31 matches found
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
Resource Injection
Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...
Resource Injection
Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
EUVD-2026-22805
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399
The CVE affects NuGetGallery, specifically the backend job that processes .nuspec files inside NuGet packages. A crafted nuspec with malicious metadata can trigger cross-package metadata injection due to insufficient input validation, potentially enabling remote code execution (RCE) and arbitrary...
NuGet Gallery 路径遍历漏洞
NuGet Gallery is an open-source repository for NuGet-based software packages maintained by NuGet. NuGet Gallery has a path traversal vulnerability, which stems from insufficient input validation of the.nuspec files. This vulnerability may lead to cross-package metadata injection, potentially...
PT-2026-32962
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
EUVD-2024-42540
Malicious code in bioql PyPI...
EUVD-2024-52309
Malicious code in bioql PyPI...
EUVD-2024-36565
Malicious code in bioql PyPI...
CVE-2024-54138
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
CVE-2024-47604
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...
CVE-2024-54138
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
CVE-2024-54138
CVE-2024-54138 describes an XSS vulnerability in NuGet Gallery’s Markdown autolinks handling. The issue stems from inadequate sanitization of autolinks (JavaScript in standard links is filtered, but autolinks aren’t), enabling potential cross-site scripting. The vulnerability has been fixed in ve...
CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...