nuget
901 tracked vulnerabilities.
CVE-2026-45591
HIGH
Microsoft ASP.NET Core - Unauthenticated Denial of Service
Jun 09, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-45491
MEDIUM
Microsoft .NET 10.0 - .NET Tampering Vulnerability
Jun 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-45288
CRITICAL
Marten < 8.36.1 - SQL Injection in regConfig Parameter
May 28, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-47762
HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-47761
HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-47760
HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-47759
HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-44213
MEDIUM
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
May 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44503
HIGH
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
May 14, 2026
EPSS 0.01
CVE-2026-44375
HIGH
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
May 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44302
HIGH
Snappier: Infinite loop in SnappyStream decompression on malformed framed input
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42191
MEDIUM
OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42899
HIGH
Microsoft ASP.NET Core - Infinite Loop Denial of Service
May 12, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-42348
MEDIUM
open-telemetry opentelemetry-dotnet-contrib - OpAMP Client Reads Unbounded HTTP Response Bodies
May 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-35433
HIGH
Microsoft .NET - Local Privilege Escalation
May 12, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-32175
MEDIUM
.NET 10.0 < 10.0.8, 9.0 < 9.0.16, 8.0 < 8.0.27 - Path Traversal and Arbitrary File Write
May 12, 2026
CVSS 4.3
EPSS 0.01
CVE-2026-43939
HIGH
YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-43938
HIGH
YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
May 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-43937
HIGH
YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-41511
MEDIUM
OpenMcdf <3.1.3 CFB Directory Cycle - Denial of Service
May 08, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-42241
MEDIUM
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width
May 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41484
MEDIUM
OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41483
MEDIUM
Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
May 06, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41310
MEDIUM
OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41319
MEDIUM
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
Apr 24, 2026
CVSS 6.5
EPSS 0.00
Products
Microsoft.ChakraCore 247
Magick.NET-Q16-AnyCPU 114
Magick.NET-Q16-HDRI-AnyCPU 114
Magick.NET-Q8-AnyCPU 114
Magick.NET-Q16-HDRI-x86 113
Magick.NET-Q16-x86 113
Magick.NET-Q8-x86 112
Magick.NET-Q16-HDRI-OpenMP-arm64 111
Magick.NET-Q16-HDRI-x64 111
Magick.NET-Q16-OpenMP-arm64 111
Magick.NET-Q16-OpenMP-x64 111
Magick.NET-Q16-arm64 111
Magick.NET-Q16-HDRI-arm64 110
Magick.NET-Q8-OpenMP-arm64 110
Magick.NET-Q8-arm64 110
Magick.NET-Q16-x64 107
Magick.NET-Q8-OpenMP-x64 107
Magick.NET-Q8-x64 104
Magick.NET-Q16-HDRI-OpenMP-x64 83
Magick.NET-Q16-OpenMP-x86 58
DotNetNuke.Core 35
Microsoft.AspNetCore.App.Runtime.win-x64 26
Microsoft.AspNetCore.App.Runtime.win-x86 25
Microsoft.AspNetCore.App.Runtime.win-arm 24
Microsoft.AspNetCore.App.Runtime.linux-x64 23
Microsoft.AspNetCore.App.Runtime.linux-arm 22
Microsoft.AspNetCore.App.Runtime.linux-arm64 22
Microsoft.AspNetCore.App.Runtime.linux-musl-x64 22
Microsoft.AspNetCore.App.Runtime.osx-x64 22
Microsoft.AspNetCore.App.Runtime.win-arm64 22
Quick Filters