⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2018-25110 created 4 weeks, 1 day ago
Regular Expression Denial of Service (ReDoS) in markedjs/marked

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.

marked
<0.3.17

pkgs.marked-man

Markdown to roff wrapper around marked

pkgs.haskellPackages.yaml-marked

Support for parsing and rendering YAML documents with marks
Package maintainers: 1
CVE-2025-46448
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
WordPress Document Management System <= 1.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System allows Reflected XSS. This issue affects Document Management System: from n/a through 1.24.

dms
=<1.24

pkgs.dms

UPnP DLNA Digital Media Server with basic video transcoding

pkgs.adms

Automatic device model synthesizer

pkgs.dmsdos

Linux utilities to handle dos/win95 doublespace/drivespace/stacker

pkgs.python312Packages.dmsuite

Scientific library providing a collection of spectral collocation differentiation matrices

pkgs.python313Packages.dmsuite

Scientific library providing a collection of spectral collocation differentiation matrices

pkgs.haskellPackages.amazonka-dms

Amazon Database Migration Service SDK

pkgs.python312Packages.ndms2-client

Keenetic NDMS 2.x and 3.x client

pkgs.python313Packages.ndms2-client

Keenetic NDMS 2.x and 3.x client

pkgs.azure-cli-extensions.dms-preview

Support for new Database Migration Service scenarios

pkgs.python312Packages.mypy-boto3-dms

Type annotations for boto3 dms

pkgs.python313Packages.mypy-boto3-dms

Type annotations for boto3 dms

pkgs.home-assistant-component-tests.dlna_dms

Open source home automation that puts local control and privacy first

pkgs.python312Packages.types-aiobotocore-dms

Type annotations for aiobotocore dms

pkgs.python313Packages.types-aiobotocore-dms

Type annotations for aiobotocore dms

pkgs.home-assistant-component-tests.keenetic_ndms2

Open source home automation that puts local control and privacy first
Package maintainers: 10
CVE-2025-5024
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

gnome-remote-desktop
*

pkgs.gnome-remote-desktop

GNOME Remote Desktop server
Package maintainers: 4
CVE-2025-2241
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 4 weeks, 1 day ago
Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.

hive
=<1.1.16
rhacm2/cluster-backup-rhel9-operator
multicluster-engine/multicloud-manager-rhel8

pkgs.hivex

Windows registry hive extraction library

pkgs.enchive

Encrypted personal archives

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

pkgs.hivemind

Process manager for Procfile-based applications

pkgs.zarchive

File archive format supporting random-access reads

pkgs.xarchiver

GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)

pkgs.ytarchive

Garbage Youtube livestream downloader

pkgs.disarchive

Disassemble software into data and metadata

pkgs.fsarchiver

File system archiver for linux

pkgs.libarchive

Multi-format archive and compression library

pkgs.tg-archive

Tool for exporting Telegram group chats into static websites like mailing list archives

pkgs.archivemount

Gateway between FUSE and libarchive: allows mounting of cpio, .tar.gz, .tar.bz2 archives

pkgs.fuse-archive

Serve an archive or a compressed file as a read-only FUSE file system

pkgs.jpeg-archive

Utilities for archiving photos for saving to long term storage or serving over the web

pkgs.web-archives

Web archives reader offering the ability to browse offline millions of articles

pkgs.hivelytracker

Chip music tracker based upon the AHX format

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

pkgs.lparchive2epub

Transform any LP from lparchive into an epub document

pkgs.the-unarchiver

Unpacks archive files

pkgs.git-archive-all

Archive a repository with all its submodules

pkgs.internetarchive

Python and Command-Line Interface to Archive.org

pkgs.autoconf-archive

Archive of autoconf m4 macros

pkgs.guile-disarchive

Disassemble software into data and metadata

pkgs.mastodon-archive

Utility for backing up your Mastodon content

pkgs.mlarchive2maildir

Imports mail from (pipermail) archives into a maildir

pkgs.lxqt.lxqt-archiver

Archive tool for the LXQt desktop environment

pkgs.libsForQt5.karchive

pkgs.php81Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.php82Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.php83Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.php84Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.kdePackages.karchive

