nuget
842 tracked vulnerabilities.
CVE-2026-44503
HIGH
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
May 14, 2026
EPSS 0.00
CVE-2026-44375
HIGH
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
May 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44302
HIGH
Snappier: Infinite loop in SnappyStream decompression on malformed framed input
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42191
MEDIUM
OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42899
HIGH
Microsoft ASP.NET Core - Infinite Loop Denial of Service
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42348
MEDIUM
open-telemetry opentelemetry-dotnet-contrib - OpAMP Client Reads Unbounded HTTP Response Bodies
May 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-35433
HIGH
Microsoft .NET - Local Privilege Escalation
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-32175
MEDIUM
.NET 10.0 < 10.0.8, 9.0 < 9.0.16, 8.0 < 8.0.27 - Path Traversal and Arbitrary File Write
May 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-43939
HIGH
YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-43938
HIGH
YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
May 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-43937
HIGH
YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-41511
MEDIUM
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle
May 08, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-42241
MEDIUM
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width
May 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41484
MEDIUM
OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41483
MEDIUM
Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
May 06, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41310
MEDIUM
OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41319
MEDIUM
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
Apr 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41173
MEDIUM
Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS
Apr 23, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41078
MEDIUM
OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
Apr 23, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-40894
MEDIUM
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Apr 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40891
MEDIUM
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling
Apr 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40182
MEDIUM
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies
Apr 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41134
HIGH
Kiota: Code Generation Literal Injection
Apr 22, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-40372
CRITICAL
ASP.NET Core Elevation of Privilege Vulnerability
Apr 21, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-40324
CRITICAL
Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
Apr 18, 2026
CVSS 9.1
EPSS 0.00
Products
Microsoft.ChakraCore 247
Magick.NET-Q16-AnyCPU 86
Magick.NET-Q16-HDRI-AnyCPU 86
Magick.NET-Q8-AnyCPU 86
Magick.NET-Q16-HDRI-x86 85
Magick.NET-Q16-x86 85
Magick.NET-Q8-x86 84
Magick.NET-Q16-HDRI-OpenMP-arm64 83
Magick.NET-Q16-HDRI-x64 83
Magick.NET-Q16-OpenMP-arm64 83
Magick.NET-Q16-OpenMP-x64 83
Magick.NET-Q16-arm64 83
Magick.NET-Q16-HDRI-arm64 82
Magick.NET-Q8-OpenMP-arm64 82
Magick.NET-Q8-arm64 82
Magick.NET-Q16-x64 79
Magick.NET-Q8-OpenMP-x64 79
Magick.NET-Q8-x64 76
Magick.NET-Q16-HDRI-OpenMP-x64 69
Magick.NET-Q16-OpenMP-x86 57
DotNetNuke.Core 35
Microsoft.AspNetCore.App.Runtime.win-x64 25
Microsoft.AspNetCore.App.Runtime.win-x86 25
Microsoft.AspNetCore.App.Runtime.win-arm 24
Microsoft.AspNetCore.App.Runtime.linux-arm 22
Microsoft.AspNetCore.App.Runtime.linux-arm64 22
Microsoft.AspNetCore.App.Runtime.linux-musl-x64 22
Microsoft.AspNetCore.App.Runtime.linux-x64 22
Microsoft.AspNetCore.App.Runtime.osx-x64 22
Microsoft.AspNetCore.App.Runtime.win-arm64 22
Quick Filters