nuget

901 tracked vulnerabilities.

CVE-2026-41173 MEDIUM
Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS
Apr 23, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41078 MEDIUM
OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
Apr 23, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-40894 MEDIUM
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Apr 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40891 MEDIUM
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling
Apr 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40182 MEDIUM
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies
Apr 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41134 HIGH
Kiota: Code Generation Literal Injection
Apr 22, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-40372 CRITICAL
ASP.NET Core Elevation of Privilege Vulnerability
Apr 21, 2026
CVSS 9.1
EPSS 0.11
CVE-2026-40324 CRITICAL
Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
Apr 18, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-40321 HIGH
DNN Platform < 10.2.2 - SVG Upload Stored Cross-Site Scripting
Apr 17, 2026
CVSS 8.0
EPSS 0.08
CVE-2026-40306 MEDIUM
DNN has same HostGUID for all new installs
Apr 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40305 MEDIUM
DNN has Force Friend Request Acceptance
Apr 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-39399 CRITICAL
NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation
Apr 14, 2026
CVSS 9.6
EPSS 0.01
CVE-2026-33116 HIGH
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Apr 14, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-32178 HIGH
.NET Spoofing Vulnerability
Apr 14, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-26171 HIGH
Microsoft .NET and PowerShell - Resource Consumption Denial of Service
Apr 14, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-40312 MEDIUM
ImageMagick: Off-by-One in MSL decoder could result in crash
Apr 13, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-40311 MEDIUM
ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values
Apr 13, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-40310 MEDIUM
ImageMagick: Heap out-of-bounds write in JP2 encoder
Apr 13, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-40183 MEDIUM
ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float
Apr 13, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-40169 MEDIUM
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders
Apr 13, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-34238 MEDIUM
ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds
Apr 13, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-33908 HIGH
ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()
Apr 13, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33905 MEDIUM
ImageMagick -sample Operation - Out-of-Bounds Read
Apr 13, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-33902 MEDIUM
ImageMagick: Stack Overflow via Recursive FX Expression Parsing
Apr 13, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-33901 HIGH
ImageMagick MVG Decoder - Heap Buffer Overflow
Apr 13, 2026
CVSS 7.5
EPSS 0.01