.net

This hub aggregates every CVE we track for .net, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting .net.

• CVE-2026-45591ASP.NET Core Denial of Service Vulnerability7.5Jun 9, 2026
• CVE-2026-45491.NET Tampering Vulnerability6.2Jun 9, 2026
• CVE-2026-45490.NET SDK Elevation of Privilege Vulnerability7.8Jun 9, 2026
• CVE-2026-49942Net::CIDR::Set versions through 0.20 for Perl did not validate network masks7.3Jun 4, 2026
• CVE-2026-49941Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses7.5Jun 4, 2026
• CVE-2026-49940Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks6.5Jun 4, 2026
• CVE-2026-46739Net::Statsd versions before 0.13 for Perl allow metric injections5.3Jun 4, 2026
• CVE-2026-8722Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections6.5Jun 3, 2026
• CVE-2026-27136Invoking duplicate attributes can cause XSS in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-42502Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-42506Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-39821Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna9.6May 22, 2026
• CVE-2026-25681Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-25680Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html6.5May 22, 2026
• CVE-2026-42899ASP.NET Core Denial of Service Vulnerability7.5May 12, 2026