CVE-2025-60092 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. Affected products download-manager =<3.3.24 Matching in nixpkgs pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 0.2.1 nixpkgs-25.05-darwin 0.2.1 nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1
CVE-2025-60165 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7. Affected products frames =<1.5.7 Matching in nixpkgs pkgs.framesh Native web3 interface that lets you sign data, securely manage accounts and transparently interact with dapps via web3 protocols like Ethereum and IPFS nixos-25.05 0.6.11 nixpkgs-25.05-darwin 0.6.11 nixos-25.05-small 0.6.11 nixos-unstable 0.6.11 nixos-unstable-small 0.6.11 nixpkgs-unstable 0.6.11 pkgs.haskellPackages.javelin-frames Type-safe data frames based on higher-kinded types nixos-25.05 0.1.0.1 nixpkgs-25.05-darwin 0.1.0.1 nixos-25.05-small 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python312Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.python313Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 Package maintainers: 2 @0xnook Tom Nook <0xnook@protonmail.com> @philiptaron Philip Taron <philip.taron@gmail.com>
pkgs.framesh Native web3 interface that lets you sign data, securely manage accounts and transparently interact with dapps via web3 protocols like Ethereum and IPFS nixos-25.05 0.6.11 nixpkgs-25.05-darwin 0.6.11 nixos-25.05-small 0.6.11 nixos-unstable 0.6.11 nixos-unstable-small 0.6.11 nixpkgs-unstable 0.6.11
pkgs.haskellPackages.javelin-frames Type-safe data frames based on higher-kinded types nixos-25.05 0.1.0.1 nixpkgs-25.05-darwin 0.1.0.1 nixos-25.05-small 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1
pkgs.python312Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
pkgs.python313Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
CVE-2025-62952 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0. Affected products chatbot =<<= 7.3.0 Matching in nixpkgs pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22
CVE-2025-64228 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. Affected products affs =<<= 11.0.0 Matching in nixpkgs pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9 pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30 Package maintainers: 2 @stigtsp Stig Palmquist <stig@stig.io> @KSJ2000 KSJ2000 <katsho123@outlook.com>
pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9
pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30
CVE-2025-64354 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through <= 21.8.2. Affected products gutenberg =<<= 21.8.2 Matching in nixpkgs pkgs.nltk-data.gutenberg NLTK Data nixos-unstable 0-unstable-2024-07-29 nixos-unstable-small 0-unstable-2024-07-29 nixpkgs-unstable 0-unstable-2024-07-29 pkgs.wordpressPackages.plugins.gutenberg nixos-25.05 20.6.0 nixpkgs-25.05-darwin 20.6.0 nixos-25.05-small 20.6.0 nixos-unstable 20.6.0 nixos-unstable-small 20.6.0 nixpkgs-unstable 20.6.0 pkgs.haskellPackages.gutenberg-fibonaccis The first 1001 Fibonacci numbers, retrieved from the Gutenberg Project nixos-25.05 1.1.0 nixpkgs-25.05-darwin 1.1.0 nixos-25.05-small 1.1.0 nixos-unstable 1.1.0 nixos-unstable-small 1.1.0 nixpkgs-unstable 1.1.0 Package maintainers: 2 @bengsparks Ben Sparks <benjamin.sparks@protonmail.com> @happysalada Raphael Megzari <raphael@megzari.com>
pkgs.nltk-data.gutenberg NLTK Data nixos-unstable 0-unstable-2024-07-29 nixos-unstable-small 0-unstable-2024-07-29 nixpkgs-unstable 0-unstable-2024-07-29
pkgs.wordpressPackages.plugins.gutenberg nixos-25.05 20.6.0 nixpkgs-25.05-darwin 20.6.0 nixos-25.05-small 20.6.0 nixos-unstable 20.6.0 nixos-unstable-small 20.6.0 nixpkgs-unstable 20.6.0
pkgs.haskellPackages.gutenberg-fibonaccis The first 1001 Fibonacci numbers, retrieved from the Gutenberg Project nixos-25.05 1.1.0 nixpkgs-25.05-darwin 1.1.0 nixos-25.05-small 1.1.0 nixos-unstable 1.1.0 nixos-unstable-small 1.1.0 nixpkgs-unstable 1.1.0
CVE-2025-60202 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through <= 2.3.6. Affected products favorites =<<= 2.3.6 Matching in nixpkgs pkgs.gnomeExtensions.panel-favorites Add launchers for Favorites to the panel nixos-25.05 52 nixpkgs-25.05-darwin 52 nixos-25.05-small 52 nixos-unstable 52 nixos-unstable-small 52 nixpkgs-unstable 52 pkgs.gnomeExtensions.favorites-to-applications-grid Keep your favorite applications in your applications grid. nixos-25.05 1 nixpkgs-25.05-darwin 1 nixos-25.05-small 1 nixos-unstable 1 nixos-unstable-small 1 nixpkgs-unstable 1 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.panel-favorites Add launchers for Favorites to the panel nixos-25.05 52 nixpkgs-25.05-darwin 52 nixos-25.05-small 52 nixos-unstable 52 nixos-unstable-small 52 nixpkgs-unstable 52
pkgs.gnomeExtensions.favorites-to-applications-grid Keep your favorite applications in your applications grid. nixos-25.05 1 nixpkgs-25.05-darwin 1 nixos-25.05-small 1 nixos-unstable 1 nixos-unstable-small 1 nixpkgs-unstable 1
CVE-2025-62034 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. Affected products togo =<< 1.0.4 Matching in nixpkgs pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-58964 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Enzy theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through < 1.6.4. Affected products enzy =<< 1.6.4 Matching in nixpkgs pkgs.enzyme High-performance automatic differentiation of LLVM and MLIR nixos-25.05 0.0.176 nixpkgs-25.05-darwin 0.0.176 nixos-25.05-small 0.0.176 nixos-unstable 0.0.196 nixos-unstable-small 0.0.196 nixpkgs-unstable 0.0.196 pkgs.python312Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2 pkgs.python313Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2 Package maintainers: 1 @kiranshila Kiran Shila <me@kiranshila.com>
pkgs.enzyme High-performance automatic differentiation of LLVM and MLIR nixos-25.05 0.0.176 nixpkgs-25.05-darwin 0.0.176 nixos-25.05-small 0.0.176 nixos-unstable 0.0.196 nixos-unstable-small 0.0.196 nixpkgs-unstable 0.0.196
pkgs.python312Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2
pkgs.python313Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2
CVE-2025-62033 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. Affected products togo =<< 1.0.4 Matching in nixpkgs pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-62037 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE updated 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 3 weeks ago WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. Affected products togo =<< 1.0.4 Matching in nixpkgs pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3