1839 matches found
ROOT-APP-NUGET-CVE-2026-26171 CVE-2026-26171 in Rootio.System.Security.Cryptography.Xml - Patched by Root
Root has patched CVE-2026-26171 in the Rootio.System.Security.Cryptography.Xml package for Root:NuGet. Multiple fixed versions available...
ROOT-APP-NUGET-CVE-2025-55247 CVE-2025-55247 in Rootio.Microsoft.Build.Tasks.Core - Patched by Root
Root has patched CVE-2025-55247 in the Rootio.Microsoft.Build.Tasks.Core package for Root:NuGet. Multiple fixed versions available...
ROOT-APP-NUGET-CVE-2025-26646 CVE-2025-26646 in Rootio.Microsoft.Build.Tasks.Core - Patched by Root
Root has patched CVE-2025-26646 in the Rootio.Microsoft.Build.Tasks.Core package for Root:NuGet. Multiple fixed versions available...
openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.PagamentosV3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Malicious Package
Overview sicoob.sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package. To maximi...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.ContaCorrente is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...
ROOT-APP-NUGET-CVE-2026-40894 CVE-2026-40894 in Rootio.OpenTelemetry.Api - Patched by Root
Root has patched CVE-2026-40894 in the Rootio.OpenTelemetry.Api package for Root:NuGet. Multiple fixed versions available...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...
Malicious code in wpfuihelpercore (NuGet)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-2808 Malicious code in wpfuihelpercore (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in jjrawlins.cdkiampolicybuilderhelper (NuGet)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-2807 Malicious code in jjrawlins.cdkiampolicybuilderhelper (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Resource Injection
Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...
Resource Injection
Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...
Defense in Depth update for NuGet Client
Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...
GHSA-G4VJ-CJJJ-V7HG Defense in Depth update for NuGet Client
Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...