Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-58993 7.6 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW updated 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 month, 2 weeks ago @LeSuisse removed 6 packages haskellPackages.timeless-tutorials typstPackages.tutor_0_8_0 typstPackages.tutor_0_7_0 typstPackages.tutor_0_6_1 typstPackages.tutor_0_4_0 typstPackages.tutor_0_3_0 4 days ago @LeSuisse dismissed 4 days ago WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. tutor =<3.7.4 Package maintainers: 1 @cherrypiejam Gongqi Huang CVE-2025-57924 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package darwin.developer_cmds 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. developer =<1.2.6 Package maintainers: 3 @toonn Toon Nolten <nixpkgs@toonn.io> @reckenrode Randy Eckenrode <randy@largeandhighquality.com> @emilazy Emily <nixpkgs@emily.moe> CVE-2025-58199 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed 3 packages fastly prometheus-fastly-exporter terraform-providers.fastly 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. fastly =<1.2.28 Package maintainers: 3 @ereslibre Rafael Fernández López <ereslibre@ereslibre.es> @invokes-su Souvik Sen <nixpkgs-commits@deshaw.com> @de11n Elliot Cameron <nixpkgs-commits@deshaw.com> CVE-2025-57996 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed 3 packages buckets python312Packages.bucketstore python313Packages.bucketstore 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9. buckets =<0.3.9 Package maintainers: 2 @kmogged Kevin @jpetrucciani Jacobi Petrucciani <j@cobi.dev> CVE-2025-58245 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed 2 packages traderepublic-portfolio-downloader portfolio-filemanager 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. portfolio =<2.58 Package maintainers: 3 @dotlambda Robert Schütz <rschuetz17@gmail.com> @chuangzhu Chuang Zhu <nixos@chuang.cz> @SeineEloquenz Alexander Linder CVE-2025-58244 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 5 days, 23 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package akkuPackages.cyclone-iset-constructors 5 days, 23 hours ago @mweinelt dismissed 5 days, 23 hours ago WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. constructo =<4.3.9 CVE-2025-58020 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 23 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package haskellPackages.theatre-dev 5 days, 23 hours ago @mweinelt dismissed 5 days, 23 hours ago WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. theatre =<0.18.8 CVE-2025-58652 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 23 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package haskellPackages.data-carousel 5 days, 23 hours ago @mweinelt dismissed 5 days, 23 hours ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8
CVE-2025-58993 7.6 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW updated 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 month, 2 weeks ago @LeSuisse removed 6 packages haskellPackages.timeless-tutorials typstPackages.tutor_0_8_0 typstPackages.tutor_0_7_0 typstPackages.tutor_0_6_1 typstPackages.tutor_0_4_0 typstPackages.tutor_0_3_0 4 days ago @LeSuisse dismissed 4 days ago WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. tutor =<3.7.4 Package maintainers: 1 @cherrypiejam Gongqi Huang
CVE-2025-57924 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package darwin.developer_cmds 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. developer =<1.2.6 Package maintainers: 3 @toonn Toon Nolten <nixpkgs@toonn.io> @reckenrode Randy Eckenrode <randy@largeandhighquality.com> @emilazy Emily <nixpkgs@emily.moe>
CVE-2025-58199 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed 3 packages fastly prometheus-fastly-exporter terraform-providers.fastly 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. fastly =<1.2.28 Package maintainers: 3 @ereslibre Rafael Fernández López <ereslibre@ereslibre.es> @invokes-su Souvik Sen <nixpkgs-commits@deshaw.com> @de11n Elliot Cameron <nixpkgs-commits@deshaw.com>
CVE-2025-57996 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed 3 packages buckets python312Packages.bucketstore python313Packages.bucketstore 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9. buckets =<0.3.9 Package maintainers: 2 @kmogged Kevin @jpetrucciani Jacobi Petrucciani <j@cobi.dev>
CVE-2025-58245 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 22 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed 2 packages traderepublic-portfolio-downloader portfolio-filemanager 5 days, 22 hours ago @mweinelt dismissed 5 days, 22 hours ago WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. portfolio =<2.58 Package maintainers: 3 @dotlambda Robert Schütz <rschuetz17@gmail.com> @chuangzhu Chuang Zhu <nixos@chuang.cz> @SeineEloquenz Alexander Linder
CVE-2025-58244 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 5 days, 23 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package akkuPackages.cyclone-iset-constructors 5 days, 23 hours ago @mweinelt dismissed 5 days, 23 hours ago WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. constructo =<4.3.9
CVE-2025-58020 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 23 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package haskellPackages.theatre-dev 5 days, 23 hours ago @mweinelt dismissed 5 days, 23 hours ago WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. theatre =<0.18.8
CVE-2025-58652 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days, 23 hours ago by @mweinelt Activity log Created automatic suggestion 1 month, 1 week ago @mweinelt removed package haskellPackages.data-carousel 5 days, 23 hours ago @mweinelt dismissed 5 days, 23 hours ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8