Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4j9m-h44m-2hv8
  • NuGet/Steeltoe.Configuration.Encryption
Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding 2 days ago
  • Fix available
  • Severity - 1.9 (Low)
GHSA-rxrh-4j9h-xgg9
  • NuGet/Steeltoe.Configuration.Abstractions
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted 2 days ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-7fqc-p256-7pwj
  • NuGet/Steeltoe.Security.Authentication.CloudFoundryBase
  • NuGet/Steeltoe.Security.Authentication.JwtBearer
  • NuGet/Steeltoe.Security.Authentication.OpenIdConnect
Steeltoe's static JWKS cache shared across schemes and never invalidated 2 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-227r-jm2g-7cp4
  • NuGet/Steeltoe.Management.Endpoint
  • NuGet/Steeltoe.Management.EndpointBase
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-q62h-354g-5r85
  • NuGet/Steeltoe.Management.Endpoint
  • NuGet/Steeltoe.Management.EndpointCore
Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-j8ph-6fxj-g533
  • NuGet/Steeltoe.Discovery.Eureka
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-58f6-6rj2-3v8r
  • NuGet/Steeltoe.Management.Endpoint
  • NuGet/Steeltoe.Management.EndpointCore
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header 2 days ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-85jm-cwp2-mvpv
  • NuGet/CefSharp.Common
CefSharp.Common: `FolderSchemeHandlerFactory` path boundary check can expose files outside the configured root folder 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-v5pm-xwqc-g5wc
  • NuGet/Microsoft.OpenAPI
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-44cp-c3ww-9rv5
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • NuGet/Magick.NET-Q16-HDRI-x64
  • ... 12 more
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image 26 Jun
  • Fix available
  • Severity - 6.2 (Medium)
GHSA-j989-f892-2335
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • NuGet/Magick.NET-Q16-HDRI-x64
  • ... 12 more
ImageMagick: Memory Leak in wand option parser when providing invalid arguments 26 Jun
  • Fix available
  • Severity - 4.0 (Medium)
GHSA-6q7j-xr26-3h2c
  • NuGet/Scriban
Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p) 26 Jun
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-q6rr-fm2g-g5x8
  • NuGet/Scriban
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx 26 Jun
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-p9rq-q46c-g4x6
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • NuGet/Magick.NET-Q16-HDRI-x64
  • ... 12 more
ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments 26 Jun
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-px7q-ggqj-hcf2
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • NuGet/Magick.NET-Q16-HDRI-x64
  • ... 12 more
ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails 26 Jun
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-g22q-f7gc-5jhr
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • NuGet/Magick.NET-Q16-HDRI-x64
  • ... 12 more
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop 25 Jun
  • Fix available
  • Severity - 7.5 (High)