Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-64363 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks, 1 day ago @pyrox0 dismissed 1 day, 6 hours ago WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0. kleo =<< 5.5.0 pkgs.libsForQt5.libkleo nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 pkgs.kdePackages.libkleo Library that provides cryptography support for mails nixos-25.05 25.04.3 nixpkgs-25.05-darwin 25.04.3 nixos-25.05-small 25.04.3 nixos-unstable 25.08.1 nixos-unstable-small 25.08.1 nixpkgs-unstable 25.08.1 pkgs.libsForQt5.kleopatra Certificate manager and unified crypto GUI nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 pkgs.kdePackages.kleopatra Certificate manager and GUI for OpenPGP and CMS cryptography nixos-25.05 25.04.3 nixpkgs-25.05-darwin 25.04.3 nixos-25.05-small 25.04.3 nixos-unstable 25.08.1 nixos-unstable-small 25.08.1 nixpkgs-unstable 25.08.1 pkgs.plasma5Packages.libkleo nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 pkgs.plasma5Packages.kleopatra Certificate manager and unified crypto GUI nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 Package maintainers: 9 @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @K900 Ilya K. <me@0upti.me> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @mjm Matt Moriarity <matt@mattmoriarity.com> @NickCao Nick Cao <nickcao@nichi.co> @vandenoever Jos van den Oever <jos@vandenoever.info> @nyanloutre Paul Trehiou <paul@nyanlout.re> CVE-2025-12695 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks, 1 day ago @pyrox0 dismissed 1 day, 6 hours ago Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class. dspy ==0 pkgs.python312Packages.ndspy Python library for many Nintendo DS file formats nixos-25.05 4.2.0 nixpkgs-25.05-darwin 4.2.0 nixos-25.05-small 4.2.0 nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0 pkgs.python313Packages.ndspy Python library for many Nintendo DS file formats nixos-25.05 4.2.0 nixpkgs-25.05-darwin 4.2.0 nixos-25.05-small 4.2.0 nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0 Package maintainers: 1 @marius851000 Marius David <mariusdavid@laposte.net> CVE-2025-10622 8.0 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks, 1 day ago @pyrox0 dismissed 1 day, 6 hours ago Foreman: os command injection via ct_location and fcct_location parameters A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting. foreman * satellite:el8/foreman pkgs.foreman Process manager for applications with multiple components nixos-25.05 0.87.2 nixpkgs-25.05-darwin 0.87.2 nixos-25.05-small 0.87.2 nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com> CVE-2025-66099 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks ago @pyrox0 dismissed 1 day, 6 hours ago WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3. chat-help =<<= 3.1.3 pkgs.aider-chat-with-help AI pair programming in your terminal nixos-unstable 0.86.1 nixos-unstable-small 0.86.1 nixpkgs-unstable 0.86.1 Package maintainers: 2 @happysalada Raphael Megzari <raphael@megzari.com> @yzx9 Zexin Yuan <yuan.zx@outlook.com> CVE-2025-60093 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. download-manager =<3.3.24 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com> CVE-2025-60092 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. download-manager =<3.3.24 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com> CVE-2025-60165 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7. frames =<1.5.7 pkgs.framesh Native web3 interface that lets you sign data, securely manage accounts and transparently interact with dapps via web3 protocols like Ethereum and IPFS nixos-25.05 0.6.11 nixpkgs-25.05-darwin 0.6.11 nixos-25.05-small 0.6.11 nixos-unstable 0.6.11 nixos-unstable-small 0.6.11 nixpkgs-unstable 0.6.11 pkgs.haskellPackages.javelin-frames Type-safe data frames based on higher-kinded types nixos-25.05 0.1.0.1 nixpkgs-25.05-darwin 0.1.0.1 nixos-25.05-small 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python312Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.python313Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 Package maintainers: 2 @0xnook Tom Nook <0xnook@protonmail.com> @philiptaron Philip Taron <philip.taron@gmail.com> CVE-2025-62952 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0. chatbot =<<= 7.3.0 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-64228 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. affs =<<= 11.0.0 pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9 pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30 Package maintainers: 2 @stigtsp Stig Palmquist <stig@stig.io> @KSJ2000 KSJ2000 <katsho123@outlook.com> CVE-2025-64354 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through <= 21.8.2. gutenberg =<<= 21.8.2 pkgs.nltk-data.gutenberg NLTK Data nixos-unstable 0-unstable-2024-07-29 nixos-unstable-small 0-unstable-2024-07-29 nixpkgs-unstable 0-unstable-2024-07-29 pkgs.wordpressPackages.plugins.gutenberg nixos-25.05 20.6.0 nixpkgs-25.05-darwin 20.6.0 nixos-25.05-small 20.6.0 nixos-unstable 20.6.0 nixos-unstable-small 20.6.0 nixpkgs-unstable 20.6.0 pkgs.haskellPackages.gutenberg-fibonaccis The first 1001 Fibonacci numbers, retrieved from the Gutenberg Project nixos-25.05 1.1.0 nixpkgs-25.05-darwin 1.1.0 nixos-25.05-small 1.1.0 nixos-unstable 1.1.0 nixos-unstable-small 1.1.0 nixpkgs-unstable 1.1.0 Package maintainers: 2 @bengsparks Ben Sparks <benjamin.sparks@protonmail.com> @happysalada Raphael Megzari <raphael@megzari.com>
CVE-2025-64363 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks, 1 day ago @pyrox0 dismissed 1 day, 6 hours ago WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0. kleo =<< 5.5.0 pkgs.libsForQt5.libkleo nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 pkgs.kdePackages.libkleo Library that provides cryptography support for mails nixos-25.05 25.04.3 nixpkgs-25.05-darwin 25.04.3 nixos-25.05-small 25.04.3 nixos-unstable 25.08.1 nixos-unstable-small 25.08.1 nixpkgs-unstable 25.08.1 pkgs.libsForQt5.kleopatra Certificate manager and unified crypto GUI nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 pkgs.kdePackages.kleopatra Certificate manager and GUI for OpenPGP and CMS cryptography nixos-25.05 25.04.3 nixpkgs-25.05-darwin 25.04.3 nixos-25.05-small 25.04.3 nixos-unstable 25.08.1 nixos-unstable-small 25.08.1 nixpkgs-unstable 25.08.1 pkgs.plasma5Packages.libkleo nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 pkgs.plasma5Packages.kleopatra Certificate manager and unified crypto GUI nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5 Package maintainers: 9 @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @K900 Ilya K. <me@0upti.me> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @mjm Matt Moriarity <matt@mattmoriarity.com> @NickCao Nick Cao <nickcao@nichi.co> @vandenoever Jos van den Oever <jos@vandenoever.info> @nyanloutre Paul Trehiou <paul@nyanlout.re>
pkgs.kdePackages.libkleo Library that provides cryptography support for mails nixos-25.05 25.04.3 nixpkgs-25.05-darwin 25.04.3 nixos-25.05-small 25.04.3 nixos-unstable 25.08.1 nixos-unstable-small 25.08.1 nixpkgs-unstable 25.08.1
pkgs.libsForQt5.kleopatra Certificate manager and unified crypto GUI nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5
pkgs.kdePackages.kleopatra Certificate manager and GUI for OpenPGP and CMS cryptography nixos-25.05 25.04.3 nixpkgs-25.05-darwin 25.04.3 nixos-25.05-small 25.04.3 nixos-unstable 25.08.1 nixos-unstable-small 25.08.1 nixpkgs-unstable 25.08.1
pkgs.plasma5Packages.libkleo nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5
pkgs.plasma5Packages.kleopatra Certificate manager and unified crypto GUI nixos-25.05 23.08.5 nixpkgs-25.05-darwin 23.08.5 nixos-25.05-small 23.08.5
CVE-2025-12695 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks, 1 day ago @pyrox0 dismissed 1 day, 6 hours ago Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class. dspy ==0 pkgs.python312Packages.ndspy Python library for many Nintendo DS file formats nixos-25.05 4.2.0 nixpkgs-25.05-darwin 4.2.0 nixos-25.05-small 4.2.0 nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0 pkgs.python313Packages.ndspy Python library for many Nintendo DS file formats nixos-25.05 4.2.0 nixpkgs-25.05-darwin 4.2.0 nixos-25.05-small 4.2.0 nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0 Package maintainers: 1 @marius851000 Marius David <mariusdavid@laposte.net>
pkgs.python312Packages.ndspy Python library for many Nintendo DS file formats nixos-25.05 4.2.0 nixpkgs-25.05-darwin 4.2.0 nixos-25.05-small 4.2.0 nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0
pkgs.python313Packages.ndspy Python library for many Nintendo DS file formats nixos-25.05 4.2.0 nixpkgs-25.05-darwin 4.2.0 nixos-25.05-small 4.2.0 nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0
CVE-2025-10622 8.0 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks, 1 day ago @pyrox0 dismissed 1 day, 6 hours ago Foreman: os command injection via ct_location and fcct_location parameters A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting. foreman * satellite:el8/foreman pkgs.foreman Process manager for applications with multiple components nixos-25.05 0.87.2 nixpkgs-25.05-darwin 0.87.2 nixos-25.05-small 0.87.2 nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com>
pkgs.foreman Process manager for applications with multiple components nixos-25.05 0.87.2 nixpkgs-25.05-darwin 0.87.2 nixos-25.05-small 0.87.2 nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2
