⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-4373
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months ago
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

bootc
glib2
loupe
librsvg2
mingw-glib2
glycin-loaders

pkgs.bootc.x86_64-linux

Boot and upgrade via container images

pkgs.bootc.aarch64-linux

Boot and upgrade via container images

pkgs.rubyPackages.glib2.x86_64-linux

pkgs.rubyPackages.glib2.aarch64-linux

pkgs.rubyPackages.glib2.x86_64-darwin

pkgs.rubyPackages.glib2.aarch64-darwin

Package maintainers: 2
CVE-2023-40745
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Libtiff: integer overflow in tiffcp.c

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

libtiff
*
<4.6.0
mingw-libtiff
compact-libtiff
compat-libtiff3

pkgs.libtiff_t

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff.x86_64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff_t.x86_64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.x86_64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)
Package maintainers: 8
CVE-2023-3576
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Libtiff: memory leak in tiffcrop.c

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

libtiff
*
mingw-libtiff
compat-libtiff3

pkgs.libtiff_t

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff.x86_64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff_t.x86_64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.x86_64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)
Package maintainers: 8
CVE-2023-41175
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Libtiff: potential integer overflow in raw2tiff.c

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

libtiff
*
<4.6.0
mingw-libtiff
compact-libtiff
compat-libtiff3

pkgs.libtiff_t

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff.x86_64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff_t.x86_64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.x86_64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)
Package maintainers: 8
CVE-2023-4813
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Glibc: potential use-after-free in gaih_inet()

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

glibc
*
compat-glibc

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.mtrace.x86_64-linux

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.mtrace.aarch64-linux

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.libiconv.x86_64-linux

pkgs.libiconv.aarch64-linux

pkgs.glibcLocales.aarch64-linux

Locale information for the GNU C Library

pkgs.glibcLocalesUtf8.aarch64-linux

Locale information for the GNU C Library
Package maintainers: 3
CVE-2023-4806
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Glibc: potential use-after-free in getaddrinfo()

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

glibc
*
compat-glibc

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.mtrace.x86_64-linux

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.mtrace.aarch64-linux

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.libiconv.x86_64-linux

pkgs.libiconv.aarch64-linux

pkgs.glibcLocales.aarch64-linux

Locale information for the GNU C Library

pkgs.glibcLocalesUtf8.aarch64-linux

Locale information for the GNU C Library
Package maintainers: 3
CVE-2023-40204
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2.

folders
=<2.9.2

pkgs.platform-folders

A C++ library to look for standard platform directories so that you do not need to write platform-specific code

pkgs.platform-folders.x86_64-linux

A C++ library to look for standard platform directories so that you do not need to write platform-specific code

pkgs.platform-folders.aarch64-linux

A C++ library to look for standard platform directories so that you do not need to write platform-specific code

pkgs.platform-folders.x86_64-darwin

A C++ library to look for standard platform directories so that you do not need to write platform-specific code

pkgs.platform-folders.aarch64-darwin

A C++ library to look for standard platform directories so that you do not need to write platform-specific code

pkgs.vscode-extensions.moshfeu.compare-folders

Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side

pkgs.vscode-extensions.moshfeu.compare-folders.x86_64-linux

The extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side

pkgs.vscode-extensions.moshfeu.compare-folders.aarch64-linux

Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side

pkgs.vscode-extensions.moshfeu.compare-folders.x86_64-darwin

Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side

pkgs.vscode-extensions.moshfeu.compare-folders.aarch64-darwin

Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side
Package maintainers: 4
CVE-2025-4035
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 1 week ago
Libsoup: cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.

libsoup
libsoup3
*

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-3501
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 1 week ago
Org.keycloak.protocol.services: keycloak hostname verification

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

keycloak
rhbk/keycloak-rhel9
*
keycloak-rhel9-container
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
keycloak-rhel9-operator-container
*
keycloak-rhel9-operator-bundle-container
*

pkgs.keycloak.x86_64-linux

Identity and access management for modern applications and services

pkgs.keycloak.aarch64-linux

Identity and access management for modern applications and services

pkgs.python311Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python311Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python311Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python311Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API
Package maintainers: 3
CVE-2025-30194
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Denial of service via crafted DoH exchange

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention.

dnsdist
<1.9.9
Package maintainers: 1