⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-31549
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 6 hours ago by @Srylax Activity log
  • Created automatic suggestion 17 hours ago
  • @Srylax accepted as draft 6 hours ago
  • @Srylax marked as untriaged 6 hours ago
WordPress Fusion plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion allows DOM-Based XSS. This issue affects Fusion: from n/a through 1.6.3.

fusion
=<1.6.3

pkgs.lxgw-fusionkai

Simplified Chinese font derived from LXGW WenKai GB, iansui and Klee One

pkgs.python311Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

pkgs.python312Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

pkgs.vimPlugins.nvim-treesitter-parsers.fusion

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
    • nixos-24.11-small
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Notify package maintainers: 4
CVE-2025-31538
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 17 hours ago
WordPress Checklist plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in checklistcom Checklist allows Stored XSS. This issue affects Checklist: from n/a through 1.1.9.

checklist
=<1.1.9

pkgs.texlivePackages.checklistings

Pass verbatim contents through a compiler and reincorporate the resulting output

pkgs.texlivePackages.typed-checklist

Typesetting tasks, goals, milestones, artifacts, and more in LaTeX
CVE-2025-31162
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 days, 17 hours ago
fig2dev float point exception

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.

fig2dev
==3.2.9a
Notify package maintainers: 1
CVE-2024-13939
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 days, 17 hours ago
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

String-Compare-ConstantTime
=<0.321

pkgs.perl536Packages.StringCompareConstantTime

Timing side-channel protected string compare

pkgs.perl540Packages.StringCompareConstantTime

Timing side-channel protected string compare
CVE-2025-1860 created 3 days, 17 hours ago
Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Data-Entropy
<0.008

pkgs.perl536Packages.DataEntropy

Entropy (randomness) management
CVE-2025-31164
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 days, 17 hours ago
fig2dev heap-buffer overflow

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline.

fig2dev
==3.2.9a
Notify package maintainers: 1
CVE-2025-31163
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 days, 17 hours ago
fig2dev segmentation fault

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.

fig2dev
==3.2.9a
Notify package maintainers: 1
CVE-2025-31176
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 17 hours ago
Gnuplot: gnuplot segmentation fault on plot3d_points

A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.

gnuplot

pkgs.texlivePackages.gnuplottex

Embed Gnuplot commands in LaTeX documents

pkgs.texlivePackages.context-gnuplot

Inclusion of Gnuplot graphs in ConTeXt

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
    • nixos-24.11-small
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Notify package maintainers: 3
CVE-2025-31180
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 17 hours ago
Gnuplot: gnuplot segmentation fault on canvas_text

A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.

gnuplot

pkgs.texlivePackages.gnuplottex

Embed Gnuplot commands in LaTeX documents

pkgs.texlivePackages.context-gnuplot

Inclusion of Gnuplot graphs in ConTeXt

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
    • nixos-24.11-small
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Notify package maintainers: 3
CVE-2025-31179
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 17 hours ago
Gnuplot: gnuplot segmentation fault on xstrftime

A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.

gnuplot

pkgs.texlivePackages.gnuplottex

Embed Gnuplot commands in LaTeX documents

pkgs.texlivePackages.context-gnuplot

Inclusion of Gnuplot graphs in ConTeXt

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
    • nixos-24.11-small
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Notify package maintainers: 3