OSV - Open Source Vulnerabilities

GHSA-rxmq-m78w-7wmc

NuGet/SixLabors.ImageSharp

SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks

30 Jul

Fix available
Severity - 5.3 (Medium)

GHSA-75vq-qvhr-7ffr

NuGet/Umbraco.Cms.Api.Delivery

Umbraco Delivery API allows for cached requests to be returned with an invalid API key

29 Jul

Fix available
Severity - 5.3 (Medium)

GHSA-vmhh-8rxq-fp9g

NuGet/Magick.NET-Q8-AnyCPU
NuGet/Magick.NET-Q16-AnyCPU
NuGet/Magick.NET-Q16-HDRI-AnyCPU
NuGet/Magick.NET-Q8-x64
NuGet/Magick.NET-Q8-arm64
NuGet/Magick.NET-Q8-x86
NuGet/Magick.NET-Q8-OpenMP-x64
NuGet/Magick.NET-Q8-OpenMP-arm64
NuGet/Magick.NET-Q16-x64
NuGet/Magick.NET-Q16-arm64
NuGet/Magick.NET-Q16-x86
NuGet/Magick.NET-Q16-OpenMP-x64
NuGet/Magick.NET-Q16-OpenMP-arm64
NuGet/Magick.NET-Q16-OpenMP-x86
NuGet/Magick.NET-Q16-HDRI-x64
NuGet/Magick.NET-Q16-HDRI-arm64
NuGet/Magick.NET-Q16-HDRI-x86
NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64

ImageMagick has XMP profile write that triggers hang due to unbounded loop

23 Jul

Fix available
Severity - 7.5 (High)

GHSA-pgvc-6h2p-q4f6

NuGet/Umbraco.Cms

Umbraco CMS disclosure of configured password requirements

24 Jun

Fix available
Severity - 5.3 (Medium)

GHSA-mgfv-2362-jq96

NuGet/DNN.PLATFORM

DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input

20 Jun

Fix available
Severity - 8.6 (High)

GHSA-fjhg-3mrh-mm7h

NuGet/DNN.PLATFORM

DNN.PLATFORM possibly allows bypass of IP Filters

20 Jun

Fix available
Severity - 8.8 (High)

GHSA-wwc9-wmm3-2pmf

NuGet/DNN.PLATFORM

DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

20 Jun

Fix available
Severity - 5.1 (Medium)

GHSA-pf4h-vrv6-cmvr

NuGet/DNN.PLATFORM

DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

20 Jun

Fix available
Severity - 6.1 (Medium)

GHSA-6q65-j4jw-9cg8

NuGet/DotVVM

DotVVM allows path traversal when deployed in Debug mode

19 Jun

Fix available
Severity - 7.5 (High)

GHSA-px2c-r924-mwcc

NuGet/CouchbaseNetClient

Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates

18 Jun

No fix available
Severity - 4.9 (Medium)

GHSA-266m-wp2v-x7mq

NuGet/Microsoft.NetCore.App.Runtime.linux-arm
NuGet/Microsoft.NetCore.App.Runtime.linux-arm64
NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm
NuGet/Microsoft.NetCore.App.Runtime.linux-musl-arm64
NuGet/Microsoft.NetCore.App.Runtime.linux-musl-x64
NuGet/Microsoft.NetCore.App.Runtime.linux-x64
NuGet/Microsoft.NetCore.App.Runtime.osx-arm64
NuGet/Microsoft.NetCore.App.Runtime.osx-x64
NuGet/Microsoft.NetCore.App.Runtime.win-arm
NuGet/Microsoft.NetCore.App.Runtime.win-arm64
NuGet/Microsoft.NetCore.App.Runtime.win-x64
NuGet/Microsoft.NetCore.App.Runtime.win-x86

Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability

11 Jun

Fix available
Severity - 7.5 (High)

GHSA-fr6r-p8hv-x3c4

NuGet/Umbraco.Cms

Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads

04 Jun

Fix available
Severity - 5.5 (Medium)

GHSA-m4hf-fxcg-cp34

NuGet/DotNetNuke.Core

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

23 May

Fix available
Severity - 6.1 (Medium)

GHSA-79m3-rvx2-3qq9

NuGet/DotNetNuke.Web
NuGet/DotNetNuke.Core

Reflected Cross-Site Scripting (XSS) in module actions in edit mode

23 May

Fix available
Severity - 6.0 (Medium)

GHSA-62mf-vhhw-xmf8

NuGet/DotNetNuke.SiteExportImport

DNN site Import could use an external source with a crafted request

23 May

Fix available
Severity - 3.5 (Low)

GHSA-h4j7-5rxr-p4wc

NuGet/Microsoft.Build.Tasks.Core

Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability

13 May

Fix available
Severity - 8.0 (High)