Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-3637 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 days, 1 hour ago Moodle: csrf token exposure via url in moodle mod_data module A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-3634 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: moodle allows course self-enrolment before completing mfa A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes. moodle <4.3.12 <4.4.8 <4.5.4 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-3635 3.5 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: csrf risk in moodle user tours manager allows tour duplication A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-3644 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: ajax section delete does not respect course_can_delete_section() A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-3628 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 days, 1 hour ago Moodle: moodle assignment submission search leaks anonymous student identities A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. moodle <4.5.4 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-3640 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 days, 1 hour ago Moodle: idor in web service allows users enrolled in a course to access some details of other users A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-3643 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: reflected xss risk in policy tool A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-3642 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 3 days, 1 hour ago Moodle: authenticated remote code execution risk in the moodle lms equella repository A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-46420 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 days, 1 hour ago Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. libsoup pkgs.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 nixpkgs-24.05-darwin 2.74.3 nixos-24.05-small 2.74.3 nixos-24.11 2.74.3 nixpkgs-24.11-darwin 2.74.3 nixos-24.11-small 2.74.3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-24.05 3.4.4 nixpkgs-24.05-darwin 3.4.4 nixos-24.05-small 3.4.4 nixos-24.11 3.6.0 nixpkgs-24.11-darwin 3.6.0 nixos-24.11-small 3.6.0 nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.gnome.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 pkgs.gnome2.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 nixpkgs-24.05-darwin 2.74.3 nixos-24.05-small 2.74.3 nixos-24.11 2.74.3 nixpkgs-24.11-darwin 2.74.3 nixos-24.11-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-24.05 2.4 nixpkgs-24.05-darwin 2.4 nixos-24.05-small 2.4 nixos-24.11 2.4 nixpkgs-24.11-darwin 2.4 nixos-24.11-small 2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Notify package maintainers: 6 @lovek323 Jason O'Conal <jason@oconal.id.au> @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> CVE-2025-46483 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 days, 1 hour ago WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2. google-1 =<0.1.2 pkgs.python311Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-24.05 1.3.0 nixpkgs-24.05-darwin 1.3.0 nixos-24.05-small 1.3.0 nixos-24.11 1.4.1 nixpkgs-24.11-darwin 1.4.1 nixos-24.11-small 1.4.1 nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1 pkgs.python312Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-24.05 1.3.0 nixpkgs-24.05-darwin 1.3.0 nixos-24.05-small 1.3.0 nixos-24.11 1.4.1 nixpkgs-24.11-darwin 1.4.1 nixos-24.11-small 1.4.1 nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1 Notify package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @drewrisinger Drew Risinger <drisinger+nixpkgs@gmail.com>
CVE-2025-3637 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 days, 1 hour ago Moodle: csrf token exposure via url in moodle mod_data module A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-3634 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: moodle allows course self-enrolment before completing mfa A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes. moodle <4.3.12 <4.4.8 <4.5.4 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-3635 3.5 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: csrf risk in moodle user tours manager allows tour duplication A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-3644 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: ajax section delete does not respect course_can_delete_section() A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-3628 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 days, 1 hour ago Moodle: moodle assignment submission search leaks anonymous student identities A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. moodle <4.5.4 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-3640 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 days, 1 hour ago Moodle: idor in web service allows users enrolled in a course to access some details of other users A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-3643 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 3 days, 1 hour ago Moodle: reflected xss risk in policy tool A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-3642 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 3 days, 1 hour ago Moodle: authenticated remote code execution risk in the moodle lms equella repository A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. moodle <4.3.12 <4.4.8 <4.5.4 <4.1.18 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0 Notify package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-24.05 4.4 nixpkgs-24.05-darwin 4.4 nixos-24.05-small 4.4 nixos-24.11 4.4.3 nixpkgs-24.11-darwin 4.4.3 nixos-24.11-small 4.4.3 nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl A Moodle downloader that downloads course content fast from Moodle nixos-24.05 2.2.2.4 nixpkgs-24.05-darwin 2.2.2.4 nixos-24.05-small 2.2.2.4 nixos-24.11 2.3.12 nixpkgs-24.11-darwin 2.3.12 nixos-24.11-small 2.3.12 nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
pkgs.texlivePackages.moodle Generating Moodle quizzes via LaTeX nixos-24.05 1.0 nixpkgs-24.05-darwin 1.0 nixos-24.05-small 1.0
CVE-2025-46420 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 days, 1 hour ago Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. libsoup pkgs.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 nixpkgs-24.05-darwin 2.74.3 nixos-24.05-small 2.74.3 nixos-24.11 2.74.3 nixpkgs-24.11-darwin 2.74.3 nixos-24.11-small 2.74.3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-24.05 3.4.4 nixpkgs-24.05-darwin 3.4.4 nixos-24.05-small 3.4.4 nixos-24.11 3.6.0 nixpkgs-24.11-darwin 3.6.0 nixos-24.11-small 3.6.0 nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.gnome.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 pkgs.gnome2.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 nixpkgs-24.05-darwin 2.74.3 nixos-24.05-small 2.74.3 nixos-24.11 2.74.3 nixpkgs-24.11-darwin 2.74.3 nixos-24.11-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-24.05 2.4 nixpkgs-24.05-darwin 2.4 nixos-24.05-small 2.4 nixos-24.11 2.4 nixpkgs-24.11-darwin 2.4 nixos-24.11-small 2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Notify package maintainers: 6 @lovek323 Jason O'Conal <jason@oconal.id.au> @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
pkgs.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 nixpkgs-24.05-darwin 2.74.3 nixos-24.05-small 2.74.3 nixos-24.11 2.74.3 nixpkgs-24.11-darwin 2.74.3 nixos-24.11-small 2.74.3
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-24.05 3.4.4 nixpkgs-24.05-darwin 3.4.4 nixos-24.05-small 3.4.4 nixos-24.11 3.6.0 nixpkgs-24.11-darwin 3.6.0 nixos-24.11-small 3.6.0 nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.gnome2.libsoup HTTP client/server library for GNOME nixos-24.05 2.74.3 nixpkgs-24.05-darwin 2.74.3 nixos-24.05-small 2.74.3 nixos-24.11 2.74.3 nixpkgs-24.11-darwin 2.74.3 nixos-24.11-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-24.05 2.4 nixpkgs-24.05-darwin 2.4 nixos-24.05-small 2.4 nixos-24.11 2.4 nixpkgs-24.11-darwin 2.4 nixos-24.11-small 2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-46483 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 days, 1 hour ago WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2. google-1 =<0.1.2 pkgs.python311Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-24.05 1.3.0 nixpkgs-24.05-darwin 1.3.0 nixos-24.05-small 1.3.0 nixos-24.11 1.4.1 nixpkgs-24.11-darwin 1.4.1 nixos-24.11-small 1.4.1 nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1 pkgs.python312Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-24.05 1.3.0 nixpkgs-24.05-darwin 1.3.0 nixos-24.05-small 1.3.0 nixos-24.11 1.4.1 nixpkgs-24.11-darwin 1.4.1 nixos-24.11-small 1.4.1 nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1 Notify package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @drewrisinger Drew Risinger <drisinger+nixpkgs@gmail.com>
pkgs.python311Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-24.05 1.3.0 nixpkgs-24.05-darwin 1.3.0 nixos-24.05-small 1.3.0 nixos-24.11 1.4.1 nixpkgs-24.11-darwin 1.4.1 nixos-24.11-small 1.4.1 nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1
pkgs.python312Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-24.05 1.3.0 nixpkgs-24.05-darwin 1.3.0 nixos-24.05-small 1.3.0 nixos-24.11 1.4.1 nixpkgs-24.11-darwin 1.4.1 nixos-24.11-small 1.4.1 nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1