GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
18 advisories
DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Critical
CVE-2026-24838
was published
for
DotNetNuke.Core
(NuGet)
Jan 28, 2026
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal
High
CVE-2026-24837
was published
for
DotNetNuke.Core
(NuGet)
Jan 28, 2026
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes
High
CVE-2026-24836
was published
for
DotNetNuke.Core
(NuGet)
Jan 28, 2026
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer
Moderate
CVE-2026-24784
was published
for
DotNetNuke.Core
(NuGet)
Jan 28, 2026
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
Critical
CVE-2025-64095
was published
for
DNN.PLATFORM
(NuGet)
Oct 29, 2025
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Moderate
CVE-2025-64094
was published
for
DotNetNuke.Core
(NuGet)
Oct 29, 2025
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
Moderate
CVE-2025-62802
was published
for
Dnn.Platform
(NuGet)
Oct 29, 2025
DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
Moderate
CVE-2025-59821
was published
for
DotNetNuke.Core
(NuGet)
Sep 23, 2025
DNN Vulnerable to Stored XSS Using Backend Admin Credentials
Low
CVE-2025-59546
was published
for
DotNetNuke.Core
(NuGet)
Sep 23, 2025
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
Critical
CVE-2025-59545
was published
for
DotNetNuke.Core
(NuGet)
Sep 23, 2025
DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field
Moderate
CVE-2025-59539
was published
for
DotNetNuke.Core
(NuGet)
Sep 22, 2025
DNN allows loading unused themes on anonymous clients through query parameters
Moderate
CVE-2025-59535
was published
for
DotNetNuke.Core
(NuGet)
Sep 22, 2025
DNN.PLATFORM possibly allows bypass of IP Filters
High
CVE-2025-52487
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
Moderate
CVE-2025-52485
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
Moderate
CVE-2025-52486
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
Moderate
CVE-2025-48378
was published
for
DotNetNuke.Core
(NuGet)
May 23, 2025
Reflected Cross-Site Scripting (XSS) in module actions in edit mode
Moderate
CVE-2025-48377
was published
for
DotNetNuke.Core
(NuGet)
May 23, 2025
DNN site Import could use an external source with a crafted request
Low
CVE-2025-48376
was published
for
DotNetNuke.SiteExportImport
(NuGet)
May 23, 2025
ProTip!
Advisories are also available from the
GraphQL API