CVE-2025-66099 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 1 day, 6 hours ago by @pyrox0 Activity log Created automatic suggestion 2 weeks ago @pyrox0 dismissed 1 day, 6 hours ago WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3. chat-help =<<= 3.1.3 pkgs.aider-chat-with-help AI pair programming in your terminal nixos-unstable 0.86.1 nixos-unstable-small 0.86.1 nixpkgs-unstable 0.86.1 Package maintainers: 2 @happysalada Raphael Megzari <raphael@megzari.com> @yzx9 Zexin Yuan <yuan.zx@outlook.com>
pkgs.aider-chat-with-help AI pair programming in your terminal nixos-unstable 0.86.1 nixos-unstable-small 0.86.1 nixpkgs-unstable 0.86.1
CVE-2025-60093 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. download-manager =<3.3.24 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1
CVE-2025-60092 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. download-manager =<3.3.24 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1
CVE-2025-60165 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7. frames =<1.5.7 pkgs.framesh Native web3 interface that lets you sign data, securely manage accounts and transparently interact with dapps via web3 protocols like Ethereum and IPFS nixos-25.05 0.6.11 nixpkgs-25.05-darwin 0.6.11 nixos-25.05-small 0.6.11 nixos-unstable 0.6.11 nixos-unstable-small 0.6.11 nixpkgs-unstable 0.6.11 pkgs.haskellPackages.javelin-frames Type-safe data frames based on higher-kinded types nixos-25.05 0.1.0.1 nixpkgs-25.05-darwin 0.1.0.1 nixos-25.05-small 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python312Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.python313Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 Package maintainers: 2 @0xnook Tom Nook <0xnook@protonmail.com> @philiptaron Philip Taron <philip.taron@gmail.com>
pkgs.framesh Native web3 interface that lets you sign data, securely manage accounts and transparently interact with dapps via web3 protocols like Ethereum and IPFS nixos-25.05 0.6.11 nixpkgs-25.05-darwin 0.6.11 nixos-25.05-small 0.6.11 nixos-unstable 0.6.11 nixos-unstable-small 0.6.11 nixpkgs-unstable 0.6.11
pkgs.haskellPackages.javelin-frames Type-safe data frames based on higher-kinded types nixos-25.05 0.1.0.1 nixpkgs-25.05-darwin 0.1.0.1 nixos-25.05-small 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1
pkgs.python312Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
pkgs.python313Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
CVE-2025-62952 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0. chatbot =<<= 7.3.0 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22
CVE-2025-64228 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. affs =<<= 11.0.0 pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9 pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30 Package maintainers: 2 @stigtsp Stig Palmquist <stig@stig.io> @KSJ2000 KSJ2000 <katsho123@outlook.com>
pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9
pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30
CVE-2025-64354 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 3 hours ago by @LeSuisse Activity log Created automatic suggestion 2 weeks, 1 day ago @LeSuisse dismissed 5 days, 3 hours ago WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through <= 21.8.2. gutenberg =<<= 21.8.2 pkgs.nltk-data.gutenberg NLTK Data nixos-unstable 0-unstable-2024-07-29 nixos-unstable-small 0-unstable-2024-07-29 nixpkgs-unstable 0-unstable-2024-07-29 pkgs.wordpressPackages.plugins.gutenberg nixos-25.05 20.6.0 nixpkgs-25.05-darwin 20.6.0 nixos-25.05-small 20.6.0 nixos-unstable 20.6.0 nixos-unstable-small 20.6.0 nixpkgs-unstable 20.6.0 pkgs.haskellPackages.gutenberg-fibonaccis The first 1001 Fibonacci numbers, retrieved from the Gutenberg Project nixos-25.05 1.1.0 nixpkgs-25.05-darwin 1.1.0 nixos-25.05-small 1.1.0 nixos-unstable 1.1.0 nixos-unstable-small 1.1.0 nixpkgs-unstable 1.1.0 Package maintainers: 2 @bengsparks Ben Sparks <benjamin.sparks@protonmail.com> @happysalada Raphael Megzari <raphael@megzari.com>
pkgs.nltk-data.gutenberg NLTK Data nixos-unstable 0-unstable-2024-07-29 nixos-unstable-small 0-unstable-2024-07-29 nixpkgs-unstable 0-unstable-2024-07-29
pkgs.wordpressPackages.plugins.gutenberg nixos-25.05 20.6.0 nixpkgs-25.05-darwin 20.6.0 nixos-25.05-small 20.6.0 nixos-unstable 20.6.0 nixos-unstable-small 20.6.0 nixpkgs-unstable 20.6.0
pkgs.haskellPackages.gutenberg-fibonaccis The first 1001 Fibonacci numbers, retrieved from the Gutenberg Project nixos-25.05 1.1.0 nixpkgs-25.05-darwin 1.1.0 nixos-25.05-small 1.1.0 nixos-unstable 1.1.0 nixos-unstable-small 1.1.0 nixpkgs-unstable 1.1.0