OSV - Open Source Vulnerabilities

GHSA-xhg6-9j5j-w4vf

NuGet/DotNetZip
NuGet/ProDotNetZip

DotNetZip Directory Traversal vulnerability

13 Nov

No fix available
Severity - 8.6 (High)

GHSA-v7vf-f5q6-m899

NuGet/System.Formats.Nrbf

.NET Remote Code Execution Vulnerability

12 Nov

Fix available
Severity - 9.2 (Critical)

GHSA-6x36-qxmj-rv4p

NuGet/System.Formats.Nrbf

.NET Denial of Service Vulnerability

12 Nov

Fix available

GHSA-7mr7-4f54-vcx5

NuGet/Duende.AccessTokenManagement.OpenIdConnect

HTTP Client uses incorrect token after refresh

07 Nov

Fix available
Severity - 5.3 (Medium)

GHSA-3hxg-fxwm-8gf7

NuGet/Refit

CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

04 Nov

Fix available
Severity - 10.0 (Critical)

GHSA-4gmq-m9vp-jrwg

NuGet/Umbraco.Cms.Core

Umbraco CMS Cross-site Scripting vulnerability

04 Nov

No fix available
Severity - 1.3 (Low)

GHSA-2qw8-ppr5-m96c

NuGet/Lucene.Net.Replicator

Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability

31 Oct

Fix available
Severity - 8.6 (High)

GHSA-24mc-gc52-47jv

NuGet/ICG.AspNetCore.Utilities.CloudStorage

ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected

30 Oct

Fix available
Severity - 5.5 (Medium)

GHSA-v9xq-2mvm-x8xc

NuGet/Duende.IdentityServer

Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs

28 Oct

Fix available
Severity - 2.1 (Low)

GHSA-j945-c44v-97g6

Maven/net.sf.mpxj:mpxj
RubyGems/mpxj
PyPI/mpxj
NuGet/net.sf.mpxj
NuGet/net.sf.mpxj-for-csharp
NuGet/net.sf.mpxj-for-vb
NuGet/MPXJ.Net

MPXJ has a Potential Path Traversal Vulnerability

28 Oct

Fix available
Severity - 5.3 (Medium)

GHSA-wxw9-6pv9-c3xc

NuGet/Umbraco.CMS

Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

22 Oct

Fix available
Severity - 4.2 (Medium)

GHSA-5955-cwv4-h7qh

NuGet/UmbracoCms
NuGet/Umbraco.Cms

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

22 Oct

Fix available
Severity - 4.6 (Medium)

GHSA-fp6q-gccw-7qqm

NuGet/Umbraco.CMS
NuGet/UmbracoCMS

Umbraco CMS logout page displayed before session expiration

22 Oct

Fix available
Severity - 4.2 (Medium)

GHSA-4gp9-ff99-j6vj

NuGet/Umbraco.CMS

Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

22 Oct

Fix available

GHSA-c5g6-6xf7-qxp3

NuGet/Umbraco.Cms.StaticAssets
npm/@umbraco-cms/backoffice

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

22 Oct

Fix available
Severity - 4.2 (Medium)

GHSA-7vfh-cqpc-4267

NuGet/OPCFoundation.NetStandard.Opc.Ua
NuGet/OPCFoundation.NetStandard.Opc.Ua.Core

Security Update for the OPC UA .NET Standard Stack

18 Oct

Fix available
Severity - 5.3 (Medium)