Qt addon providing access to numerous types of archives

pkgs.CuboCore.corearchiver

Archiver from the C Suite to create and extract archives

pkgs.stripJavaArchivesHook

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.canonicalize-jars-hook

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.perlPackages.ArchiveTar

Manipulates TAR archives

pkgs.perlPackages.ArchiveCpio

Module for manipulations of cpio archives

pkgs.plasma5Packages.karchive

pkgs.wayback-machine-archiver

Python script to submit web pages to the Wayback Machine for archiving

pkgs.kodiPackages.archive_tool

Set of common python functions to work with the Kodi archive virtual file system (vfs) binary addons

pkgs.haskellPackages.libarchive

Haskell interface to libarchive

pkgs.perl538Packages.ArchiveTar

Manipulates TAR archives

pkgs.perl540Packages.ArchiveTar

Manipulates TAR archives

pkgs.xfce.thunar-archive-plugin

Thunar plugin providing file context menus for archives

pkgs.haskellPackages.archive-sig

Backpack signature for archive libraries

pkgs.haskellPackages.archive-tar

Common interface using the tar package

pkgs.haskellPackages.zip-archive

Library for creating and modifying zip archives

pkgs.kodiPackages.vfs-libarchive

LibArchive Virtual Filesystem add-on for Kodi

pkgs.perl538Packages.ArchiveCpio

Module for manipulations of cpio archives

pkgs.perl540Packages.ArchiveCpio

Module for manipulations of cpio archives

pkgs.perlPackages.ArchiveAnyLite

Simple CPAN package extractor

pkgs.perlPackages.ArchiveExtract

Generic archive extracting mechanism

pkgs.terraform-providers.archive

pkgs.perlPackages.ArchiveZip_1_53

Provide an interface to ZIP archive files

pkgs.rubyPackages.jekyll-archives

pkgs.perl538Packages.ArchiveAnyLite

Simple CPAN package extractor

pkgs.perl538Packages.ArchiveExtract

Generic archive extracting mechanism

pkgs.perl540Packages.ArchiveAnyLite

Simple CPAN package extractor

pkgs.perl540Packages.ArchiveExtract

Generic archive extracting mechanism

pkgs.perlPackages.ArchiveLibarchive

Modern Perl bindings to libarchive

pkgs.perlPackages.ArchiveTarWrapper

API wrapper around the 'tar' utility

pkgs.python312Packages.libarchive-c

Python interface to libarchive

pkgs.python313Packages.libarchive-c

Python interface to libarchive

pkgs.perl538Packages.ArchiveZip_1_53

Provide an interface to ZIP archive files

pkgs.perl540Packages.ArchiveZip_1_53

Provide an interface to ZIP archive files

pkgs.perlPackages.NetCoverArtArchive

Query the coverartarchive.org

pkgs.python312Packages.craft-archives

Library for handling archives/repositories in Canonical craft applications

pkgs.python312Packages.handy-archives

Some handy archive helpers for Python

pkgs.python313Packages.craft-archives

Library for handling archives/repositories in Canonical craft applications

pkgs.python313Packages.handy-archives

Some handy archive helpers for Python

pkgs.rubyPackages_3_1.jekyll-archives

pkgs.rubyPackages_3_2.jekyll-archives

pkgs.rubyPackages_3_3.jekyll-archives

pkgs.rubyPackages_3_4.jekyll-archives

pkgs.perl538Packages.ArchiveLibarchive

Modern Perl bindings to libarchive

pkgs.perl538Packages.ArchiveTarWrapper

API wrapper around the 'tar' utility

pkgs.perl540Packages.ArchiveLibarchive

Modern Perl bindings to libarchive

pkgs.perl540Packages.ArchiveTarWrapper

API wrapper around the 'tar' utility

pkgs.python312Packages.dissect-archive

Dissect module implementing parsers for various archive and backup formats

pkgs.python312Packages.internetarchive

Python and Command-Line Interface to Archive.org

pkgs.python313Packages.dissect-archive

Dissect module implementing parsers for various archive and backup formats

pkgs.python313Packages.internetarchive

Python and Command-Line Interface to Archive.org

pkgs.haskellPackages.archive-libarchive

Common interface using libarchive

pkgs.haskellPackages.libarchive-conduit

Read many archive formats with libarchive and conduit

