Browse all 7 CVE security advisories affecting Proget. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Proget serves as a package management solution for .NET, NuGet, npm, and other ecosystems, enabling organizations to host and distribute software packages internally. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. While no major public incidents have been widely documented, the seven recorded CVEs highlight recurring security concerns in web interfaces and authentication mechanisms. The application's exposure to internet-facing deployments increases its risk profile, particularly when default configurations remain unchanged or security patches are not promptly applied.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1421 | Formula injection in a CSV file in Proget MDM — ProgetCWE-1236 | 6.5AI | MediumAI | 2025-05-21 |
| CVE-2025-1420 | XSS in Proget MDM — ProgetCWE-79 | 4.8AI | MediumAI | 2025-05-21 |
| CVE-2025-1419 | XSS in Proget MDM — ProgetCWE-79 | 4.8AI | MediumAI | 2025-05-21 |
| CVE-2025-1418 | Information disclosure in Proget MDM — ProgetCWE-863 | 4.3AI | MediumAI | 2025-05-21 |
| CVE-2025-1417 | Information disclosure in Proget MDM — ProgetCWE-863 | 5.3AI | MediumAI | 2025-05-21 |
| CVE-2025-1416 | Password disclosure in Proget MDM — ProgetCWE-863 | 7.5AI | HighAI | 2025-05-21 |
| CVE-2025-1415 | Information disclosure in Proget MDM — ProgetCWE-863 | 5.3AI | MediumAI | 2025-05-21 |
This page lists every published CVE security advisory associated with Proget. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.