⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2023-3758
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months ago
Sssd: race condition during authorization leads to gpo policies functioning inconsistently

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

sssd
<2.9.5
*
Notify package maintainers: 1
CVE-2022-2084
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months ago
sensitive data exposure in cloud-init logs

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

cloud-init
<23.0

pkgs.cloud-init

Provides configuration and customization of cloud instance
Notify package maintainers: 2
CVE-2023-30797
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months ago
Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

lemur
<<1.3.2
Notify package maintainers: 1
CVE-2021-3429
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months ago
sensitive data exposure in cloud-init logs

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.

cloud-init
<21.2

pkgs.cloud-init

Provides configuration and customization of cloud instance
Notify package maintainers: 2
CVE-2023-30798
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months ago
MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

starlette
<0.25.0

pkgs.python311Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python312Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python311Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python312Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request
Notify package maintainers: 7
CVE-2025-24684
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months ago
WordPress Media Downloader Plugin <= 0.4.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5.

media-downloader
=<0.4.7.5
Notify package maintainers: 1
CVE-2025-22703
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months ago
WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.

forge
=<1.4.6

pkgs.forge

OpenGL interop library that can be used with ArrayFire or any other application using CUDA or OpenCL compute backend

pkgs.mcdreforged

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.gnomeExtensions.forge

Tiling and window manager for GNOME
  • nixos-24.05 78
    • nixpkgs-24.05-darwin 78
    • nixos-24.05-small 78
  • nixos-24.11 84
    • nixpkgs-24.11-darwin 84
    • nixos-24.11-small 84
  • nixos-unstable 84
    • nixos-unstable-small 84
    • nixpkgs-unstable 84
Notify package maintainers: 15
CVE-2023-4911
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

glibc
*
<2.39
compat-glibc
redhat-virtualization-host
*
redhat-release-virtualization-host
*
Notify package maintainers: 2
CVE-2024-22029
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @fricklerhandwerk removed
    3 packages
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.7.2
    2 months ago
tomcat packaging allows for escalation to root from tomcat user

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

tomcat
<9.0.85-150200.57.1
<9.0.85-3.1

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc
Notify package maintainers: 2
CVE-2023-46846
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 2 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @fricklerhandwerk removed
    3 packages
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    2 months ago
Squid: request/response smuggling in http/1.1 and icap

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

squid
*
<6.4
squid34
squid:4
*

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more
Notify package maintainers: 1