pkgs.perl538Packages.NetCoverArtArchive

Query the coverartarchive.org

pkgs.perl540Packages.NetCoverArtArchive

Query the coverartarchive.org

pkgs.perlPackages.ArchiveLibarchivePeek

Peek into archives without extracting them

pkgs.perlPackages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

pkgs.home-assistant-component-tests.hive

Open source home automation that puts local control and privacy first

pkgs.python312Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

pkgs.python313Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

pkgs.python312Packages.pyhive-integration

Python library to interface with the Hive API

pkgs.python313Packages.pyhive-integration

Python library to interface with the Hive API

pkgs.perl538Packages.ArchiveLibarchivePeek

Peek into archives without extracting them

pkgs.perl538Packages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

pkgs.perl540Packages.ArchiveLibarchivePeek

Peek into archives without extracting them

pkgs.perl540Packages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

pkgs.perlPackages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

pkgs.perl538Packages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

pkgs.perl540Packages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.haskellPackages.amazonka-kinesis-video-archived-media

Amazon Kinesis Video Streams Archived Media SDK

pkgs.python312Packages.types-aiobotocore-kinesis-video-archived-media

Type annotations for aiobotocore kinesis-video-archived-media

pkgs.python313Packages.types-aiobotocore-kinesis-video-archived-media

Type annotations for aiobotocore kinesis-video-archived-media
Package maintainers: 49
CVE-2025-4969
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
CISA ADP Vulnrichment

None

libsoup
=<3.6.5
libsoup3

pkgs.libsoup_3

HTTP client/server library for GNOME

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 6
CVE-2024-7409 created 4 weeks, 1 day ago
Qemu: denial of service via improper synchronization in qemu nbd server during socket closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

qemu
==8.2.0
==7.2.0
==9.0.0
rhcos
*
qemu-kvm
*
virt:rhel
*
qemu-kvm-ma
virt-devel:rhel
*
virt:av/qemu-kvm
virt:8.2/qemu-kvm
virt:rhel/qemu-kvm
virt-devel:av/qemu-kvm
virt-devel:8.2/qemu-kvm
virt-devel:rhel/qemu-kvm

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers
Package maintainers: 11
CVE-2025-2559
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.

keycloak
<26.0.11
<26.1.5
keycloak-services
rhbk/keycloak-rhel9
*
keycloak-rhel9-container
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
keycloak-rhel9-operator-container
*
keycloak-rhel9-operator-bundle-container
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2025-30193
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
Denial of service via crafted TCP exchange

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention.

dnsdist
==1.9.10

pkgs.dnsdist

DNS Loadbalancer
Package maintainers: 1
CVE-2025-31027
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.

tiger
=<2.0

pkgs.libtiger

Rendering library for Kate streams using Pango and Cairo

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

pkgs.tigerbeetle

Financial accounting database designed to be distributed and fast

pkgs.tigerjython

Simple development environment for programming in Python

pkgs.tree-sitter-grammars.tree-sitter-tiger

pkgs.chickenPackages_5.chickenEggs.tiger-hash

Tiger/192 Message Digest

pkgs.vimPlugins.nvim-treesitter-parsers.tiger

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-tiger

Python bindings for tree-sitter-tiger

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-tiger

Python bindings for tree-sitter-tiger
Package maintainers: 8
CVE-2025-23988
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 weeks, 1 day ago
WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.

ghostwriter
=<1.4

pkgs.kdePackages.ghostwriter

Text editor for Markdown
Package maintainers: 7