GHAS Summary Report - Sun May 11 2025

<h1>GHAS Metrics Summary</h1>
<br>
<h2>Repository octofelickz/dvcsharp-api</h2>
<h1>Dependabot</h1>
<ul><li>Open Alerts: 31</li><li>Fixed in the past X days: 0</li><li>Opened in the past X days: 0</li><li>Frequency: daily</li><li>MTTR: </li><li>MTTD: </li></ul>
<h2>Dependabot - top 10</h2>
<table><tr><th>Package</th><th>Severity</th><th>Vulnerable versions</th><th>Patched version</th><th>CVE</th><th>CVSS</th><th>Link</th></tr><tr><td>System.Text.Encodings.Web</td><td>critical</td><td>>= 4.0.0, < 4.5.1</td><td>4.5.1</td><td>CVE-2021-26701</td><td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/7</td></tr><tr><td>Microsoft.NETCore.App</td><td>high</td><td>>= 1.0.0, < 2.0.3</td><td>2.0.3</td><td>CVE-2017-11770</td><td>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/31</td></tr><tr><td>System.Text.RegularExpressions</td><td>high</td><td>>= 4.3.0, < 4.3.1</td><td>4.3.1</td><td>CVE-2019-0820</td><td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/30</td></tr><tr><td>System.Net.Http</td><td>high</td><td>< 4.3.4</td><td>4.3.4</td><td>CVE-2018-8292</td><td>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/29</td></tr><tr><td>System.Net.Security</td><td>high</td><td>= 4.3.0</td><td>4.3.1</td><td>CVE-2017-0249</td><td>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/27</td></tr><tr><td>System.Net.Security</td><td>high</td><td>= 4.3.0</td><td>4.3.1</td><td>CVE-2017-0247</td><td>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/26</td></tr><tr><td>System.Data.SqlClient</td><td>high</td><td>< 4.8.6</td><td>4.8.6</td><td>CVE-2024-0056</td><td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/23</td></tr><tr><td>Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv</td><td>high</td><td><= 2.1.39</td><td>2.1.40</td><td>CVE-2023-38180</td><td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/21</td></tr><tr><td>Microsoft.AspNetCore.Identity</td><td>high</td><td>< 2.1.39</td><td>2.1.39</td><td>CVE-2023-33170</td><td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/20</td></tr><tr><td>Newtonsoft.Json</td><td>high</td><td>< 13.0.1</td><td>13.0.1</td><td>CVE-2024-21907</td><td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</td><td>https://github.com/octofelickz/dvcsharp-api/security/dependabot/18</td></tr></table>
<br>
<h1>Code Scanning</h1>
<ul><li>Open Alerts: 27</li><li>Fixed in the past X days: 5</li><li>Opened in the past X days: 0</li><li>Frequency: daily</li><li>MTTR: 32 days, 8 hours, 10 minutes, 50 seconds</li><li>MTTD: </li></ul>
<h2>Code Scanning - top 10</h2>
<table><tr><th>Vulnerability</th><th>Severity</th><th>Weakness</th><th>Tool</th><th>Vulnerable file</th><th>Link</th></tr><tr><td>cs/xml/insecure-dtd-handling</td><td>critical</td><td>CWE-611, CWE-776, CWE-827</td><td>CodeQL</td><td>Controllers/ImportsController.cs#L29</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/4</td></tr><tr><td>cs/user-controlled-bypass</td><td>high</td><td>CWE-247, CWE-350, CWE-807</td><td>CodeQL</td><td>Controllers/AuthorizationsController.cs#L53</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/2</td></tr><tr><td>generic.secrets.security.detected-jwt-token.detected-jwt-token</td><td>error</td><td>CWE-321</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L141</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/27</td></tr><tr><td>generic.secrets.security.detected-jwt-token.detected-jwt-token</td><td>error</td><td>CWE-321</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L108</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/26</td></tr><tr><td>generic.secrets.security.detected-jwt-token.detected-jwt-token</td><td>error</td><td>CWE-321</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L73</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/25</td></tr><tr><td>generic.secrets.security.detected-jwt-token.detected-jwt-token</td><td>error</td><td>CWE-321</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L46</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/24</td></tr><tr><td>generic.secrets.security.detected-jwt-token.detected-jwt-token</td><td>error</td><td>CWE-321</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/attacks/ssrf.md#L30</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/23</td></tr><tr><td>generic.secrets.security.detected-jwt-token.detected-jwt-token</td><td>error</td><td>CWE-321</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/attacks/sso-cookie-auth-bypass.md#L29</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/22</td></tr><tr><td>generic.secrets.security.detected-jwt-token.detected-jwt-token</td><td>error</td><td>CWE-321</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/attacks/privilege-escalation.md#L20</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/21</td></tr><tr><td>generic.secrets.security.detected-generic-secret.detected-generic-secret</td><td>error</td><td>CWE-798</td><td>Semgrep OSS</td><td>documentation-dvcsharp-book/attacks/insecure-jwt-usage.md#L14</td><td>https://github.com/octofelickz/dvcsharp-api/security/code-scanning/20</td></tr></table>
<br>


