⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-3910
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 weeks, 2 days ago
Org.keycloak.authentication: two factor authentication bypass

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

keycloak
<26.1.*
<25.*
<26.2.2
<26.0.11
rhbk/keycloak-rhel9
*
keycloak-rhel9-container
*
org.keycloak.authentication
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
keycloak-rhel9-operator-container
*
keycloak-rhel9-operator-bundle-container
*

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API
Package maintainers: 3
CVE-2023-5871
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 4 weeks, 2 days ago
Libnbd: malicious nbd server may crash libnbd

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

libnbd
*
virt:rhel/libnbd

pkgs.libnbd.x86_64-linux

Network Block Device client library in userspace

pkgs.libnbd.aarch64-linux

Network Block Device client library in userspace

pkgs.python311Packages.libnbd

Network Block Device client library in userspace

pkgs.python312Packages.libnbd.x86_64-linux

Network Block Device client library in userspace

pkgs.python312Packages.libnbd.aarch64-linux

Network Block Device client library in userspace
Package maintainers: 1
CVE-2025-8197
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month ago
Libsoup: global-buffer-overflow

A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access.

libsoup
libsoup3

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
  • nixos-25.05 ???
    • nixpkgs-25.05-darwin
    • nixos-25.05-small
  • nixos-unstable ???
    • nixos-unstable-small 2.4
    • nixpkgs-unstable
Package maintainers: 6
CVE-2025-8114
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month ago
: null pointer dereference in libssh kex session id calculation

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

rhcos
libssh
libssh2

pkgs.libssh.x86_64-linux

SSH client library

pkgs.libssh.aarch64-linux

SSH client library

pkgs.libssh.x86_64-darwin

SSH client library

pkgs.libssh2.x86_64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh.aarch64-darwin

SSH client library

pkgs.libssh2.aarch64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.x86_64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.aarch64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.haskellPackages.libssh2

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.python311Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.haskellPackages.libssh.x86_64-linux

libssh bindings

pkgs.haskellPackages.libssh.aarch64-linux

libssh bindings

pkgs.haskellPackages.libssh.x86_64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.x86_64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh.aarch64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.aarch64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.x86_64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.aarch64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit.x86_64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.x86_64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
Package maintainers: 3
CVE-2025-4878
3.6 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month ago
Libssh: use of uninitialized variable in privatekey_from_file()

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

rhcos
libssh
<0.11.2
libssh2

pkgs.libssh.x86_64-linux

SSH client library

pkgs.libssh.aarch64-linux

SSH client library

pkgs.libssh.x86_64-darwin

SSH client library

pkgs.libssh2.x86_64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh.aarch64-darwin

SSH client library

pkgs.libssh2.aarch64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.x86_64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.aarch64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.haskellPackages.libssh2

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.python311Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.haskellPackages.libssh.x86_64-linux

libssh bindings

pkgs.haskellPackages.libssh.aarch64-linux

libssh bindings

pkgs.haskellPackages.libssh.x86_64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.x86_64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh.aarch64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.aarch64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.x86_64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.aarch64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit.x86_64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.x86_64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
Package maintainers: 3
CVE-2025-7783 created 1 month, 1 week ago
Usage of unsafe random function in form-data for choosing boundary

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

form-data
==< 2.5.4
==4.0.0 - 4.0.3
==3.0.0 - 3.0.3

pkgs.python311Packages.streaming-form-data

Streaming parser for multipart/form-data

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Reads & decodes HTTP multipart/form-data requests.

pkgs.python312Packages.streaming-form-data.x86_64-linux

Streaming parser for multipart/form-data

pkgs.python312Packages.streaming-form-data.aarch64-linux

Streaming parser for multipart/form-data

pkgs.python312Packages.streaming-form-data.x86_64-darwin

Streaming parser for multipart/form-data

pkgs.python312Packages.streaming-form-data.aarch64-darwin

Streaming parser for multipart/form-data
Package maintainers: 1
CVE-2025-52803
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 1 week ago
WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3.

sala
=<1.1.3

pkgs.python311Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python312Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python313Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

pkgs.python312Packages.schema-salad.x86_64-linux

Semantic Annotations for Linked Avro Data

pkgs.python312Packages.schema-salad.aarch64-linux

Semantic Annotations for Linked Avro Data

pkgs.python312Packages.schema-salad.x86_64-darwin

Semantic Annotations for Linked Avro Data

pkgs.python312Packages.schema-salad.aarch64-darwin

Semantic Annotations for Linked Avro Data
Package maintainers: 2
CVE-2025-40923
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Plack-Middleware-Session
<0.35

pkgs.perl538Packages.PlackMiddlewareSession

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.x86_64-linux

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.aarch64-linux

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.x86_64-darwin

Middleware for session management

pkgs.perl540Packages.PlackMiddlewareSession.aarch64-darwin

Middleware for session management
CVE-2025-40918
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.

Authen-SASL
=<2.1800

pkgs.perl538Packages.AuthenSASLSASLprep

Stringprep Profile for User Names and Passwords (RFC 4013)

pkgs.perl540Packages.AuthenSASLSASLprep

Stringprep Profile for User Names and Passwords (RFC 4013)
Package maintainers: 1
CVE-2025-7424
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

rhcos
libxslt

pkgs.libxslt.x86_64-linux

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-linux

C library and tools to do XSL transformations

pkgs.libxslt.x86_64-darwin

C library and tools to do XSL transformations

pkgs.libxslt.aarch64-darwin

C library and tools to do XSL transformations

pkgs.python311Packages.libxslt

C library and tools to do XSL transformations

pkgs.python312Packages.libxslt.x86_64-linux

C library and tools to do XSL transformations

pkgs.python312Packages.libxslt.aarch64-linux

C library and tools to do XSL transformations

pkgs.python312Packages.libxslt.x86_64-darwin

C library and tools to do XSL transformations

pkgs.python312Packages.libxslt.aarch64-darwin

C library and tools to do XSL transformations
Package maintainers: 1