Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-23987 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0. designer =<1.6.0 pkgs.libsForQt5.kdesignerplugin nixos-24.05 5.116.0 nixpkgs-24.05-darwin 5.116.0 nixos-24.05-small 5.116.0 nixos-24.11 5.116.0 nixpkgs-24.11-darwin 5.116.0 nixos-24.11-small 5.116.0 nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin nixos-24.05 5.116.0 nixpkgs-24.05-darwin 5.116.0 nixos-24.05-small 5.116.0 nixos-24.11 5.116.0 nixpkgs-24.11-darwin 5.116.0 nixos-24.11-small 5.116.0 nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 CVE-2023-1786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago sensitive data exposure in cloud-init logs Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. cloud-init <23.1.2 pkgs.cloud-init Provides configuration and customization of cloud instance nixos-24.05 24.1 nixpkgs-24.05-darwin 24.1 nixos-24.05-small 24.1 nixos-24.11 24.2 nixpkgs-24.11-darwin 24.2 nixos-24.11-small 24.2 nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2 CVE-2020-11936 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago gdbus setgid privilege escalation gdbus setgid privilege escalation apport <2.20.11-0ubuntu27.6 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 CVE-2023-0092 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk removed 4 packages pkgs.jujutsu 0.17.1 pkgs.jujutsu 0.23.0 pkgs.jujutsu 0.24.0 pkgs.jujuutils 0.2 3 months, 2 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago An authenticated user who has read access to the juju … An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. juju <2.9.38 <3.0.3 pkgs.juju Open source modelling tool for operating software in the cloud nixos-24.05 3.3.0 nixpkgs-24.05-darwin 3.3.0 nixos-24.05-small 3.3.0 nixos-24.11 3.5.4 nixpkgs-24.11-darwin 3.5.4 nixos-24.11-small 3.5.4 nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4 CVE-2022-28653 updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash apport <2.21.0 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 CVE-2025-23684 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 4 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 4 weeks ago @fricklerhandwerk dismissed 3 months, 4 weeks ago WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. debug-tool =<2.2 pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.05 0.2.0 nixpkgs-24.05-darwin 0.2.0 nixos-24.05-small 0.2.0 nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 CVE-2025-23886 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 4 months ago by @Erethon Activity log Created automatic suggestion 4 months ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. annie =<2.1.1 pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-24.05 3.1.0 nixpkgs-24.05-darwin 3.1.0 nixos-24.05-small 3.1.0 nixos-24.11 3.1.0 nixpkgs-24.11-darwin 3.1.0 nixos-24.11-small 3.1.0 nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0 CVE-2025-23892 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 4 months ago by @Erethon Activity log Created automatic suggestion 4 months ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. progress-tracker =<0.9.3 pkgs.progress-tracker Simple kanban-style task organiser nixos-24.11 1.6 nixpkgs-24.11-darwin 1.6 nixos-24.11-small 1.6 nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6 CVE-2022-45836 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 4 months ago by @Erethon Activity log Created automatic suggestion 4 months, 1 week ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. download-manager =<3.2.59 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-24.05 0.1.3 nixpkgs-24.05-darwin 0.1.3 nixos-24.05-small 0.1.3 nixos-24.11 0.1.3 nixpkgs-24.11-darwin 0.1.3 nixos-24.11-small 0.1.3 nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3 CVE-2014-125026 updated 4 months, 3 weeks ago by @arianvp Activity log Created automatic suggestion 5 months, 1 week ago @LeSuisse dismissed 5 months, 1 week ago @arianvp accepted as draft 4 months, 3 weeks ago @arianvp dismissed 4 months, 3 weeks ago Out-of-bounds write in github.com/cloudflare/golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. github.com/cloudflare/golz4 <0.0.0-20140711154735-199f5f787806
CVE-2025-23987 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0. designer =<1.6.0 pkgs.libsForQt5.kdesignerplugin nixos-24.05 5.116.0 nixpkgs-24.05-darwin 5.116.0 nixos-24.05-small 5.116.0 nixos-24.11 5.116.0 nixpkgs-24.11-darwin 5.116.0 nixos-24.11-small 5.116.0 nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin nixos-24.05 5.116.0 nixpkgs-24.05-darwin 5.116.0 nixos-24.05-small 5.116.0 nixos-24.11 5.116.0 nixpkgs-24.11-darwin 5.116.0 nixos-24.11-small 5.116.0 nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0
pkgs.libsForQt5.kdesignerplugin nixos-24.05 5.116.0 nixpkgs-24.05-darwin 5.116.0 nixos-24.05-small 5.116.0 nixos-24.11 5.116.0 nixpkgs-24.11-darwin 5.116.0 nixos-24.11-small 5.116.0 nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0
pkgs.plasma5Packages.kdesignerplugin nixos-24.05 5.116.0 nixpkgs-24.05-darwin 5.116.0 nixos-24.05-small 5.116.0 nixos-24.11 5.116.0 nixpkgs-24.11-darwin 5.116.0 nixos-24.11-small 5.116.0 nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0
