⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-5917
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

rhcos
libarchive
<3.8.0

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

pkgs.haskellPackages.libarchive

Haskell interface to libarchive

pkgs.kodiPackages.vfs-libarchive

LibArchive Virtual Filesystem add-on for Kodi

pkgs.python312Packages.libarchive-c

Python interface to libarchive

pkgs.python313Packages.libarchive-c

Python interface to libarchive

pkgs.haskellPackages.archive-libarchive

Common interface using libarchive

pkgs.haskellPackages.libarchive-conduit

Read many archive formats with libarchive and conduit

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
Package maintainers: 8
CVE-2025-5914
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

rhcos
libarchive
<3.8.0
*
web-terminal/web-terminal-tooling-rhel9
*
web-terminal/web-terminal-rhel9-operator
*
registry.redhat.io/rhosdt/jaeger-agent-rhel8
*
registry.redhat.io/rhosdt/jaeger-query-rhel8
*
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
*
registry.redhat.io/rhosdt/jaeger-rhel8-operator
*
registry.redhat.io/rhosdt/jaeger-collector-rhel8
*
registry.redhat.io/rhosdt/jaeger-operator-bundle
*
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
*
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
*
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
*
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator
*
registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9
*

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

pkgs.haskellPackages.libarchive

Haskell interface to libarchive

pkgs.kodiPackages.vfs-libarchive

LibArchive Virtual Filesystem add-on for Kodi

pkgs.python312Packages.libarchive-c

Python interface to libarchive

pkgs.python313Packages.libarchive-c

Python interface to libarchive

pkgs.haskellPackages.archive-libarchive

Common interface using libarchive

pkgs.haskellPackages.libarchive-conduit

Read many archive formats with libarchive and conduit

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
Package maintainers: 8
CVE-2025-31061
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
WordPress Wishlist plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 2.1.0.

wishlist
=<2.1.0

pkgs.wishlist

Single entrypoint for multiple SSH endpoints
Package maintainers: 2
CVE-2025-31396
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5.

flap
=<1.5

pkgs.jflap

GUI tool for experimenting with formal languages topics
Package maintainers: 2
CVE-2025-31638
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
WordPress Spare <= 1.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7.

spare
=<1.7

pkgs.asciiquarium-transparent

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.materia-theme-transparent

Transparent Material Design theme for GNOME/GTK based desktop environments

pkgs.gnomeExtensions.transparent-top-bar

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.

pkgs.gnomeExtensions.transparent-window-moving

Makes the window semi-transparent when moving or resizing

pkgs.sway-contrib.inactive-windows-transparency

It makes inactive sway windows transparent

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar
Package maintainers: 4
CVE-2025-28945
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Valen - Sport, Fashion WooCommerce WordPress Theme: from n/a through 2.4.

valen
=<2.4

pkgs.valentina

Open source sewing pattern drafting software

pkgs.gnomeExtensions.valent

GNOME Shell integration for Valent

pkgs.haskellPackages.equivalence

Maintaining an equivalence relation implemented as union-find using STT

pkgs.vscode-extensions.valentjn.vscode-ltex

Package maintainers: 7
CVE-2025-5918
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
Libarchive: reading past eof may be triggered for piped file streams

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

rhcos
libarchive
<3.8.0

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

pkgs.haskellPackages.libarchive

Haskell interface to libarchive

pkgs.kodiPackages.vfs-libarchive

LibArchive Virtual Filesystem add-on for Kodi

pkgs.python312Packages.libarchive-c

Python interface to libarchive

pkgs.python313Packages.libarchive-c

Python interface to libarchive

pkgs.haskellPackages.archive-libarchive

Common interface using libarchive

pkgs.haskellPackages.libarchive-conduit

Read many archive formats with libarchive and conduit

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
Package maintainers: 8
CVE-2025-39475
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress Arlo <= 6.0.3 - Local File Inclusion Vulnerability

Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inclusion. This issue affects Arlo: from n/a through 6.0.3.

arlo
=<6.0.3

pkgs.barlow

Grotesk variable font superfamily

pkgs.clearlooks-phenix

GTK3 port of the Clearlooks theme

pkgs.python312Packages.pyarlo

Python library to work with Netgear Arlo cameras

pkgs.python313Packages.pyarlo

Python library to work with Netgear Arlo cameras

pkgs.python312Packages.warlock

Python object model built on JSON schema and JSON patch

pkgs.python313Packages.warlock

Python object model built on JSON schema and JSON patch

pkgs.haskellPackages.barlow-lens

lens via string literals

pkgs.rubyPackages.charlock_holmes

pkgs.python312Packages.solarlog-cli

Python library to access the Solar-Log JSON interface

pkgs.python313Packages.solarlog-cli

Python library to access the Solar-Log JSON interface

pkgs.rubyPackages_3_1.charlock_holmes

pkgs.rubyPackages_3_2.charlock_holmes

pkgs.rubyPackages_3_3.charlock_holmes

pkgs.rubyPackages_3_4.charlock_holmes

pkgs.python312Packages.zeversolarlocal

Python module to interact with Zeversolar inverters

pkgs.python313Packages.zeversolarlocal

Python module to interact with Zeversolar inverters

pkgs.home-assistant-component-tests.solarlog

Open source home automation that puts local control and privacy first
Package maintainers: 4
CVE-2025-32291
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress SUMO Affiliates Pro <= 10.7.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0.

affs
=<10.7.0

pkgs.unyaffs

Tool to extract files from a YAFFS2 file system image
Package maintainers: 2
CVE-2025-39476
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress Revo theme <= 4.0.26 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo allows PHP Local File Inclusion. This issue affects Revo: from n/a through 4.0.26.

revo
=<4.0.26

pkgs.prevo

Offline version of the Esperanto dictionary Reta Vortaro

pkgs.adminerevo

Database management in a single PHP file

pkgs.prevo-data

Data for offline version of the Esperanto dictionary Reta Vortaro

pkgs.prevo-tools

CLI tools for the offline version of the Esperanto dictionary Reta Vortaro

pkgs.trevorproxy

Module to rotate the source IP address via SSH proxies and other methods

pkgs.trevorspray

Modular password spraying tool

pkgs.revolt-desktop

Open source user-first chat platform

pkgs.python312Packages.pyrevolve

Python library to manage checkpointing for adjoints

pkgs.python312Packages.trevorproxy

Module to rotate the source IP address via SSH proxies and other methods

pkgs.python313Packages.trevorproxy

Module to rotate the source IP address via SSH proxies and other methods

pkgs.python312Packages.brevo-python

Fully-featured Python API client to interact with Brevo

pkgs.python313Packages.brevo-python

Fully-featured Python API client to interact with Brevo
Package maintainers: 7