Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nuget vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-22168
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
Gitlab Gitlab
5.4
CVSSv3
CVE-2023-34225
In JetBrains TeamCity prior to 2023.05 stored XSS in the NuGet feed page was possible
Jetbrains Teamcity
5.3
CVSSv3
CVE-2020-12448
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
Gitlab Gitlab
5.7
CVSSv3
CVE-2017-11348
In Octopus Deploy 3.x prior to 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
Octopus Octopus Deploy 3.6.0
Octopus Octopus Deploy 3.7.0
Octopus Octopus Server 3.0.6
Octopus Octopus Server 3.0.12
Octopus Octopus Server 3.0.4
Octopus Octopus Server 3.0.18
Octopus Octopus Server 3.0.13
Octopus Octopus Server 3.0.20
Octopus Octopus Server 3.0.19
Octopus Octopus Server 3.0.11
Octopus Octopus Server 3.0.1
Octopus Octopus Server 3.0.17
Octopus Octopus Server 3.0.25
Octopus Octopus Server 3.0.7
Octopus Octopus Server 3.0.16
Octopus Octopus Server 3.0.21
Octopus Octopus Server 3.0.5
Octopus Octopus Server 3.0.9
Octopus Octopus Server 3.0.2
Octopus Octopus Server 3.0.24
Octopus Octopus Server 3.0.10
Octopus Octopus Server 3.0.15
4.3
CVSSv3
CVE-2022-3478
An issue has been discovered in GitLab affecting all versions starting from 12.8 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
7.5
CVSSv3
CVE-2020-11505
An issue exists in GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 12.7.9, 12.8.x prior to 12.8.9, and 12.9.x prior to 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
Gitlab Gitlab
6.8
CVSSv3
CVE-2020-5261
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5....
Sustainsys Saml2
5.5
CVSSv3
CVE-2020-11005
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a ...
Windowshello Project Windowshello
NA
CVE-2024-37304
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. ...
5.3
CVSSv3
CVE-2023-32312
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application...
Umbraco Umbraco Identity Extensibility
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »