cbcvebase.

Nuget Nugetgallery vulnerabilities

4 known vulnerabilities affecting nuget/nugetgallery.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-39399P2CRITICALCVSS 9.6fixed in 0e80f87628349207cdcaf55358491f8a6f1ca2762026-04-14
CVE-2026-39399 [CRITICAL] CWE-20 CVE-2026-39399: NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that may result in remote code execution (RCE) and/or arbitra
nvd
CVE-2024-47604P4MEDIUMCVSS 6.1v> 2024.06.21, <= 2024.09.252024-10-01
CVE-2024-47604 [MEDIUM] CWE-79 CVE-2024-47604: NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnera NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.
nvd
CVE-2024-37304P4MEDIUMCVSS 6.1fixed in 2024.05.282024-06-12
CVE-2024-37304 [MEDIUM] CWE-79 CVE-2024-37304: NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnera NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cro
nvd
CVE-2024-54138P4MEDIUMCVSS 6.1fixed in 2024.12.062024-12-06
CVE-2024-54138 [MEDIUM] CWE-79 CVE-2024-54138: NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnera NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cro
nvd
Nuget Nugetgallery vulnerabilities | cvebase