⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-40914
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

CryptX
=<0.086
CVE-2025-40912
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode

CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.

CryptX
<0.065
CVE-2025-49075
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 2 months, 2 weeks ago by @06kellyjac Activity log
  • Created automatic suggestion 2 months, 3 weeks ago
  • @06kellyjac accepted as draft 2 months, 2 weeks ago
  • @06kellyjac marked as untriaged 2 months, 2 weeks ago
WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.

wishlist
=<1.0.43
Package maintainers: 2
CVE-2025-5914
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

rhcos
libarchive

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

pkgs.python311Packages.libarchive-c

Python interface to libarchive

pkgs.python312Packages.libarchive-c

Python interface to libarchive

pkgs.python313Packages.libarchive-c

Python interface to libarchive

pkgs.haskellPackages.libarchive.x86_64-linux

Haskell interface to libarchive

pkgs.haskellPackages.libarchive.aarch64-linux

Haskell interface to libarchive

pkgs.haskellPackages.libarchive.x86_64-darwin

Haskell interface to libarchive

pkgs.python311Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.haskellPackages.libarchive.aarch64-darwin

Haskell interface to libarchive

pkgs.python312Packages.libarchive-c.x86_64-linux

Python interface to libarchive

pkgs.python312Packages.libarchive-c.aarch64-linux

Python interface to libarchive

pkgs.python312Packages.libarchive-c.x86_64-darwin

Python interface to libarchive

pkgs.python312Packages.libarchive-c.aarch64-darwin

Python interface to libarchive

pkgs.haskellPackages.libarchive-conduit.x86_64-linux

Read many archive formats with libarchive and conduit

pkgs.haskellPackages.libarchive-conduit.aarch64-linux

Read many archive formats with libarchive and conduit

pkgs.haskellPackages.libarchive-conduit.x86_64-darwin

Read many archive formats with libarchive and conduit

pkgs.haskellPackages.libarchive-conduit.aarch64-darwin

Read many archive formats with libarchive and conduit
Package maintainers: 10
CVE-2025-31638
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
WordPress Spare <= 1.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7.

spare
=<1.7

pkgs.asciiquarium-transparent

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.gnomeExtensions.transparent-top-bar

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.
  • nixos-25.05 24
    • nixpkgs-25.05-darwin 24
    • nixos-25.05-small 24
  • nixos-unstable 23
    • nixos-unstable-small 23
    • nixpkgs-unstable 24

pkgs.vimPlugins.transparent-nvim.x86_64-linux

pkgs.gnomeExtensions.transparent-window-moving

Makes the window semi-transparent when moving or resizing
  • nixos-25.05 19
    • nixpkgs-25.05-darwin 19
    • nixos-25.05-small 19
  • nixos-unstable 18
    • nixos-unstable-small 18
    • nixpkgs-unstable 18

pkgs.vimPlugins.transparent-nvim.aarch64-linux

pkgs.vimPlugins.transparent-nvim.x86_64-darwin

pkgs.vimPlugins.transparent-nvim.aarch64-darwin

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar
  • nixos-25.05 24
    • nixpkgs-25.05-darwin 24
    • nixos-25.05-small 24
  • nixos-unstable 21
    • nixos-unstable-small 21
    • nixpkgs-unstable 24
Package maintainers: 4
CVE-2025-39476
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress Revo theme <= 4.0.26 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo allows PHP Local File Inclusion. This issue affects Revo: from n/a through 4.0.26.

revo
=<4.0.26

pkgs.prevo

offline version of the Esperanto dictionary Reta Vortaro

pkgs.prevo-tools

CLI tools for the offline version of the Esperanto dictionary Reta Vortaro

pkgs.python311Packages.pyrevolve

Python library to manage checkpointing for adjoints

pkgs.python312Packages.pyrevolve

Python library to manage checkpointing for adjoints

pkgs.revolt-desktop.x86_64-linux

Open source user-first chat platform

pkgs.revolt-desktop.aarch64-linux

Open source user-first chat platform

pkgs.revolt-desktop.x86_64-darwin

Open source user-first chat platform

pkgs.revolt-desktop.aarch64-darwin

Open source user-first chat platform

pkgs.python312Packages.brevo-python

Fully-featured Python API client to interact with Brevo

pkgs.python313Packages.brevo-python

Fully-featured Python API client to interact with Brevo
Package maintainers: 8
CVE-2025-28945
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Valen - Sport, Fashion WooCommerce WordPress Theme: from n/a through 2.4.

valen
=<2.4

pkgs.haskellPackages.equivalence

Maintaining an equivalence relation implemented as union-find using STT

pkgs.sbclPackages.cl-prevalence.x86_64-linux

pkgs.haskellPackages.equivalence.x86_64-linux

Maintaining an equivalence relation implemented as union-find using STT

pkgs.sbclPackages.cl-prevalence.aarch64-linux

pkgs.sbclPackages.cl-prevalence.x86_64-darwin

pkgs.haskellPackages.equivalence.aarch64-linux

Maintaining an equivalence relation implemented as union-find using STT

pkgs.haskellPackages.equivalence.x86_64-darwin

Maintaining an equivalence relation implemented as union-find using STT

pkgs.sbclPackages.cl-prevalence.aarch64-darwin

pkgs.haskellPackages.equivalence.aarch64-darwin

Maintaining an equivalence relation implemented as union-find using STT

pkgs.vscode-extensions.valentjn.vscode-ltex.x86_64-linux

pkgs.vscode-extensions.valentjn.vscode-ltex.aarch64-linux

pkgs.vscode-extensions.valentjn.vscode-ltex.x86_64-darwin

pkgs.vscode-extensions.valentjn.vscode-ltex.aarch64-darwin

Package maintainers: 7
CVE-2025-31396
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5.

flap
=<1.5

pkgs.jflap

GUI tool for experimenting with formal languages topics
Package maintainers: 2
CVE-2025-5917
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

rhcos
libarchive

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

pkgs.python311Packages.libarchive-c

Python interface to libarchive

pkgs.python312Packages.libarchive-c

Python interface to libarchive

pkgs.python313Packages.libarchive-c

Python interface to libarchive

pkgs.haskellPackages.libarchive.x86_64-linux

Haskell interface to libarchive

pkgs.haskellPackages.libarchive.aarch64-linux

Haskell interface to libarchive

pkgs.haskellPackages.libarchive.x86_64-darwin

Haskell interface to libarchive

pkgs.python311Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.haskellPackages.libarchive.aarch64-darwin

Haskell interface to libarchive

pkgs.python312Packages.libarchive-c.x86_64-linux

Python interface to libarchive

pkgs.python312Packages.libarchive-c.aarch64-linux

Python interface to libarchive

pkgs.python312Packages.libarchive-c.x86_64-darwin

Python interface to libarchive

pkgs.python312Packages.libarchive-c.aarch64-darwin

Python interface to libarchive

pkgs.haskellPackages.libarchive-conduit.x86_64-linux

Read many archive formats with libarchive and conduit

pkgs.haskellPackages.libarchive-conduit.aarch64-linux

Read many archive formats with libarchive and conduit

pkgs.haskellPackages.libarchive-conduit.x86_64-darwin

Read many archive formats with libarchive and conduit

pkgs.haskellPackages.libarchive-conduit.aarch64-darwin

Read many archive formats with libarchive and conduit
Package maintainers: 10
CVE-2025-32291
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress SUMO Affiliates Pro <= 10.7.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0.

affs
=<10.7.0

pkgs.unyaffs

Tool to extract files from a YAFFS2 file system image
Package maintainers: 2