VulnerableCode Package Details - pkg:nuget/NuGet.Protocol@4.9.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-xxrj-7szv-s3cm Aliases: GHSA-g4vj-cjjj-v7hg	Defense in Depth update for NuGet Client ### Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. ### Patches #### NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: \|Affected versions\|Patched version\| \|--\|--\| \|>= 4.9.0, <= 4.9.6\|4.9.7\| \|>= 5.11.0, <= 5.11.6\|5.11.7\| \|>= 6.8.0, <= 6.8.1\|6.8.2\| \|>= 6.11.0, <= 6.11.1\|6.11.2\| \|>= 6.12.0, <= 6.12.4\|6.12.5\| \|>= 6.14.0, <= 6.14.2\|6.14.3\| \|>= 7.0.0, <= 7.0.2\|7.0.3\| \|7.3.0\|7.3.1\| #### .NET SDK * .NET 8.0.126 SDK * .NET 8.0.420 SDK * .NET 9.0.116 SDK * .NET 9.0.313 SDK * .NET 10.0.106 SDK * .NET 10.0.202 SDK ### Workarounds N/A ### References https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr ### Credit [splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/)	4.9.7 Affected by 0 other vulnerabilities. 5.11.7 Affected by 0 other vulnerabilities. 6.8.2 Affected by 0 other vulnerabilities. 6.11.2 Affected by 0 other vulnerabilities. 6.12.5 Affected by 0 other vulnerabilities. 6.14.3 Affected by 0 other vulnerabilities. 7.0.3 Affected by 0 other vulnerabilities. 7.3.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-xxrj-7szv-s3cm
Aliases:
GHSA-g4vj-cjjj-v7hg

Defense in Depth update for NuGet Client ### Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. ### Patches #### NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched version| |--|--| |>= 4.9.0, <= 4.9.6|4.9.7| |>= 5.11.0, <= 5.11.6|5.11.7| |>= 6.8.0, <= 6.8.1|6.8.2| |>= 6.11.0, <= 6.11.1|6.11.2| |>= 6.12.0, <= 6.12.4|6.12.5| |>= 6.14.0, <= 6.14.2|6.14.3| |>= 7.0.0, <= 7.0.2|7.0.3| |7.3.0|7.3.1| #### .NET SDK * .NET 8.0.126 SDK * .NET 8.0.420 SDK * .NET 9.0.116 SDK * .NET 9.0.313 SDK * .NET 10.0.106 SDK * .NET 10.0.202 SDK ### Workarounds N/A ### References https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr ### Credit [splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/)

4.9.7
Affected by 0 other vulnerabilities.

5.11.7
Affected by 0 other vulnerabilities.

6.8.2
Affected by 0 other vulnerabilities.

6.11.2
Affected by 0 other vulnerabilities.

6.12.5
Affected by 0 other vulnerabilities.

6.14.3
Affected by 0 other vulnerabilities.

7.0.3
Affected by 0 other vulnerabilities.

7.3.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T07:46:05.326308+00:00	GHSA Importer	Affected by	VCID-xxrj-7szv-s3cm	https://github.com/advisories/GHSA-g4vj-cjjj-v7hg	38.4.0
2026-04-03T21:27:58.963625+00:00	GitLab Importer	Fixing	VCID-5fx1-z4cb-hyd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/NuGet.Protocol/CVE-2022-41032.yml	38.1.0
2026-04-01T16:03:38.517100+00:00	GHSA Importer	Fixing	VCID-5fx1-z4cb-hyd8	https://github.com/advisories/GHSA-g3q9-xf95-8hp5	38.0.0
2026-04-01T13:05:00.096829+00:00	GithubOSV Importer	Fixing	VCID-5fx1-z4cb-hyd8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-g3q9-xf95-8hp5/GHSA-g3q9-xf95-8hp5.json	38.0.0