VulnerableCode Package Details - pkg:nuget/NuGet.Packaging@6.14.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/NuGet.Packaging@6.14.2

Essentials
History (1)

purl	pkg:nuget/NuGet.Packaging@6.14.2
Tags	Ghost

Next non-vulnerable version	6.14.3
Latest non-vulnerable version	7.3.1
Risk	1.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-xxrj-7szv-s3cm Aliases: GHSA-g4vj-cjjj-v7hg	Defense in Depth update for NuGet Client ### Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. ### Patches #### NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: \|Affected versions\|Patched version\| \|--\|--\| \|>= 4.9.0, <= 4.9.6\|4.9.7\| \|>= 5.11.0, <= 5.11.6\|5.11.7\| \|>= 6.8.0, <= 6.8.1\|6.8.2\| \|>= 6.11.0, <= 6.11.1\|6.11.2\| \|>= 6.12.0, <= 6.12.4\|6.12.5\| \|>= 6.14.0, <= 6.14.2\|6.14.3\| \|>= 7.0.0, <= 7.0.2\|7.0.3\| \|7.3.0\|7.3.1\| #### .NET SDK * .NET 8.0.126 SDK * .NET 8.0.420 SDK * .NET 9.0.116 SDK * .NET 9.0.313 SDK * .NET 10.0.106 SDK * .NET 10.0.202 SDK ### Workarounds N/A ### References https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr ### Credit [splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/)	6.14.3 Affected by 0 other vulnerabilities. 7.0.3 Affected by 0 other vulnerabilities. 7.3.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-xxrj-7szv-s3cm
Aliases:
GHSA-g4vj-cjjj-v7hg

Defense in Depth update for NuGet Client ### Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. ### Patches #### NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched version| |--|--| |>= 4.9.0, <= 4.9.6|4.9.7| |>= 5.11.0, <= 5.11.6|5.11.7| |>= 6.8.0, <= 6.8.1|6.8.2| |>= 6.11.0, <= 6.11.1|6.11.2| |>= 6.12.0, <= 6.12.4|6.12.5| |>= 6.14.0, <= 6.14.2|6.14.3| |>= 7.0.0, <= 7.0.2|7.0.3| |7.3.0|7.3.1| #### .NET SDK * .NET 8.0.126 SDK * .NET 8.0.420 SDK * .NET 9.0.116 SDK * .NET 9.0.313 SDK * .NET 10.0.106 SDK * .NET 10.0.202 SDK ### Workarounds N/A ### References https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr ### Credit [splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/)

6.14.3
Affected by 0 other vulnerabilities.

7.0.3
Affected by 0 other vulnerabilities.

7.3.1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T07:46:05.360257+00:00	GHSA Importer	Affected by	VCID-xxrj-7szv-s3cm	https://github.com/advisories/GHSA-g4vj-cjjj-v7hg	38.4.0