We have run a security scan on one of our applications that uses ASPOSE.TOTAL for .NET. We are using Apose.PDF (22.12.0), Aspose.Cells (22.12.0), Aspose.Diagram (22.12.0), Aspose.PUB (22.12.0), and Aspose.Slides.NET (22.12.0). We have adding these to our project using Nuget. All of these packages appear to be vulnerable to CWE-94 / CVE-2021-24112 that allows for remote code execution. This is considered a high vulnerability in the code scan. The issue is related to the System.Drawing.Common v5.0.2 dependency that these packages are using and it appears that this vulnerability has been patched in System.Drawing.Common v5.0.3.
There was another high risk vulnerability CWE-755 that was found in the Aspose.PDF (22.12.0) that relates to the Newtonsoft.Json dependency in Microsoft.Extension.DependencyModel.
Are you in the process of having these vulnerabilities patched and will you be able to patch these in the upcoming release?