Published issues
Permalink
CVE-2026-35601
4.1 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): Required (R)
-
Scope (S): Changed (C)
-
Confidentiality (C): None (N)
-
Integrity (I): Low (L)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): Required (R)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Changed (C)
-
Modified Integrity (MI): Low (L)
-
Modified Availability (MA): None (N)
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 2 weeks ago
-
@LeSuisse
ignored
package vikunja-desktop
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
Vikunja has an iCalendar Property Injection via CRLF in CalDAV Task Output
Permalink
CVE-2026-35599
6.5 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 2 weeks ago
-
@LeSuisse
ignored
package vikunja-desktop
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
Vikunja has an Algorithmic Complexity DoS in Repeating Task Handler
Permalink
CVE-2026-40071
5.4 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): Low (L)
-
Availability (A): Low (L)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): Low (L)
-
Modified Availability (MA): Low (L)
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 2 weeks ago
-
@LeSuisse
ignored
5 packages
- tests.home-assistant-component-tests.pyload
- home-assistant-component-tests.pyload
- python314Packages.pyloadapi
- python313Packages.pyloadapi
- python312Packages.pyloadapi
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 2 weeks ago
-
@LeSuisse
ignored
3 packages
- tests.testers.lycheeLinkCheck.ok
- tests.testers.lycheeLinkCheck.network
- lychee
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
Lychee has Broken Access Control in SharingController::listAll() leaks private album sharing metadata to unauthorized users
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
PKCS7 CBC Padding Oracle — Plaintext Recovery
Permalink
CVE-2026-40225
6.4 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Physical (P)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): High (H)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Physical (P)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): High (H)
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 2 weeks ago
-
@LeSuisse
ignored
2 packages
2 months, 2 weeks ago
-
@LeSuisse
restored
package udev
2 months, 2 weeks ago
-
@LeSuisse
ignored
43 packages
- tests.pkg-config.defaultPkgConfigPackages.libsystemd
- tests.pkg-config.defaultPkgConfigPackages.libudev
- vscode-extensions.coolbear.systemd-unit-file
- gnomeExtensions.systemd-offline-update-indicator
- python313Packages.jupyterhub-systemdspawner
- python313Packages.systemdunitparser
- systemd-lsp
- haskellPackages.libsystemd-journal
- python312Packages.systemdunitparser
- python313Packages.systemd-python
- python314Packages.jupyterhub-systemdspawner
- ocamlPackages_latest.systemd
- update-systemd-resolved
- python312Packages.jupyterhub-systemdspawner
- gnomeExtensions.systemd-status
- python314Packages.systemdunitparser
- python314Packages.systemd-python
- python312Packages.systemd-python
- ocamlPackages.systemd
- php84Extensions.systemd
- php85Extensions.systemd
- php82Extensions.systemd
- gnomeExtensions.systemd-manager
- prometheus-systemd-exporter
- systemd
- systemdgenie
- systemdLibs
- haskellPackages.warp-systemd
- systemd-credsubst
- systemd-journal2gelf
- systemd-lock-handler
- phpExtensions.systemd
- haskellPackages.systemd
- systemd-manager-tui
- php83Extensions.systemd
- systemd-bootchart
- systemdMinimal
- systemd-netlogd
- systemd-wait
- systemd-language-server
- haskellPackages.systemd-api
- nagiosPlugins.check_systemd
- systemdUkify
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
In udev in systemd before 260, local root execution can …
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
3 months, 1 week ago
-
@LeSuisse
ignored
5 packages
- python312Packages.glances-api
- python313Packages.glances-api
- python314Packages.glances-api
- home-assistant-component-tests.glances
- tests.home-assistant-component-tests.glances
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
added
maintainer @MiniHarinn
2 months, 2 weeks ago
maintainer.add
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
Glances exposes the REST API without authentication
Permalink
CVE-2026-28500
8.6 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Changed (C)
-
Confidentiality (C): High (H)
-
Integrity (I): None (N)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Changed (C)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): None (N)
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
3 months, 1 week ago
-
@LeSuisse
ignored
47 packages
- onnxruntime
- sherpa-onnx
- pkgsRocm.onnxruntime
- pkgsRocm.sherpa-onnx
- python312Packages.onnx
- python312Packages.tf2onnx
- python313Packages.onnx-ir
- python313Packages.tf2onnx
- python314Packages.onnx-ir
- python312Packages.onnxslim
- python312Packages.skl2onnx
- python313Packages.onnx-asr
- python313Packages.onnxslim
- python313Packages.skl2onnx
- python314Packages.onnx-asr
- python314Packages.onnxslim
- python314Packages.skl2onnx
- python313Packages.onnxscript
- python314Packages.onnxscript
- python312Packages.onnxmltools
- python312Packages.onnxruntime
- python312Packages.paddle2onnx
- python313Packages.onnxmltools
- python313Packages.onnxruntime
- python313Packages.sherpa-onnx
- python314Packages.onnxmltools
- python314Packages.onnxruntime
- python314Packages.sherpa-onnx
- python313Packages.optimum-onnx
- python314Packages.optimum-onnx
- pkgsRocm.python3Packages.onnx-ir
- pkgsRocm.python3Packages.tf2onnx
- pkgsRocm.python3Packages.onnx-asr
- pkgsRocm.python3Packages.onnxscript
- python312Packages.onnxruntime-tools
- python313Packages.onnxruntime-tools
- python314Packages.onnxruntime-tools
- pkgsRocm.python3Packages.onnxruntime
- pkgsRocm.python3Packages.sherpa-onnx
- pkgsRocm.python3Packages.optimum-onnx
- python312Packages.onnxconverter-common
- python312Packages.rapidocr-onnxruntime
- python313Packages.onnxconverter-common
- python313Packages.rapidocr-onnxruntime
- python314Packages.onnxconverter-common
- python314Packages.rapidocr-onnxruntime
- pkgsRocm.python3Packages.rapidocr-onnxruntime
2 months, 2 weeks ago
-
@LeSuisse
restored
package python312Packages.onnx
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
Permalink
CVE-2026-35043
7.8 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Local (L)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): Required (R)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): High (H)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Local (L)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): Required (R)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): High (H)
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 2 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
BentoML: command injection in cloud deployment setup script (deployment.py)
Permalink
CVE-2026-34612
9.9 CRITICAL
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): None (N)
-
Scope (S): Changed (C)
-
Confidentiality (C): High (H)
-
Integrity (I): High (H)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Changed (C)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): High (H)
updated
2 months, 2 weeks ago
by @LeSuisse
Activity log
-
Created suggestion
2 months, 3 weeks ago
-
@LeSuisse
accepted
2 months, 2 weeks ago
-
@LeSuisse
published on GitHub
2 months, 2 weeks ago
Kestra: Remote Code Execution via SQL Injection
Nixpkgs security tracker