⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-46400
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
fig2dev segmentation fault in read_arcobject

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.

xfig
=<3.2.9a
fig2dev
==3.2.9a

pkgs.fig2dev.x86_64-linux

Tool to convert Xfig files to other formats

pkgs.fig2dev.aarch64-linux

Tool to convert Xfig files to other formats

pkgs.fig2dev.x86_64-darwin

Tool to convert Xfig files to other formats

pkgs.fig2dev.aarch64-darwin

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2025-46397
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
fig2dev stack-overflow

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.

xfig
=<3.2.9a
fig2dev
==3.2.9a

pkgs.fig2dev.x86_64-linux

Tool to convert Xfig files to other formats

pkgs.fig2dev.aarch64-linux

Tool to convert Xfig files to other formats

pkgs.fig2dev.x86_64-darwin

Tool to convert Xfig files to other formats

pkgs.fig2dev.aarch64-darwin

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2025-46398
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
fig2dev stack-overflow via read_objects

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.

xfig
=<3.2.9a
fig2dev
==3.2.9a

pkgs.fig2dev.x86_64-linux

Tool to convert Xfig files to other formats

pkgs.fig2dev.aarch64-linux

Tool to convert Xfig files to other formats

pkgs.fig2dev.x86_64-darwin

Tool to convert Xfig files to other formats

pkgs.fig2dev.aarch64-darwin

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2024-21885
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

tigervnc
*
xorg-server
==1.21.1.7
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2025-27288
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 3 weeks ago
WordPress File Icons Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BjornW File Icons allows Reflected XSS. This issue affects File Icons: from n/a through 2.1.

file-icons
=<2.1

pkgs.vscode-extensions.file-icons.file-icons.x86_64-linux

File-specific icons in VSCode for improved visual grepping

pkgs.vscode-extensions.file-icons.file-icons.aarch64-linux

File-specific icons in VSCode for improved visual grepping

pkgs.vscode-extensions.file-icons.file-icons.x86_64-darwin

File-specific icons in VSCode for improved visual grepping

pkgs.vscode-extensions.file-icons.file-icons.aarch64-darwin

File-specific icons in VSCode for improved visual grepping
CVE-2025-39438
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 3 weeks ago
WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.

theme-changer
=<1.3

pkgs.gnomeExtensions.dm-theme-changer

Automatically change theme styles when dark mode is enabled or disabled.
  • nixos-24.11 4
    • nixpkgs-24.11-darwin 4
    • nixos-24.11-small 4
  • nixos-unstable ???
    • nixos-unstable-small 4
    • nixpkgs-unstable 4

pkgs.gnomeExtensions.dm-theme-changer.x86_64-linux

Automatically change theme styles when dark mode is enabled or disabled.
  • nixos-24.11 4
  • nixos-unstable 4

pkgs.gnomeExtensions.dm-theme-changer.aarch64-linux

Automatically change theme styles when dark mode is enabled or disabled.
  • nixos-24.11 4
  • nixos-unstable 4
Package maintainers: 1
CVE-2024-22051
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 3 weeks ago
CommonMarker Integer Overflow Vulnerability

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

commonmarker
<0.23.4

pkgs.rubyPackages.commonmarker

pkgs.rubyPackages.commonmarker.x86_64-linux

pkgs.rubyPackages.commonmarker.aarch64-linux

pkgs.rubyPackages.commonmarker.x86_64-darwin

pkgs.rubyPackages.commonmarker.aarch64-darwin

CVE-2025-39436
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 3 weeks ago
WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.

idraw
=<1.0

pkgs.jitsi-excalidraw

Excalidraw collaboration backend for Jitsi

pkgs.excalidraw_export

CLI to export Excalidraw drawings to SVG and PDF

pkgs.kanjidraw.x86_64-linux

Handwritten kanji recognition

pkgs.kanjidraw.aarch64-linux

Handwritten kanji recognition

pkgs.kanjidraw.x86_64-darwin

Handwritten kanji recognition

pkgs.kanjidraw.aarch64-darwin

Handwritten kanji recognition

pkgs.jitsi-excalidraw.x86_64-linux

Excalidraw collaboration backend for Jitsi
  • nixos-24.05 17
    • nixpkgs-24.05-darwin 17
  • nixos-unstable 21
    • nixos-unstable-small 21

pkgs.excalidraw_export.x86_64-linux

CLI to export Excalidraw drawings to SVG and PDF

pkgs.jitsi-excalidraw.aarch64-linux

Excalidraw collaboration backend for Jitsi
  • nixos-24.05 17
    • nixpkgs-24.05-darwin 17
  • nixos-unstable 21
    • nixos-unstable-small 21

pkgs.jitsi-excalidraw.x86_64-darwin

Excalidraw collaboration backend for Jitsi
  • nixos-24.05 17
    • nixpkgs-24.05-darwin 17
  • nixos-unstable 21
    • nixos-unstable-small 21

pkgs.excalidraw_export.aarch64-linux

CLI to export Excalidraw drawings to SVG and PDF

pkgs.jitsi-excalidraw.aarch64-darwin

Excalidraw collaboration backend for Jitsi
  • nixos-24.05 17
    • nixpkgs-24.05-darwin 17
  • nixos-unstable 21
    • nixos-unstable-small 21

pkgs.tests.pkg-config.defaultPkgConfigPackages.hidapi-hidraw

Test whether hidapi-0.14.0 exposes pkg-config modules hidapi-hidraw
  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.hidapi-hidraw.x86_64-linux

Test whether hidapi-0.14.0 exposes pkg-config modules hidapi-hidraw.
  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.tests.pkg-config.defaultPkgConfigPackages.hidapi-hidraw.aarch64-linux

Test whether hidapi-0.14.0 exposes pkg-config modules hidapi-hidraw.
  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???
Package maintainers: 4
CVE-2025-27324
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 3 weeks ago
WordPress 17TRACK for WooCommerce Plugin <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 17track 17TRACK for WooCommerce allows Reflected XSS. This issue affects 17TRACK for WooCommerce: from n/a through 1.2.10.

17track
=<1.2.10
Package maintainers: 1
CVE-2025-39580
5.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 3 weeks ago
WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability

Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.

dashi
=<3.1.8
Package maintainers: 1