CVE-2023-1786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago sensitive data exposure in cloud-init logs Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. cloud-init <23.1.2 pkgs.cloud-init Provides configuration and customization of cloud instance nixos-24.05 24.1 nixpkgs-24.05-darwin 24.1 nixos-24.05-small 24.1 nixos-24.11 24.2 nixpkgs-24.11-darwin 24.2 nixos-24.11-small 24.2 nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2
pkgs.cloud-init Provides configuration and customization of cloud instance nixos-24.05 24.1 nixpkgs-24.05-darwin 24.1 nixos-24.05-small 24.1 nixos-24.11 24.2 nixpkgs-24.11-darwin 24.2 nixos-24.11-small 24.2 nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2
CVE-2020-11936 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago gdbus setgid privilege escalation gdbus setgid privilege escalation apport <2.20.11-0ubuntu27.6 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2023-0092 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk removed 4 packages pkgs.jujutsu 0.17.1 pkgs.jujutsu 0.23.0 pkgs.jujutsu 0.24.0 pkgs.jujuutils 0.2 3 months, 2 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago An authenticated user who has read access to the juju … An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. juju <2.9.38 <3.0.3 pkgs.juju Open source modelling tool for operating software in the cloud nixos-24.05 3.3.0 nixpkgs-24.05-darwin 3.3.0 nixos-24.05-small 3.3.0 nixos-24.11 3.5.4 nixpkgs-24.11-darwin 3.5.4 nixos-24.11-small 3.5.4 nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4
pkgs.juju Open source modelling tool for operating software in the cloud nixos-24.05 3.3.0 nixpkgs-24.05-darwin 3.3.0 nixos-24.05-small 3.3.0 nixos-24.11 3.5.4 nixpkgs-24.11-darwin 3.5.4 nixos-24.11-small 3.5.4 nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4
CVE-2022-28653 updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 3 weeks ago @fricklerhandwerk dismissed 3 months, 2 weeks ago Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash apport <2.21.0 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2025-23684 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 months, 4 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months, 4 weeks ago @fricklerhandwerk dismissed 3 months, 4 weeks ago WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. debug-tool =<2.2 pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.05 0.2.0 nixpkgs-24.05-darwin 0.2.0 nixos-24.05-small 0.2.0 nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.05 0.2.0 nixpkgs-24.05-darwin 0.2.0 nixos-24.05-small 0.2.0 nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
CVE-2025-23886 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 4 months ago by @Erethon Activity log Created automatic suggestion 4 months ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. annie =<2.1.1 pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-24.05 3.1.0 nixpkgs-24.05-darwin 3.1.0 nixos-24.05-small 3.1.0 nixos-24.11 3.1.0 nixpkgs-24.11-darwin 3.1.0 nixos-24.11-small 3.1.0 nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0
pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-24.05 3.1.0 nixpkgs-24.05-darwin 3.1.0 nixos-24.05-small 3.1.0 nixos-24.11 3.1.0 nixpkgs-24.11-darwin 3.1.0 nixos-24.11-small 3.1.0 nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0
CVE-2025-23892 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 4 months ago by @Erethon Activity log Created automatic suggestion 4 months ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. progress-tracker =<0.9.3 pkgs.progress-tracker Simple kanban-style task organiser nixos-24.11 1.6 nixpkgs-24.11-darwin 1.6 nixos-24.11-small 1.6 nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6
pkgs.progress-tracker Simple kanban-style task organiser nixos-24.11 1.6 nixpkgs-24.11-darwin 1.6 nixos-24.11-small 1.6 nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6
CVE-2022-45836 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 4 months ago by @Erethon Activity log Created automatic suggestion 4 months, 1 week ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago @Erethon accepted as draft 4 months ago @Erethon dismissed 4 months ago WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. download-manager =<3.2.59 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-24.05 0.1.3 nixpkgs-24.05-darwin 0.1.3 nixos-24.05-small 0.1.3 nixos-24.11 0.1.3 nixpkgs-24.11-darwin 0.1.3 nixos-24.11-small 0.1.3 nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-24.05 0.1.3 nixpkgs-24.05-darwin 0.1.3 nixos-24.05-small 0.1.3 nixos-24.11 0.1.3 nixpkgs-24.11-darwin 0.1.3 nixos-24.11-small 0.1.3 nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3
CVE-2014-125026 updated 4 months, 3 weeks ago by @arianvp Activity log Created automatic suggestion 5 months, 1 week ago @LeSuisse dismissed 5 months, 1 week ago @arianvp accepted as draft 4 months, 3 weeks ago @arianvp dismissed 4 months, 3 weeks ago Out-of-bounds write in github.com/cloudflare/golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. github.com/cloudflare/golz4 <0.0.0-20140711154735-199f5f787806