Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-49251 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 33 packages grafana grafanactl mcp-grafana grafana-loki grafana-alloy grafana-kiosk grafana-to-ntfy grafana-dash-n-grab dhallPackages.dhall-grafana terraform-providers.grafana python312Packages.grafanalib python313Packages.grafanalib haskellPackages.amazonka-grafana grafanaPlugins.grafana-oncall-app grafanaPlugins.grafana-clock-panel grafanaPlugins.grafana-pyroscope-app grafanaPlugins.grafana-googlesheets-datasource grafanaPlugins.grafana-opensearch-datasource grafanaPlugins.grafana-clickhouse-datasource python313Packages.types-aiobotocore-grafana python312Packages.types-aiobotocore-grafana grafanaPlugins.grafana-metricsdrilldown-app grafanaPlugins.grafana-discourse-datasource grafanaPlugins.grafana-sentry-datasource grafanaPlugins.grafana-github-datasource grafanaPlugins.grafana-exploretraces-app grafanaPlugins.grafana-mqtt-datasource grafanaPlugins.grafana-lokiexplore-app grafanaPlugins.grafana-worldmap-panel grafanaPlugins.grafana-polystat-panel grafanaPlugins.grafana-piechart-panel python313Packages.mypy-boto3-grafana python312Packages.mypy-boto3-grafana 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. This issue affects Fana: from n/a through 1.1.28. fana =<1.1.28 CVE-2025-49253 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 3 packages typstPackages.lasagna_0_1_0 typstPackages.lasaveur_0_1_3 typstPackages.lasaveur_0_1_4 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1. lasa =<1.1 CVE-2025-49259 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 11 packages charasay gnome-characters keepass-charactercopy unicode-character-database haskellPackages.character-ps coqPackages.mathcomp-character python312Packages.characteristic python313Packages.characteristic magnetophonDSP.CharacterCompressor python312Packages.character-encoding-utils python313Packages.character-encoding-utils 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Hara <= 1.2.10 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara allows PHP Local File Inclusion. This issue affects Hara: from n/a through 1.2.10. hara =<1.2.10 CVE-2025-23999 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 14 packages kdePackages.breeze kdePackages.breeze-gtk kdePackages.breeze-grub libsForQt5.breeze-icons kdePackages.breeze-icons breeze-hacked-cursor-theme kdePackages.breeze-plymouth python312Packages.seabreeze python313Packages.seabreeze plasma5Packages.breeze-icons kdePackages.qqc2-breeze-style wordpressPackages.plugins.breeze kdePackages.sierra-breeze-enhanced qt6Packages.sierra-breeze-enhanced 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13. breeze =<2.2.13 CVE-2025-49976 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 10 packages fsnotifier mpris-notifier terminal-notifier usbguard-notifier python312Packages.pynotifier python312Packages.desktop-notifier python313Packages.desktop-notifier haskellPackages.status-notifier-item kdePackages.kstatusnotifieritem python313Packages.pynotifier 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7. notifier =<2.7.7 CVE-2025-49974 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 3 packages git-upstream lomiri.qtmir tests.haskell.upstreamStackHpackVersion 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0. upstream =<2.1.0 CVE-2025-53338 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 23 packages replace fireplace qsreplace replacement replace-secret haskellPackages.replace-attoparsec haskellPackages.replace-megaparsec haskellPackages.text-regex-replace tests.substitute.legacySingleReplace tests.replaceVars.replaceVars.succeeds tests.replaceVars.replaceVarsWith.succeeds tests.replaceVars.replaceVars.fails-on-directory tests.replaceVars.replaceVars.fails-in-build-phase tests.replaceVars.replaceVars.fails-in-check-phase tests.replaceVars.replaceVarsWith.fails-on-directory tests.replaceVars.replaceVars.succeeds-with-exemption tests.replaceVars.replaceVarsWith.fails-in-build-phase tests.replaceVars.replaceVarsWith.fails-in-check-phase tests.replaceVars.replaceVarsWith.succeeds-with-exemption tests.replaceVars.replaceVars.fails-in-check-phase-with-exemption tests.replaceVars.replaceVars.fails-in-check-phase-with-bad-exemption tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-exemption tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-bad-exemption 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. replace =<0.2.1 CVE-2025-52826 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. sala =<1.1.3 CVE-2025-31428 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 11 packages hydrogen hydroxide libhydrogen tau-hydrogen fishPlugins.hydro hydrogen-web-unwrapped python312Packages.hydrogram python313Packages.hydrogram haskellPackages.hydrogen-version python312Packages.swisshydrodata python313Packages.swisshydrodata 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. hydro =<2.8 CVE-2025-53200 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package gnomeExtensions.penguin-ai-chatbot 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. chatbot =<6.7.3
