Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/NuGet.Protocol@6.11.2
purl pkg:nuget/NuGet.Protocol@6.11.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-xxrj-7szv-s3cm Defense in Depth update for NuGet Client ### Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. ### Patches #### NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched version| |--|--| |>= 4.9.0, <= 4.9.6|4.9.7| |>= 5.11.0, <= 5.11.6|5.11.7| |>= 6.8.0, <= 6.8.1|6.8.2| |>= 6.11.0, <= 6.11.1|6.11.2| |>= 6.12.0, <= 6.12.4|6.12.5| |>= 6.14.0, <= 6.14.2|6.14.3| |>= 7.0.0, <= 7.0.2|7.0.3| |7.3.0|7.3.1| #### .NET SDK * .NET 8.0.126 SDK * .NET 8.0.420 SDK * .NET 9.0.116 SDK * .NET 9.0.313 SDK * .NET 10.0.106 SDK * .NET 10.0.202 SDK ### Workarounds N/A ### References https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr ### Credit [splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/) GHSA-g4vj-cjjj-v7hg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T07:46:05.297063+00:00 GHSA Importer Fixing VCID-xxrj-7szv-s3cm https://github.com/advisories/GHSA-g4vj-cjjj-v7hg 38.4.0
2026-04-15T12:48:24.609227+00:00 GithubOSV Importer Fixing VCID-xxrj-7szv-s3cm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-g4vj-cjjj-v7hg/GHSA-g4vj-cjjj-v7hg.json 38.4.0