⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-4982
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 2 weeks ago
Pagure: path traversal in view_issue_raw_file()

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

pagure
<5.14.1

pkgs.haskellPackages.pagure

Pagure REST client library

pkgs.haskellPackages.pagure-cli

Pagure client
CVE-2024-24762
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months, 3 weeks ago
python-multipart vulnerable to content-type header Regular expression Denial of Service

`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

fastapi
<0.109.1
startlette
<0.36.2
python-multipart
<0.0.7

pkgs.fastapi-cli

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi

Web framework for building APIs

pkgs.python312Packages.fastapi

Web framework for building APIs

pkgs.python311Packages.fastapi-cli

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi-sso

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python312Packages.fastapi-cli

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python312Packages.fastapi-sso

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python311Packages.fastapi-mail

Module for sending emails and attachments

pkgs.python312Packages.fastapi-mail

Module for sending emails and attachments

pkgs.python311Packages.python-multipart

Streaming multipart parser for Python

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

pkgs.python312Packages.python-multipart.x86_64-linux

Streaming multipart parser for Python

pkgs.python312Packages.python-multipart.aarch64-linux

Streaming multipart parser for Python

pkgs.python312Packages.python-multipart.x86_64-darwin

Streaming multipart parser for Python

pkgs.python312Packages.python-multipart.aarch64-darwin

Streaming multipart parser for Python

pkgs.python311Packages.prometheus-fastapi-instrumentator

Instrument FastAPI with Prometheus metrics

pkgs.python312Packages.prometheus-fastapi-instrumentator

Instrument FastAPI with Prometheus metrics

pkgs.python311Packages.opentelemetry-instrumentation-fastapi

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.prometheus-fastapi-instrumentator.x86_64-linux

Instrument FastAPI with Prometheus metrics

pkgs.python312Packages.prometheus-fastapi-instrumentator.aarch64-linux

Instrument FastAPI with Prometheus metrics

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.x86_64-linux

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.aarch64-linux

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.x86_64-darwin

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.aarch64-darwin

OpenTelemetry Instrumentation for fastapi
Package maintainers: 7
CVE-2025-47509
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 3 weeks ago
WordPress Top 10 <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.

top-10
=<4.1.0

pkgs.budgie-desktop

Feature-rich, modern desktop designed to keep out the way of the user

pkgs.gnomeExtensions.pip-on-top

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.
  • nixos-unstable 10
    • nixos-unstable-small 10
    • nixpkgs-unstable 10

pkgs.gnomeExtensions.show-apps-at-top

Put show apps icon at top in Gnome default dash
Package maintainers: 3
CVE-2023-20587
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months, 3 weeks ago
Improper Access Control in System Management Mode (SMM) may allow …

Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

PI
==various
==various

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spoofdpi.x86_64-linux

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.spoofdpi.aarch64-linux

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.x86_64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.aarch64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPI.x86_64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.aarch64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.x86_64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID.x86_64-linux

PID control loop

pkgs.perl540Packages.PPI.aarch64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.spirv-llvm-translator.x86_64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-linux

PID control loop

pkgs.haskellPackages.hsPID.x86_64-darwin

PID control loop

pkgs.spirv-llvm-translator.aarch64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spirv-llvm-translator.x86_64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-darwin

PID control loop

pkgs.perl540Packages.PDFAPI2.x86_64-linux

Create, modify, and examine PDF files

pkgs.spirv-llvm-translator.aarch64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl540Packages.PDFAPI2.aarch64-linux

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.x86_64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.aarch64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PPIxUtils.x86_64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxRegexp.x86_64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils.x86_64-darwin

Utility functions for PPI

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.PPIxRegexp.aarch64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp.x86_64-darwin