CVE-2025-49251 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 33 packages grafana grafanactl mcp-grafana grafana-loki grafana-alloy grafana-kiosk grafana-to-ntfy grafana-dash-n-grab dhallPackages.dhall-grafana terraform-providers.grafana python312Packages.grafanalib python313Packages.grafanalib haskellPackages.amazonka-grafana grafanaPlugins.grafana-oncall-app grafanaPlugins.grafana-clock-panel grafanaPlugins.grafana-pyroscope-app grafanaPlugins.grafana-googlesheets-datasource grafanaPlugins.grafana-opensearch-datasource grafanaPlugins.grafana-clickhouse-datasource python313Packages.types-aiobotocore-grafana python312Packages.types-aiobotocore-grafana grafanaPlugins.grafana-metricsdrilldown-app grafanaPlugins.grafana-discourse-datasource grafanaPlugins.grafana-sentry-datasource grafanaPlugins.grafana-github-datasource grafanaPlugins.grafana-exploretraces-app grafanaPlugins.grafana-mqtt-datasource grafanaPlugins.grafana-lokiexplore-app grafanaPlugins.grafana-worldmap-panel grafanaPlugins.grafana-polystat-panel grafanaPlugins.grafana-piechart-panel python313Packages.mypy-boto3-grafana python312Packages.mypy-boto3-grafana 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. This issue affects Fana: from n/a through 1.1.28. fana =<1.1.28
CVE-2025-49253 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 3 packages typstPackages.lasagna_0_1_0 typstPackages.lasaveur_0_1_3 typstPackages.lasaveur_0_1_4 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1. lasa =<1.1
CVE-2025-49259 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 11 packages charasay gnome-characters keepass-charactercopy unicode-character-database haskellPackages.character-ps coqPackages.mathcomp-character python312Packages.characteristic python313Packages.characteristic magnetophonDSP.CharacterCompressor python312Packages.character-encoding-utils python313Packages.character-encoding-utils 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Hara <= 1.2.10 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara allows PHP Local File Inclusion. This issue affects Hara: from n/a through 1.2.10. hara =<1.2.10
CVE-2025-23999 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 14 packages kdePackages.breeze kdePackages.breeze-gtk kdePackages.breeze-grub libsForQt5.breeze-icons kdePackages.breeze-icons breeze-hacked-cursor-theme kdePackages.breeze-plymouth python312Packages.seabreeze python313Packages.seabreeze plasma5Packages.breeze-icons kdePackages.qqc2-breeze-style wordpressPackages.plugins.breeze kdePackages.sierra-breeze-enhanced qt6Packages.sierra-breeze-enhanced 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13. breeze =<2.2.13
CVE-2025-49976 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 10 packages fsnotifier mpris-notifier terminal-notifier usbguard-notifier python312Packages.pynotifier python312Packages.desktop-notifier python313Packages.desktop-notifier haskellPackages.status-notifier-item kdePackages.kstatusnotifieritem python313Packages.pynotifier 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7. notifier =<2.7.7
CVE-2025-49974 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 3 packages git-upstream lomiri.qtmir tests.haskell.upstreamStackHpackVersion 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0. upstream =<2.1.0
CVE-2025-53338 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 23 packages replace fireplace qsreplace replacement replace-secret haskellPackages.replace-attoparsec haskellPackages.replace-megaparsec haskellPackages.text-regex-replace tests.substitute.legacySingleReplace tests.replaceVars.replaceVars.succeeds tests.replaceVars.replaceVarsWith.succeeds tests.replaceVars.replaceVars.fails-on-directory tests.replaceVars.replaceVars.fails-in-build-phase tests.replaceVars.replaceVars.fails-in-check-phase tests.replaceVars.replaceVarsWith.fails-on-directory tests.replaceVars.replaceVars.succeeds-with-exemption tests.replaceVars.replaceVarsWith.fails-in-build-phase tests.replaceVars.replaceVarsWith.fails-in-check-phase tests.replaceVars.replaceVarsWith.succeeds-with-exemption tests.replaceVars.replaceVars.fails-in-check-phase-with-exemption tests.replaceVars.replaceVars.fails-in-check-phase-with-bad-exemption tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-exemption tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-bad-exemption 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. replace =<0.2.1
CVE-2025-52826 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. sala =<1.1.3
CVE-2025-31428 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 11 packages hydrogen hydroxide libhydrogen tau-hydrogen fishPlugins.hydro hydrogen-web-unwrapped python312Packages.hydrogram python313Packages.hydrogram haskellPackages.hydrogen-version python312Packages.swisshydrodata python313Packages.swisshydrodata 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. hydro =<2.8
CVE-2025-53200 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package gnomeExtensions.penguin-ai-chatbot 3 weeks ago @LeSuisse dismissed 3 weeks ago WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. chatbot =<6.7.3