⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

Restore to select a suggestion for a revision.

CVE-2025-31846
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Theater for WordPress plugin <= 0.18.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7.

theatre
=<0.18.7

pkgs.texlivePackages.theatre

A sophisticated package for typesetting stage plays
CVE-2025-31538
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Checklist plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in checklistcom Checklist allows Stored XSS. This issue affects Checklist: from n/a through 1.1.9.

checklist
=<1.1.9

pkgs.texlivePackages.checklistings

Pass verbatim contents through a compiler and reincorporate the resulting output

pkgs.texlivePackages.typed-checklist

Typesetting tasks, goals, milestones, artifacts, and more in LaTeX
CVE-2025-31549
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @Srylax accepted as draft
  • @Srylax marked as untriaged
  • @LeSuisse dismissed
WordPress Fusion plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion allows DOM-Based XSS. This issue affects Fusion: from n/a through 1.6.3.

fusion
=<1.6.3

pkgs.lxgw-fusionkai

Simplified Chinese font derived from LXGW WenKai GB, iansui and Klee One

pkgs.python311Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

pkgs.python312Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

pkgs.vimPlugins.nvim-treesitter-parsers.fusion

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
    • nixos-24.11-small
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Notify package maintainers: 4
CVE-2025-3155
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
Yelp: arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

yelp

pkgs.yelp-xsl

Yelp's universal stylesheets for Mallard and DocBook

pkgs.yelp-tools

Small programs that help you create, edit, manage, and publish your Mallard or DocBook documentation

pkgs.gnome.yelp-xsl

Yelp's universal stylesheets for Mallard and DocBook
Notify package maintainers: 5
CVE-2025-30596
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress include-file <= 1 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound include-file allows Path Traversal. This issue affects include-file: from n/a through 1.

include-file
=<1
CVE-2025-31827
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Fonto plugin <= 1.2.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vlad.olaru Fonto allows Path Traversal. This issue affects Fonto: from n/a through 1.2.2.

fonto
=<1.2.2

pkgs.texlivePackages.fontools

Tools to simplify using fonts (especially TT/OTF ones)
CVE-2025-31384
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.

videos
=<1.0.5
Notify package maintainers: 2
CVE-2025-32250
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar allows Cross Site Request Forgery. This issue affects Rollbar: from n/a through 2.7.1.

rollbar
=<2.7.1
CVE-2025-32272
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Wishlist Plugin <= 1.0.44 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44.

wishlist
=<1.0.44
Notify package maintainers: 2
CVE-2025-31407
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 3 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.

tiger
=<2.0

pkgs.tigerjython

Simple development environment for programming in Python

pkgs.vimPlugins.nvim-treesitter-parsers.tiger

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
    • nixos-24.11-small
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Notify package maintainers: 4