⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-52803
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 day, 20 hours ago
WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3.

sala
=<1.1.3

pkgs.python311Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python312Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python313Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python311Packages.datasalad.x86_64-linux

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python312Packages.datasalad.x86_64-linux

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python311Packages.datasalad.aarch64-linux

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python311Packages.datasalad.x86_64-darwin

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python312Packages.datasalad.aarch64-linux

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python312Packages.datasalad.x86_64-darwin

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python311Packages.datasalad.aarch64-darwin

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python312Packages.datasalad.aarch64-darwin

Pure-Python library with a collection of utilities for working with Git and git-annex
Package maintainers: 2
CVE-2025-40923
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 day, 20 hours ago
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Plack-Middleware-Session
<0.35

pkgs.perl536Packages.PlackMiddlewareSession

Middleware for session management

pkgs.perl538Packages.PlackMiddlewareSession

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession

Middleware for session management

pkgs.perl536Packages.PlackMiddlewareSession.x86_64-linux

Middleware for session management

pkgs.perl538Packages.PlackMiddlewareSession.x86_64-linux

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.x86_64-linux

Middleware for session management

pkgs.perl536Packages.PlackMiddlewareSession.aarch64-linux

Middleware for session management

pkgs.perl536Packages.PlackMiddlewareSession.x86_64-darwin

Middleware for session management

pkgs.perl538Packages.PlackMiddlewareSession.aarch64-linux

Middleware for session management

pkgs.perl538Packages.PlackMiddlewareSession.x86_64-darwin

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.aarch64-linux

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.x86_64-darwin

Middleware for session management

pkgs.perl536Packages.PlackMiddlewareSession.aarch64-darwin

Middleware for session management

pkgs.perl538Packages.PlackMiddlewareSession.aarch64-darwin

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.aarch64-darwin

Middleware for session management
CVE-2025-40918
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 day, 21 hours ago
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.

Authen-SASL
=<2.1800

pkgs.perl536Packages.AuthenSASL

SASL Authentication framework

pkgs.perl536Packages.AuthenSASLSASLprep

A Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl540Packages.AuthenSASLSASLprep

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl536Packages.AuthenSASL.x86_64-linux

SASL Authentication framework

pkgs.perl536Packages.AuthenSASL.aarch64-linux

SASL Authentication framework

pkgs.perl536Packages.AuthenSASL.x86_64-darwin

SASL Authentication framework

pkgs.perl536Packages.AuthenSASL.aarch64-darwin

SASL Authentication framework

pkgs.perl536Packages.AuthenSASLSASLprep.x86_64-linux

A Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl538Packages.AuthenSASLSASLprep.x86_64-linux

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl540Packages.AuthenSASLSASLprep.x86_64-linux

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl536Packages.AuthenSASLSASLprep.aarch64-linux

A Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl536Packages.AuthenSASLSASLprep.x86_64-darwin

A Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl538Packages.AuthenSASLSASLprep.aarch64-linux

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl538Packages.AuthenSASLSASLprep.x86_64-darwin

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl540Packages.AuthenSASLSASLprep.aarch64-linux

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl540Packages.AuthenSASLSASLprep.x86_64-darwin

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl536Packages.AuthenSASLSASLprep.aarch64-darwin

A Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl538Packages.AuthenSASLSASLprep.aarch64-darwin

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl540Packages.AuthenSASLSASLprep.aarch64-darwin

Stringprep Profile for User Names and Passwords (RFC 4013)
Package maintainers: 1
CVE-2025-7424
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 week ago
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

rhcos
libxslt

pkgs.libxslt.x86_64-linux

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-linux

C library and tools to do XSL transformations

pkgs.libxslt.x86_64-darwin

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-darwin

C library and tools to do XSL transformations

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations
Package maintainers: 2
CVE-2025-7370
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 week ago
Libsoup: libsoup null pointer dereference

A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service.

libsoup
libsoup3

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-7425
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 week ago
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

rhcos
libxslt

pkgs.libxslt.x86_64-linux

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-linux

C library and tools to do XSL transformations

pkgs.libxslt.x86_64-darwin

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-darwin

C library and tools to do XSL transformations

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations
Package maintainers: 2
CVE-2024-21886
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 week, 1 day ago
Xorg-x11-server: heap buffer overflow in disabledevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

tigervnc
*
xorg-server
==1.21.1.7
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-6478
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 week, 1 day ago
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-5367
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 week, 1 day ago
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2023-6377
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 week, 1 day ago
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1