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-darwin

Utility functions for PPI

pkgs.perl540Packages.ProcPIDFile.x86_64-linux

Manage process id files

pkgs.perl540Packages.PPIxRegexp.aarch64-darwin

Parse regular expressions

pkgs.perl540Packages.ProcPIDFile.aarch64-linux

Manage process id files

pkgs.perl540Packages.ProcPIDFile.x86_64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.x86_64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.x86_64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.x86_64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.x86_64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.ProcPIDFile.aarch64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.aarch64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI.x86_64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.OpenAPIClient.x86_64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxQuoteLike.x86_64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.PPIxUtilities.x86_64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.WWWTwilioAPI.aarch64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-darwin

OpenAPI / Swagger plugin for Mojolicious
Package maintainers: 5
CVE-2025-47441
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 3 weeks ago
WordPress Progress Bar <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar allows Stored XSS. This issue affects Progress Bar: from n/a through 2.2.3.

progress-bar
=<2.2.3

pkgs.haskellPackages.terminal-progress-bar

A progress bar in the terminal
CVE-2025-1400
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months, 3 weeks ago
Out-of-bounds Read in libplctag library

Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

libplctag
=<2.6.3

pkgs.libplctag

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.x86_64-linux

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.aarch64-linux

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.x86_64-darwin

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.aarch64-darwin

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs
Package maintainers: 1
CVE-2025-31177
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months, 3 weeks ago
Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one

gnuplot is affected by a heap buffer overflow at function utf8_copy_one.

gnuplot
<6.0

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-darwin

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-darwin

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Package maintainers: 3
CVE-2022-47599
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 3 weeks ago
WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.

file-manager
=<5.2.7

pkgs.expidus.file-manager

ExpidusOS File Manager

pkgs.deepin.dde-file-manager

File manager for deepin desktop environment

pkgs.python311Packages.show-in-file-manager

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.x86_64-linux

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.aarch64-linux

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.x86_64-darwin

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.aarch64-darwin

Open the system file manager and select files in it
Package maintainers: 2
CVE-2024-12225
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 months, 3 weeks ago
Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.

quarkus
<3.15.3.1
io.quarkus:quarkus-security-webauthn

pkgs.quarkus

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.x86_64-linux

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.aarch64-linux

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.x86_64-darwin

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.aarch64-darwin

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards
Package maintainers: 1
CVE-2025-4373
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 3 weeks ago
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

glib
<2.84.2
bootc
glib2
*
loupe
librsvg2
mingw-glib2
glycin-loaders
registry.redhat.io/rhosdt/jaeger-agent-rhel8
*
registry.redhat.io/rhosdt/jaeger-query-rhel8
*
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
*
registry.redhat.io/rhosdt/jaeger-rhel8-operator
*
registry.redhat.io/rhosdt/jaeger-collector-rhel8
*
registry.redhat.io/rhosdt/jaeger-operator-bundle
*
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
*
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
*
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
*
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
*

pkgs.bootc

Boot and upgrade via container images

pkgs.mlxbf-bootctl

Control BlueField boot partitions

pkgs.rubyPackages_3_1.glib2.x86_64-linux

pkgs.rubyPackages_3_2.glib2.x86_64-linux

pkgs.rubyPackages_3_3.glib2.x86_64-linux

pkgs.rubyPackages_3_4.glib2.x86_64-linux

pkgs.rubyPackages_3_1.glib2.aarch64-linux

pkgs.rubyPackages_3_1.glib2.x86_64-darwin

pkgs.rubyPackages_3_2.glib2.aarch64-linux

pkgs.rubyPackages_3_2.glib2.x86_64-darwin

pkgs.rubyPackages_3_3.glib2.aarch64-linux

pkgs.rubyPackages_3_3.glib2.x86_64-darwin

pkgs.rubyPackages_3_4.glib2.aarch64-linux

pkgs.rubyPackages_3_4.glib2.x86_64-darwin

pkgs.rubyPackages_3_1.glib2.aarch64-darwin

pkgs.rubyPackages_3_2.glib2.aarch64-darwin

pkgs.rubyPackages_3_3.glib2.aarch64-darwin

pkgs.rubyPackages_3_4.glib2.aarch64-darwin

Package maintainers: 2