.NetCore.App.Runtime.linux-arm64
NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm
NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm64
NuGet/Microsoft.NetCore.App.Runtime.linux-musl-x64
... 7 more

Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability

15 Oct

Fix available
Severity - 5.7 (Medium)

GHSA-w3q9-fxm7-j8fq

NuGet/Microsoft.Build.Tasks.Core
NuGet/Microsoft.Build
NuGet/Microsoft.Build.Utilities.Core

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability

15 Oct

Fix available
Severity - 7.3 (High)

GHSA-5rrx-jjjq-q2r5

NuGet/Microsoft.AspNetCore.Server.Kestrel.Core
NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm
NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64
NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm
NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
... 8 more

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability

14 Oct

Fix available
Severity - 9.9 (Critical)

GHSA-q5r6-9qwq-g2wj

NuGet/Amazon.IonDotnet

Amazon.IonDotnet is vulnerable to Denial of Service attacks

09 Oct

Fix available
Severity - 8.7 (High)

GHSA-jhpv-4q4f-43g5

NuGet/Akka.Remote
NuGet/Akka.Cluster

Akka.Remote TLS did not properly implement certificate-based authentication

07 Oct

Fix available
Severity - 9.3 (Critical)

GHSA-6cwx-42hw-w69c

NuGet/FormCMS

FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint

30 Sep

Fix available
Severity - 6.9 (Medium)

GHSA-456v-f425-8mcv

NuGet/Piranha

PiranhaCMS stored XSS

26 Sep

No fix available
Severity - 6.8 (Medium)

GHSA-jc4g-c8ww-5738

NuGet/DotNetNuke.Core

DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

23 Sep

Fix available
Severity - 6.5 (Medium)

GHSA-gj8m-5492-q98h

NuGet/DotNetNuke.Core

DNN Vulnerable to Stored XSS Using Backend Admin Credentials

23 Sep

Fix available
Severity - 2.4 (Low)

GHSA-2qxc-mf4x-wr29

NuGet/DotNetNuke.Core

DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

23 Sep

Fix available
Severity - 9.0 (Critical)

GHSA-7rcc-q6rq-jpcm

NuGet/DotNetNuke.Core

DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field

22 Sep

Fix available
Severity - 6.3 (Medium)

GHSA-wq2j-w9pm-7x2p

NuGet/DotNetNuke.Core

DNN allows loading unused themes on anonymous clients through query parameters

22 Sep

Fix available
Severity - 6.5 (Medium)