OSV - Open Source Vulnerabilities

GHSA-6qmx-42h2-j8h6

NuGet/Microsoft.WindowsDesktop.App.Runtime.win-arm64
NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x64
NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x86

.NET Elevation of Privilege Vulnerability

5.0.0
5.0.1
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
...

2024-04-17T18:21:57Z

Fix available

GHSA-74p6-39f2-23v3

NuGet/Umbraco.Cms.Core
NuGet/Umbraco.Cms.Web.BackOffice

Blind SSRF Leads to Port Scan by using Webhooks

13.0.0
13.0.1
13.0.2
13.0.3
13.1.0
13.1.0-rc
13.0.0
...

2024-04-17T18:20:28Z

Fix available

GHSA-x674-v45j-fwxw

NuGet/Microsoft.Identity.Client

MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service

4.48.0
4.48.1
4.49.0
4.49.1
4.50.0
4.51.0
4.52.0
...

2024-04-16T21:41:57Z

Fix available

GHSA-5x7m-6737-26cr

NuGet/SixLabors.ImageSharp

SixLabors.ImageSharp vulnerable to data leakage

1.0.0
1.0.0-beta0001
1.0.0-beta0002
1.0.0-beta0003
1.0.0-beta0004
1.0.0-beta0005
1.0.0-beta0006
...

2024-04-15T20:24:06Z

Fix available

GHSA-g85r-6x2q-45w7

NuGet/SixLabors.ImageSharp

SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value

1.0.0
1.0.0-beta0001
1.0.0-beta0002
1.0.0-beta0003
1.0.0-beta0004
1.0.0-beta0005
1.0.0-beta0006
...

2024-04-15T20:22:54Z

Fix available

GHSA-vh2m-22xx-q94f

NuGet/OpenTelemetry.Instrumentation.Http
NuGet/OpenTelemetry.Instrumentation.AspNetCore

Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore

1.0.0-rc10
1.0.0-rc2
1.0.0-rc3
1.0.0-rc4
1.0.0-rc5
1.0.0-rc6
1.0.0-rc7
...

2024-04-12T22:54:09Z

Fix available

GHSA-wvxc-855f-jvrv

NuGet/Azure.Identity

Azure Identity Library for .NET Information Disclosure Vulnerability

1.0.0
1.1.0
1.1.1
1.10.0
1.10.1
1.10.2
1.10.3
...

2024-04-09T18:30:28Z

Fix available

GHSA-438c-3975-5x3f

npm/tinymce
NuGet/TinyMCE
Packagist/tinymce/tinymce

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes

3.4.3.2
3.4.4
3.4.5
3.4.7
3.5.0
3.5.0.1
3.5.1
...

2024-03-26T21:23:47Z

Fix available

GHSA-5359-pvf2-pw78

Packagist/tinymce/tinymce
npm/tinymce
NuGet/TinyMCE

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

4.0.0
4.0.1
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
...

2024-03-26T21:23:45Z

Fix available

GHSA-rf39-3f98-xr7r

NuGet/wix
NuGet/WixToolset.Sdk

WiX based installers are vulnerable to binary hijack when run as SYSTEM

3.10.0
3.10.0.1719-pre
3.10.0.1726-pre
3.10.0.2103-pre
3.10.0.2103-pre1
3.10.1
3.10.2
...

2024-03-25T19:42:32Z

Fix available

GHSA-jx4p-m4wm-vvjg

NuGet/wix
NuGet/WixToolset.Util.wixext

Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files

3.10.0
3.10.0.1719-pre
3.10.0.1726-pre
3.10.0.2103-pre
3.10.0.2103-pre1
3.10.1
3.10.2
...

2024-03-25T19:42:17Z

Fix available

GHSA-g4v6-69p6-q3p4

NuGet/PanelSwWix4.Sdk

WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

See details.

2024-03-25T19:36:25Z

Fix available

GHSA-wq88-fq4x-h2pm

NuGet/PanelSW.Custom.WiX

WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

3.12.0-b100
3.12.0-b45
3.12.0-b48
3.12.0-b53
3.12.0-b57
3.12.0-b59
3.12.0-b60
...

2024-03-25T19:35:53Z

Fix available

GHSA-552f-97wf-pmpq

NuGet/UmbracoCMS

Umbraco possible user enumeration

See details.

2024-03-20T17:54:35Z

Fix available

GHSA-32jq-mv89-5rx7

NuGet/CoreWCF.NetFramingBase

CoreWCF NetFraming based services can leave connections open when they should be closed

1.4.0
1.4.1
1.5.0
1.5.1

2024-03-15T19:20:17Z

Fix available

GHSA-2x7m-gf85-3745

NuGet/Microsoft.Native.Quic.MsQuic.OpenSSL
NuGet/Microsoft.Native.Quic.MsQuic.Schannel

Remote Denial of Service Vulnerability in Microsoft QUIC

1.8.0
1.8.0

2024-03-13T17:14:43Z

Fix available

Vulnerability Library