Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2023-1786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago sensitive data exposure in cloud-init logs Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. cloud-init <23.1.2 pkgs.cloud-init Provides configuration and customization of cloud instance nixos-24.05 24.1 nixpkgs-24.05-darwin 24.1 nixos-24.05-small 24.1 nixos-24.11 24.2 nixpkgs-24.11-darwin 24.2 nixos-24.11-small 24.2 nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2 Notify package maintainers: 2 @jfroche Jean-François Roche <jfroche@pyxel.be> @illustris Harikrishnan R <me@illustris.tech> CVE-2020-11936 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago gdbus setgid privilege escalation gdbus setgid privilege escalation apport <2.20.11-0ubuntu27.6 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Notify package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2023-0092 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk removed 4 packages pkgs.jujutsu 0.17.1 pkgs.jujutsu 0.23.0 pkgs.jujutsu 0.24.0 pkgs.jujuutils 0.2 2 months, 3 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago An authenticated user who has read access to the juju … An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. juju <2.9.38 <3.0.3 pkgs.juju Open source modelling tool for operating software in the cloud nixos-24.05 3.3.0 nixpkgs-24.05-darwin 3.3.0 nixos-24.05-small 3.3.0 nixos-24.11 3.5.4 nixpkgs-24.11-darwin 3.5.4 nixos-24.11-small 3.5.4 nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4 Notify package maintainers: 1 @VertexA115 Alex Zero <alex@arctarus.co.uk> CVE-2022-28653 updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash apport <2.21.0 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Notify package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2025-23684 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 months ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months ago @fricklerhandwerk dismissed 3 months ago WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. debug-tool =<2.2 pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.05 0.2.0 nixpkgs-24.05-darwin 0.2.0 nixos-24.05-small 0.2.0 nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 Notify package maintainers: 2 @yuuyins Yuu Yin <yuunix@grrlz.net> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> CVE-2025-23886 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 1 week ago by @Erethon Activity log Created automatic suggestion 3 months, 1 week ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. annie =<2.1.1 pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-24.05 3.1.0 nixpkgs-24.05-darwin 3.1.0 nixos-24.05-small 3.1.0 nixos-24.11 3.1.0 nixpkgs-24.11-darwin 3.1.0 nixos-24.11-small 3.1.0 nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0 Notify package maintainers: 1 @sheepforce Phillip Seeber <phillip.seeber@googlemail.com> CVE-2025-23892 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 1 week ago by @Erethon Activity log Created automatic suggestion 3 months, 1 week ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. progress-tracker =<0.9.3 pkgs.progress-tracker Simple kanban-style task organiser nixos-24.11 1.6 nixpkgs-24.11-darwin 1.6 nixos-24.11-small 1.6 nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6 Notify package maintainers: 1 @Guanran928 Guanran928 <guanran928@outlook.com> CVE-2022-45836 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 1 week ago by @Erethon Activity log Created automatic suggestion 3 months, 2 weeks ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. download-manager =<3.2.59 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-24.05 0.1.3 nixpkgs-24.05-darwin 0.1.3 nixos-24.05-small 0.1.3 nixos-24.11 0.1.3 nixpkgs-24.11-darwin 0.1.3 nixos-24.11-small 0.1.3 nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3 Notify package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com> CVE-2014-125026 updated 3 months, 4 weeks ago by @arianvp Activity log Created automatic suggestion 4 months, 2 weeks ago @LeSuisse dismissed 4 months, 2 weeks ago @arianvp accepted as draft 3 months, 4 weeks ago @arianvp dismissed 3 months, 4 weeks ago Out-of-bounds write in github.com/cloudflare/golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. github.com/cloudflare/golz4 <0.0.0-20140711154735-199f5f787806 CVE-2013-10005 updated 4 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months, 2 weeks ago @LeSuisse dismissed 4 months, 2 weeks ago Infinite loop in github.com/btcsuite/go-socks The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. github.com/btcsuite/go-socks <0.0.0-20130808000456-233bccbb1abe github.com/btcsuitereleases/go-socks <0.0.0-20130808000456-233bccbb1abe
CVE-2023-1786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago sensitive data exposure in cloud-init logs Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. cloud-init <23.1.2 pkgs.cloud-init Provides configuration and customization of cloud instance nixos-24.05 24.1 nixpkgs-24.05-darwin 24.1 nixos-24.05-small 24.1 nixos-24.11 24.2 nixpkgs-24.11-darwin 24.2 nixos-24.11-small 24.2 nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2 Notify package maintainers: 2 @jfroche Jean-François Roche <jfroche@pyxel.be> @illustris Harikrishnan R <me@illustris.tech>
pkgs.cloud-init Provides configuration and customization of cloud instance nixos-24.05 24.1 nixpkgs-24.05-darwin 24.1 nixos-24.05-small 24.1 nixos-24.11 24.2 nixpkgs-24.11-darwin 24.2 nixos-24.11-small 24.2 nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2
