⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-3360
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months ago
Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

bootc
glib2
librsvg2
mingw-glib2

pkgs.bootc.x86_64-linux

Boot and upgrade via container images

pkgs.bootc.aarch64-linux

Boot and upgrade via container images

pkgs.rubyPackages.glib2.x86_64-linux

pkgs.rubyPackages.glib2.aarch64-linux

pkgs.rubyPackages.glib2.x86_64-darwin

pkgs.rubyPackages.glib2.aarch64-darwin

Package maintainers: 2
CVE-2025-30195
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
A crafted zone can lead to an illegal memory access in the PowerDNS Recursor

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention.

pdns-recursor
==5.2.0
Package maintainers: 1
CVE-2025-2784
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 months ago
Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

libsoup
*
<3.6.5
libsoup3
*

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-32050
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
Libsoup: integer overflow in append_param_quoted

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

libsoup
*
<3.6.1
libsoup3
mingw-freetype
*
spice-client-win
*

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-32049
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
Libsoup: denial of service attack to websocket server

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

libsoup
*
=<3.6.4
libsoup3
*

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-32052
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months ago
Libsoup: heap buffer overflow in sniff_unknown()

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

libsoup
*
<3.6.1
libsoup3
mingw-freetype
*
spice-client-win
*

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-32051
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months ago
Libsoup: segmentation fault when parsing malformed data uri

A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

libsoup
<3.6.1
libsoup3

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-32053
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months ago
Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()

A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

libsoup
*
<3.6.1
libsoup3
mingw-freetype
*
spice-client-win
*

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-31746
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months ago
WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4.

clients
=<1.1.4

pkgs.haskellPackages.wai-session-clientsession

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.x86_64-linux

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.aarch64-linux

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.x86_64-darwin

Session store based on clientsession

pkgs.haskellPackages.wai-session-clientsession.aarch64-darwin

Session store based on clientsession
Package maintainers: 1
CVE-2024-2236
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months ago
Libgcrypt: vulnerable to marvin attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

libgcrypt
*
<9.4.0
mingw-libgcrypt

pkgs.libgcrypt.x86_64-linux

General-purpose cryptographic library

pkgs.libgcrypt.aarch64-linux

General-purpose cryptographic library

pkgs.libgcrypt.x86_64-darwin

General-purpose cryptographic library

pkgs.libgcrypt.aarch64-darwin

General-purpose cryptographic library

pkgs.libgcrypt_1_8.x86_64-linux

General-purpose cryptographic library

pkgs.libgcrypt_1_8.aarch64-linux

General-purpose cryptographic library

pkgs.libgcrypt_1_8.x86_64-darwin

General-purpose cryptographic library

pkgs.libgcrypt_1_8.aarch64-darwin

General-purpose cryptographic library
Package maintainers: 1