⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

Restore to select a suggestion for a revision.

CVE-2025-23987
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk dismissed
WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0.

designer
=<1.6.0
CVE-2023-1786
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk dismissed
sensitive data exposure in cloud-init logs

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

cloud-init
<23.1.2

pkgs.cloud-init

Provides configuration and customization of cloud instance
CVE-2020-11936
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk dismissed
gdbus setgid privilege escalation

gdbus setgid privilege escalation

apport
<2.20.11-0ubuntu27.6

pkgs.texlivePackages.skrapport

'Simple' class for reports, etc.
CVE-2023-0092
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk removed
    4 packages
    • pkgs.jujutsu 0.17.1
    • pkgs.jujutsu 0.23.0
    • pkgs.jujutsu 0.24.0
    • pkgs.jujuutils 0.2
  • @fricklerhandwerk dismissed
An authenticated user who has read access to the juju …

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

juju
<2.9.38
<3.0.3
CVE-2022-28653
updated 3 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk dismissed
Users can consume unlimited disk space in /var/crash

Users can consume unlimited disk space in /var/crash

apport
<2.21.0

pkgs.texlivePackages.skrapport

'Simple' class for reports, etc.
CVE-2025-23684
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 months, 4 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk dismissed
WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2.

debug-tool
=<2.2

pkgs.python311Packages.django-debug-toolbar

Configurable set of panels that display debug information about the current request/response

pkgs.python312Packages.django-debug-toolbar

Configurable set of panels that display debug information about the current request/response

pkgs.python312Packages.django-graphiql-debug-toolbar

Django Debug Toolbar for GraphiQL IDE
CVE-2025-23886
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 4 months ago by @Erethon Activity log
  • Created automatic suggestion
  • @Erethon accepted as draft
  • @Erethon dismissed
WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1.

annie
=<2.1.1
CVE-2025-23892
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 4 months ago by @Erethon Activity log
  • Created automatic suggestion
  • @Erethon accepted as draft
  • @Erethon dismissed
WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3.

progress-tracker
=<0.9.3

pkgs.progress-tracker

Simple kanban-style task organiser
CVE-2022-45836
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 4 months ago by @Erethon Activity log
  • Created automatic suggestion
  • @Erethon accepted as draft
  • @Erethon dismissed
  • @Erethon accepted as draft
  • @Erethon dismissed
WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.

download-manager
=<3.2.59
CVE-2014-125026
updated 4 months, 3 weeks ago by @arianvp Activity log
  • Created automatic suggestion
  • @LeSuisse dismissed
  • @arianvp accepted as draft
  • @arianvp dismissed
Out-of-bounds write in github.com/cloudflare/golz4

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

github.com/cloudflare/golz4
<0.0.0-20140711154735-199f5f787806