CVE-2020-11936 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago gdbus setgid privilege escalation gdbus setgid privilege escalation apport <2.20.11-0ubuntu27.6 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Notify package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2023-0092 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk removed 4 packages pkgs.jujutsu 0.17.1 pkgs.jujutsu 0.23.0 pkgs.jujutsu 0.24.0 pkgs.jujuutils 0.2 2 months, 3 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago An authenticated user who has read access to the juju … An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. juju <2.9.38 <3.0.3 pkgs.juju Open source modelling tool for operating software in the cloud nixos-24.05 3.3.0 nixpkgs-24.05-darwin 3.3.0 nixos-24.05-small 3.3.0 nixos-24.11 3.5.4 nixpkgs-24.11-darwin 3.5.4 nixos-24.11-small 3.5.4 nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4 Notify package maintainers: 1 @VertexA115 Alex Zero <alex@arctarus.co.uk>
pkgs.juju Open source modelling tool for operating software in the cloud nixos-24.05 3.3.0 nixpkgs-24.05-darwin 3.3.0 nixos-24.05-small 3.3.0 nixos-24.11 3.5.4 nixpkgs-24.11-darwin 3.5.4 nixos-24.11-small 3.5.4 nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4
CVE-2022-28653 updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 2 months, 4 weeks ago @fricklerhandwerk dismissed 2 months, 3 weeks ago Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash apport <2.21.0 pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Notify package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.texlivePackages.skrapport 'Simple' class for reports, etc. nixos-24.05 0.12k nixpkgs-24.05-darwin 0.12k nixos-24.05-small 0.12k
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-24.05 0.0.0.4 nixpkgs-24.05-darwin 0.0.0.4 nixos-24.05-small 0.0.0.4 nixos-24.11 0.0.0.4 nixpkgs-24.11-darwin 0.0.0.4 nixos-24.11-small 0.0.0.4 nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2025-23684 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 3 months ago by @fricklerhandwerk Activity log Created automatic suggestion 3 months ago @fricklerhandwerk dismissed 3 months ago WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. debug-tool =<2.2 pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.05 0.2.0 nixpkgs-24.05-darwin 0.2.0 nixos-24.05-small 0.2.0 nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 Notify package maintainers: 2 @yuuyins Yuu Yin <yuunix@grrlz.net> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-24.05 4.3 nixpkgs-24.05-darwin 4.3 nixos-24.05-small 4.3 nixos-24.11 4.4.6 nixpkgs-24.11-darwin 4.4.6 nixos-24.11-small 4.4.6 nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.05 0.2.0 nixpkgs-24.05-darwin 0.2.0 nixos-24.05-small 0.2.0 nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-24.11 0.2.0 nixpkgs-24.11-darwin 0.2.0 nixos-24.11-small 0.2.0 nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
CVE-2025-23886 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 1 week ago by @Erethon Activity log Created automatic suggestion 3 months, 1 week ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. annie =<2.1.1 pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-24.05 3.1.0 nixpkgs-24.05-darwin 3.1.0 nixos-24.05-small 3.1.0 nixos-24.11 3.1.0 nixpkgs-24.11-darwin 3.1.0 nixos-24.11-small 3.1.0 nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0 Notify package maintainers: 1 @sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-24.05 3.1.0 nixpkgs-24.05-darwin 3.1.0 nixos-24.05-small 3.1.0 nixos-24.11 3.1.0 nixpkgs-24.11-darwin 3.1.0 nixos-24.11-small 3.1.0 nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0
CVE-2025-23892 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 1 week ago by @Erethon Activity log Created automatic suggestion 3 months, 1 week ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. progress-tracker =<0.9.3 pkgs.progress-tracker Simple kanban-style task organiser nixos-24.11 1.6 nixpkgs-24.11-darwin 1.6 nixos-24.11-small 1.6 nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6 Notify package maintainers: 1 @Guanran928 Guanran928 <guanran928@outlook.com>
pkgs.progress-tracker Simple kanban-style task organiser nixos-24.11 1.6 nixpkgs-24.11-darwin 1.6 nixos-24.11-small 1.6 nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6
CVE-2022-45836 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 months, 1 week ago by @Erethon Activity log Created automatic suggestion 3 months, 2 weeks ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago @Erethon accepted as draft 3 months, 1 week ago @Erethon dismissed 3 months, 1 week ago WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. download-manager =<3.2.59 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-24.05 0.1.3 nixpkgs-24.05-darwin 0.1.3 nixos-24.05-small 0.1.3 nixos-24.11 0.1.3 nixpkgs-24.11-darwin 0.1.3 nixos-24.11-small 0.1.3 nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3 Notify package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-24.05 0.1.3 nixpkgs-24.05-darwin 0.1.3 nixos-24.05-small 0.1.3 nixos-24.11 0.1.3 nixpkgs-24.11-darwin 0.1.3 nixos-24.11-small 0.1.3 nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3
CVE-2014-125026 updated 3 months, 4 weeks ago by @arianvp Activity log Created automatic suggestion 4 months, 2 weeks ago @LeSuisse dismissed 4 months, 2 weeks ago @arianvp accepted as draft 3 months, 4 weeks ago @arianvp dismissed 3 months, 4 weeks ago Out-of-bounds write in github.com/cloudflare/golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. github.com/cloudflare/golz4 <0.0.0-20140711154735-199f5f787806
CVE-2013-10005 updated 4 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months, 2 weeks ago @LeSuisse dismissed 4 months, 2 weeks ago Infinite loop in github.com/btcsuite/go-socks The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. github.com/btcsuite/go-socks <0.0.0-20130808000456-233bccbb1abe github.com/btcsuitereleases/go-socks <0.0.0-20130808000456-233bccbb1abe