Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-58209 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 5 packages haskellPackages.amazonka-elastictranscoder python312Packages.mypy-boto3-elastictranscoder python313Packages.mypy-boto3-elastictranscoder python312Packages.types-aiobotocore-elastictranscoder python313Packages.types-aiobotocore-elastictranscoder 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0. transcoder =<1.4.0 Package maintainers: 2 @mbalatsko Maksym Balatsko <mbalatsko@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> CVE-2025-54724 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 2 packages ligolo-ng xfce.gigolo 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. golo =<1.7.1 Package maintainers: 3 @romildo José Romildo Malaquias <malaquias@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @muscaln Mustafa Çalışkan <muscaln@protonmail.com> CVE-2025-54725 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 2 packages xfce.gigolo ligolo-ng 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0. golo =<1.7.0 Package maintainers: 3 @romildo José Romildo Malaquias <malaquias@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @muscaln Mustafa Çalışkan <muscaln@protonmail.com> CVE-2024-3508 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 9 packages bzip2 lbzip2 pbzip2 bzip2_1_1 indexed-bzip2 haskellPackages.bzip2-clib python312Packages.indexed-bzip2 python313Packages.indexed-bzip2 tests.pkg-config.defaultPkgConfigPackages.bzip2 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago Bzip2: compressed content bomb leads to denial of service of bombastic api A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. bzip2 ==faa7a496c5d98e0f0859dd2c623eddf82289eaa8 SBOM-Management-(Bombastic) Package maintainers: 2 @Mic92 Jörg Thalheim <joerg@thalheim.io> @mxmlnkn Maximilian Knespel CVE-2025-58806 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 6 packages haskellPackages.bugsnag python312Packages.bugsnag python313Packages.bugsnag haskellPackages.bugsnag-hs haskellPackages.bugsnag-wai haskellPackages.bugsnag-yesod 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. bugsnag =<1.6.3 CVE-2025-58801 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package responder 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8. responder =<4.3.8 Package maintainers: 1 @fabaff Fabian Affolter <mail@fabian-affolter.ch> CVE-2025-58820 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package haskellPackages.data-carousel 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8 CVE-2025-58822 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package wordpressPackages.plugins.wp-mail-smtp 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3. wp-mail =<1.3 CVE-2025-54709 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. sala =<1.1.6 Package maintainers: 2 @veprbl Dmitry Kalinkin <veprbl@gmail.com> @gador Florian Brandes <florian.brandes@posteo.de> CVE-2025-58997 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 8 packages libmowgli python312Packages.aioautomower python313Packages.aioautomower python312Packages.automower-ble python313Packages.automower-ble home-assistant-component-tests.lawn_mower home-assistant-component-tests.husqvarna_automower home-assistant-component-tests.husqvarna_automower_ble 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. mow =<4.10 Package maintainers: 3 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @dotlambda Robert Schütz <rschuetz17@gmail.com>
CVE-2025-58209 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 5 packages haskellPackages.amazonka-elastictranscoder python312Packages.mypy-boto3-elastictranscoder python313Packages.mypy-boto3-elastictranscoder python312Packages.types-aiobotocore-elastictranscoder python313Packages.types-aiobotocore-elastictranscoder 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0. transcoder =<1.4.0 Package maintainers: 2 @mbalatsko Maksym Balatsko <mbalatsko@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch>
CVE-2025-54724 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 2 packages ligolo-ng xfce.gigolo 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. golo =<1.7.1 Package maintainers: 3 @romildo José Romildo Malaquias <malaquias@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @muscaln Mustafa Çalışkan <muscaln@protonmail.com>
CVE-2025-54725 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 2 packages xfce.gigolo ligolo-ng 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0. golo =<1.7.0 Package maintainers: 3 @romildo José Romildo Malaquias <malaquias@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @muscaln Mustafa Çalışkan <muscaln@protonmail.com>
CVE-2024-3508 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 9 packages bzip2 lbzip2 pbzip2 bzip2_1_1 indexed-bzip2 haskellPackages.bzip2-clib python312Packages.indexed-bzip2 python313Packages.indexed-bzip2 tests.pkg-config.defaultPkgConfigPackages.bzip2 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago Bzip2: compressed content bomb leads to denial of service of bombastic api A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. bzip2 ==faa7a496c5d98e0f0859dd2c623eddf82289eaa8 SBOM-Management-(Bombastic) Package maintainers: 2 @Mic92 Jörg Thalheim <joerg@thalheim.io> @mxmlnkn Maximilian Knespel
CVE-2025-58806 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 6 packages haskellPackages.bugsnag python312Packages.bugsnag python313Packages.bugsnag haskellPackages.bugsnag-hs haskellPackages.bugsnag-wai haskellPackages.bugsnag-yesod 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. bugsnag =<1.6.3
CVE-2025-58801 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package responder 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8. responder =<4.3.8 Package maintainers: 1 @fabaff Fabian Affolter <mail@fabian-affolter.ch>
CVE-2025-58820 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package haskellPackages.data-carousel 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8
CVE-2025-58822 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed package wordpressPackages.plugins.wp-mail-smtp 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3. wp-mail =<1.3
CVE-2025-54709 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. sala =<1.1.6 Package maintainers: 2 @veprbl Dmitry Kalinkin <veprbl@gmail.com> @gador Florian Brandes <florian.brandes@posteo.de>
CVE-2025-58997 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 5 days ago by @LeSuisse Activity log Created automatic suggestion 2 months ago @LeSuisse removed 8 packages libmowgli python312Packages.aioautomower python313Packages.aioautomower python312Packages.automower-ble python313Packages.automower-ble home-assistant-component-tests.lawn_mower home-assistant-component-tests.husqvarna_automower home-assistant-component-tests.husqvarna_automower_ble 2 weeks, 5 days ago @LeSuisse dismissed 2 weeks, 5 days ago WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. mow =<4.10 Package maintainers: 3 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @dotlambda Robert Schütz <rschuetz17@gmail.com>