Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-64277 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 6 days, 16 hours ago WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9. chatbot =<<= 7.3.9 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-10230 10.0 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 days, 17 hours ago Samba: command injection in wins server hook script A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. rhcos samba <4.23.2 <4.21.5 <4.21.9 samba4 pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable ??? nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.sambamba SAM/BAM processing tool nixos-25.05 1.0.1 nixpkgs-25.05-darwin 1.0.1 nixos-25.05-small 1.0.1 nixos-unstable 1.0.1 nixos-unstable-small 1.0.1 nixpkgs-unstable 1.0.1 pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 Package maintainers: 2 @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @jbedo Justin Bedő <cu@cua0.org> CVE-2025-11060 5.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 6 days, 17 hours ago Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records. surrealdb <2.1.9 <3.3.0-alpha.7 <2.2.8 <2.3.8 openshift-service-mesh/istio-cni-rhel9 openshift-service-mesh/istio-pilot-rhel9 openshift-service-mesh/istio-proxyv2-rhel9 openshift-service-mesh/istio-rhel9-operator openshift-service-mesh/istio-must-gather-rhel9 openshift-service-mesh/istio-sail-operator-bundle openshift-service-mesh-tech-preview/istio-ztunnel-rhel9 openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9 pkgs.surrealdb Scalable, distributed, collaborative, document-graph database, for the realtime web nixos-25.05 2.3.2 nixpkgs-25.05-darwin 2.3.2 nixos-25.05-small 2.3.2 nixos-unstable 2.3.8 nixos-unstable-small 2.3.8 nixpkgs-unstable 2.3.8 pkgs.surrealdb-migrations Awesome SurrealDB migration tool, with a user-friendly CLI and a versatile Rust library that enables seamless integration into any project nixos-25.05 2.2.2 nixpkgs-25.05-darwin 2.2.2 nixos-25.05-small 2.2.2 nixos-unstable 2.3.0 nixos-unstable-small 2.3.0 nixpkgs-unstable 2.3.0 Package maintainers: 3 @sikmir Nikolay Korotkiy <sikmir@disroot.org> @happysalada Raphael Megzari <raphael@megzari.com> @siriobalmelli Sirio Balmelli <sirio@b-ad.ch> CVE-2025-54721 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 days, 17 hours ago WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2. resca =<<= 3.0.2 pkgs.jpegrescan Losslessly shrink any JPEG file nixos-25.05 2019-03-27 nixpkgs-25.05-darwin 2019-03-27 nixos-25.05-small 2019-03-27 nixos-unstable 2019-03-27 nixos-unstable-small 2019-03-27 nixpkgs-unstable 2019-03-27 Package maintainers: 1 @RamKromberg Ram Kromberg <ramkromberg@mail.com> CVE-2025-62035 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-62036 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-62037 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-62033 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-58964 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 days, 17 hours ago WordPress Enzy theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through < 1.6.4. enzy =<< 1.6.4 pkgs.enzyme High-performance automatic differentiation of LLVM and MLIR nixos-25.05 0.0.176 nixpkgs-25.05-darwin 0.0.176 nixos-25.05-small 0.0.176 nixos-unstable 0.0.196 nixos-unstable-small 0.0.196 nixpkgs-unstable 0.0.196 pkgs.python312Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2 pkgs.python313Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2 Package maintainers: 1 @kiranshila Kiran Shila <me@kiranshila.com> CVE-2025-62034 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
CVE-2025-64277 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 6 days, 16 hours ago WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9. chatbot =<<= 7.3.9 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22
CVE-2025-10230 10.0 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 days, 17 hours ago Samba: command injection in wins server hook script A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. rhcos samba <4.23.2 <4.21.5 <4.21.9 samba4 pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable ??? nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.sambamba SAM/BAM processing tool nixos-25.05 1.0.1 nixpkgs-25.05-darwin 1.0.1 nixos-25.05-small 1.0.1 nixos-unstable 1.0.1 nixos-unstable-small 1.0.1 nixpkgs-unstable 1.0.1 pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 Package maintainers: 2 @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @jbedo Justin Bedő <cu@cua0.org>
pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable ??? nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
pkgs.sambamba SAM/BAM processing tool nixos-25.05 1.0.1 nixpkgs-25.05-darwin 1.0.1 nixos-25.05-small 1.0.1 nixos-unstable 1.0.1 nixos-unstable-small 1.0.1 nixpkgs-unstable 1.0.1
pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
CVE-2025-11060 5.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 6 days, 17 hours ago Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records. surrealdb <2.1.9 <3.3.0-alpha.7 <2.2.8 <2.3.8 openshift-service-mesh/istio-cni-rhel9 openshift-service-mesh/istio-pilot-rhel9 openshift-service-mesh/istio-proxyv2-rhel9 openshift-service-mesh/istio-rhel9-operator openshift-service-mesh/istio-must-gather-rhel9 openshift-service-mesh/istio-sail-operator-bundle openshift-service-mesh-tech-preview/istio-ztunnel-rhel9 openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9 pkgs.surrealdb Scalable, distributed, collaborative, document-graph database, for the realtime web nixos-25.05 2.3.2 nixpkgs-25.05-darwin 2.3.2 nixos-25.05-small 2.3.2 nixos-unstable 2.3.8 nixos-unstable-small 2.3.8 nixpkgs-unstable 2.3.8 pkgs.surrealdb-migrations Awesome SurrealDB migration tool, with a user-friendly CLI and a versatile Rust library that enables seamless integration into any project nixos-25.05 2.2.2 nixpkgs-25.05-darwin 2.2.2 nixos-25.05-small 2.2.2 nixos-unstable 2.3.0 nixos-unstable-small 2.3.0 nixpkgs-unstable 2.3.0 Package maintainers: 3 @sikmir Nikolay Korotkiy <sikmir@disroot.org> @happysalada Raphael Megzari <raphael@megzari.com> @siriobalmelli Sirio Balmelli <sirio@b-ad.ch>
pkgs.surrealdb Scalable, distributed, collaborative, document-graph database, for the realtime web nixos-25.05 2.3.2 nixpkgs-25.05-darwin 2.3.2 nixos-25.05-small 2.3.2 nixos-unstable 2.3.8 nixos-unstable-small 2.3.8 nixpkgs-unstable 2.3.8
pkgs.surrealdb-migrations Awesome SurrealDB migration tool, with a user-friendly CLI and a versatile Rust library that enables seamless integration into any project nixos-25.05 2.2.2 nixpkgs-25.05-darwin 2.2.2 nixos-25.05-small 2.2.2 nixos-unstable 2.3.0 nixos-unstable-small 2.3.0 nixpkgs-unstable 2.3.0
CVE-2025-54721 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 days, 17 hours ago WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2. resca =<<= 3.0.2 pkgs.jpegrescan Losslessly shrink any JPEG file nixos-25.05 2019-03-27 nixpkgs-25.05-darwin 2019-03-27 nixos-25.05-small 2019-03-27 nixos-unstable 2019-03-27 nixos-unstable-small 2019-03-27 nixpkgs-unstable 2019-03-27 Package maintainers: 1 @RamKromberg Ram Kromberg <ramkromberg@mail.com>
pkgs.jpegrescan Losslessly shrink any JPEG file nixos-25.05 2019-03-27 nixpkgs-25.05-darwin 2019-03-27 nixos-25.05-small 2019-03-27 nixos-unstable 2019-03-27 nixos-unstable-small 2019-03-27 nixpkgs-unstable 2019-03-27
CVE-2025-62035 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-62036 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-62037 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-62033 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-58964 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 days, 17 hours ago WordPress Enzy theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through < 1.6.4. enzy =<< 1.6.4 pkgs.enzyme High-performance automatic differentiation of LLVM and MLIR nixos-25.05 0.0.176 nixpkgs-25.05-darwin 0.0.176 nixos-25.05-small 0.0.176 nixos-unstable 0.0.196 nixos-unstable-small 0.0.196 nixpkgs-unstable 0.0.196 pkgs.python312Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2 pkgs.python313Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2 Package maintainers: 1 @kiranshila Kiran Shila <me@kiranshila.com>
pkgs.enzyme High-performance automatic differentiation of LLVM and MLIR nixos-25.05 0.0.176 nixpkgs-25.05-darwin 0.0.176 nixos-25.05-small 0.0.176 nixos-unstable 0.0.196 nixos-unstable-small 0.0.196 nixpkgs-unstable 0.0.196
pkgs.python312Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2
pkgs.python313Packages.enzyme Python video metadata parser nixos-25.05 0.5.2 nixpkgs-25.05-darwin 0.5.2 nixos-25.05-small 0.5.2 nixos-unstable 0.5.2 nixos-unstable-small 0.5.2 nixpkgs-unstable 0.5.2
CVE-2025-62034 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 days, 17 hours ago WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. togo =<< 1.0.4 pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3