Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/DotNetNuke.Core@9.4.2
purl pkg:nuget/DotNetNuke.Core@9.4.2
Next non-vulnerable version 9.11.0
Latest non-vulnerable version 10.2.2
Risk 4.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-3b3m-76g5-5kfm
Aliases:
CVE-2022-2922
GHSA-9w72-2f23-57gm
DNN vulnerable to Relative Path Traversal DNN (GitHub repository dnnsoftware/dnn.platform) prior to 9.11.0 is vulnerable to Relative Path Traversal. Version 9.11.0 contains a patch for this issue.
9.11.0
Affected by 0 other vulnerabilities.
VCID-ky3u-4syg-3yat
Aliases:
CVE-2022-47053
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.
9.11.0
Affected by 0 other vulnerabilities.
VCID-m5hg-ajyc-3qf1
Aliases:
CVE-2020-5187
GHSA-4qf5-7xc2-wqpg
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') DNN (formerly DotNetNuke) allows Path Traversal.
9.5.0
Affected by 5 other vulnerabilities.
9.13.0-ci0000
Affected by 0 other vulnerabilities.
VCID-pnw1-8knr-7qhc
Aliases:
CVE-2021-40186
9.13.0-ci0000
Affected by 0 other vulnerabilities.
VCID-qscj-d21p-nfby
Aliases:
CVE-2020-5186
GHSA-9phr-h5mx-4fp6
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') DNN (formerly DotNetNuke) allows XSS.
9.5.0
Affected by 5 other vulnerabilities.
9.13.0-ci0000
Affected by 0 other vulnerabilities.
VCID-uc59-7c8z-6kbd
Aliases:
CVE-2021-31858
9.13.0-ci0000
Affected by 0 other vulnerabilities.
VCID-y9ym-w5m9-e3bs
Aliases:
CVE-2020-5188
GHSA-vjcm-j85r-7p68
Incorrect Resource Transfer Between Spheres DNN (formerly DotNetNuke) has Insecure Permissions.
9.5.0
Affected by 5 other vulnerabilities.
9.13.0-ci0000
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T03:39:52.811624+00:00 GitLab Importer Affected by VCID-ky3u-4syg-3yat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2022-47053.yml 38.6.0
2026-06-06T03:01:29.633955+00:00 GitLab Importer Affected by VCID-3b3m-76g5-5kfm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2022-2922.yml 38.6.0
2026-06-06T02:42:08.376830+00:00 GitLab Importer Affected by VCID-uc59-7c8z-6kbd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2021-31858.yml 38.6.0
2026-06-06T02:35:01.236958+00:00 GitLab Importer Affected by VCID-pnw1-8knr-7qhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2021-40186.yml 38.6.0
2026-06-04T20:27:38.772334+00:00 GitLab Importer Affected by VCID-y9ym-w5m9-e3bs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5188.yml 38.6.0
2026-06-04T20:27:38.070398+00:00 GitLab Importer Affected by VCID-m5hg-ajyc-3qf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5187.yml 38.6.0
2026-06-04T20:27:31.503199+00:00 GitLab Importer Affected by VCID-qscj-d21p-nfby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/DotNetNuke.Core/CVE-2020-5186.yml 38.6.0