Microsoft Nuget
Recent Microsoft Nuget Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2023-29337 | NuGet Client Remote Code Execution Vulnerability | June 13, 2023 |
| CVE-2022-41032 | NuGet Client Elevation of Privilege Vulnerability | October 11, 2022 |
By the Year
In 2024 there have been 0 vulnerabilities in Microsoft Nuget . Last year Nuget had 1 security vulnerability published. Right now, Nuget is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.10 |
| 2022 | 2 | 5.65 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 7.65 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Nuget vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Nuget Security Vulnerabilities
NuGet Client Remote Code Execution Vulnerability
CVE-2023-29337
7.1 - High
- June 14, 2023
NuGet Client Remote Code Execution Vulnerability
.NET Framework Information Disclosure Vulnerability
CVE-2022-41064
5.8 - Medium
- November 09, 2022
.NET Framework Information Disclosure Vulnerability
.NET and Visual Studio Information Disclosure Vulnerability
CVE-2022-30184
5.5 - Medium
- June 15, 2022
.NET and Visual Studio Information Disclosure Vulnerability
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow
CVE-2019-1258
8.8 - High
- August 14, 2019
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this vulneraiblity by accessing a service configured for On-Behalf-Of flow that assigns incorrect tokens. This security update addresses the vulnerability by removing fallback cache look-up for On-Behalf-Of scenarios.
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac
CVE-2019-0757
6.5 - Medium
- April 09, 2019
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Server Tus or by Microsoft? Click the Watch button to subscribe.