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GHAS Summary Report - Sun May 11 2025 #127

GHAS Metrics Summary

Repository octofelickz/dvcsharp-api

Dependabot

Dependabot - top 10

Code Scanning

Code Scanning - top 10

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Package	Severity	Vulnerable versions	Patched version	CVE	CVSS	Link
System.Text.Encodings.Web	critical	>= 4.0.0, < 4.5.1	4.5.1	CVE-2021-26701	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	https://github.com/octofelickz/dvcsharp-api/security/dependabot/7
Microsoft.NETCore.App	high	>= 1.0.0, < 2.0.3	2.0.3	CVE-2017-11770	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	https://github.com/octofelickz/dvcsharp-api/security/dependabot/31
System.Text.RegularExpressions	high	>= 4.3.0, < 4.3.1	4.3.1	CVE-2019-0820	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	https://github.com/octofelickz/dvcsharp-api/security/dependabot/30
System.Net.Http	high	< 4.3.4	4.3.4	CVE-2018-8292	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	https://github.com/octofelickz/dvcsharp-api/security/dependabot/29
System.Net.Security	high	= 4.3.0	4.3.1	CVE-2017-0249	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	https://github.com/octofelickz/dvcsharp-api/security/dependabot/27
System.Net.Security	high	= 4.3.0	4.3.1	CVE-2017-0247	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	https://github.com/octofelickz/dvcsharp-api/security/dependabot/26
System.Data.SqlClient	high	< 4.8.6	4.8.6	CVE-2024-0056	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N	https://github.com/octofelickz/dvcsharp-api/security/dependabot/23
Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv	high	<= 2.1.39	2.1.40	CVE-2023-38180	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	https://github.com/octofelickz/dvcsharp-api/security/dependabot/21
Microsoft.AspNetCore.Identity	high	< 2.1.39	2.1.39	CVE-2023-33170	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	https://github.com/octofelickz/dvcsharp-api/security/dependabot/20
Newtonsoft.Json	high	< 13.0.1	13.0.1	CVE-2024-21907	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	https://github.com/octofelickz/dvcsharp-api/security/dependabot/18

Vulnerability	Severity	Weakness	Tool	Vulnerable file	Link
cs/xml/insecure-dtd-handling	critical	CWE-611, CWE-776, CWE-827	CodeQL	Controllers/ImportsController.cs#L29	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/4
cs/user-controlled-bypass	high	CWE-247, CWE-350, CWE-807	CodeQL	Controllers/AuthorizationsController.cs#L53	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/2
generic.secrets.security.detected-jwt-token.detected-jwt-token	error	CWE-321	Semgrep OSS	documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L141	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/27
generic.secrets.security.detected-jwt-token.detected-jwt-token	error	CWE-321	Semgrep OSS	documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L108	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/26
generic.secrets.security.detected-jwt-token.detected-jwt-token	error	CWE-321	Semgrep OSS	documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L73	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/25
generic.secrets.security.detected-jwt-token.detected-jwt-token	error	CWE-321	Semgrep OSS	documentation-dvcsharp-book/data/DVCSharp_postman_v2.json#L46	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/24
generic.secrets.security.detected-jwt-token.detected-jwt-token	error	CWE-321	Semgrep OSS	documentation-dvcsharp-book/attacks/ssrf.md#L30	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/23
generic.secrets.security.detected-jwt-token.detected-jwt-token	error	CWE-321	Semgrep OSS	documentation-dvcsharp-book/attacks/sso-cookie-auth-bypass.md#L29	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/22
generic.secrets.security.detected-jwt-token.detected-jwt-token	error	CWE-321	Semgrep OSS	documentation-dvcsharp-book/attacks/privilege-escalation.md#L20	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/21
generic.secrets.security.detected-generic-secret.detected-generic-secret	error	CWE-798	Semgrep OSS	documentation-dvcsharp-book/attacks/insecure-jwt-usage.md#L14	https://github.com/octofelickz/dvcsharp-api/security/code-scanning/20

GHAS Summary Report - Sun May 11 2025 #127

Description

GHAS Metrics Summary

Repository octofelickz/dvcsharp-api

Dependabot

Dependabot - top 10

Code Scanning

Code Scanning - top 10

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions