⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-46398
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 4 months, 1 week ago
fig2dev stack-overflow via read_objects

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.

xfig
=<3.2.9a
fig2dev
==3.2.9a
transfig

pkgs.fig2dev

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2024-21885
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months, 1 week ago
Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

tigervnc
*
xwayland
*
<23.2.4
xorg-server
==1.21.1.7
<21.1.11
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-27288
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 months, 2 weeks ago
WordPress File Icons Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BjornW File Icons allows Reflected XSS. This issue affects File Icons: from n/a through 2.1.

file-icons
=<2.1

pkgs.vscode-extensions.file-icons.file-icons

File-specific icons in VSCode for improved visual grepping

pkgs.vscode-extensions.file-icons.file-icons.x86_64-linux

File-specific icons in VSCode for improved visual grepping

pkgs.vscode-extensions.file-icons.file-icons.aarch64-linux

File-specific icons in VSCode for improved visual grepping

pkgs.vscode-extensions.file-icons.file-icons.x86_64-darwin

File-specific icons in VSCode for improved visual grepping

pkgs.vscode-extensions.file-icons.file-icons.aarch64-darwin

File-specific icons in VSCode for improved visual grepping
CVE-2025-39438
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 months, 2 weeks ago
WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.

theme-changer
=<1.3

pkgs.gnomeExtensions.dm-theme-changer

Automatically change theme styles when dark mode is enabled or disabled.
  • nixos-unstable 4
    • nixos-unstable-small 4
    • nixpkgs-unstable 4
Package maintainers: 1
CVE-2024-22051
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months, 2 weeks ago
CommonMarker Integer Overflow Vulnerability

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

commonmarker
<0.23.4

pkgs.rubyPackages_3_1.commonmarker.x86_64-linux

pkgs.rubyPackages_3_2.commonmarker.x86_64-linux

pkgs.rubyPackages_3_3.commonmarker.x86_64-linux

pkgs.rubyPackages_3_4.commonmarker.x86_64-linux

pkgs.rubyPackages_3_1.commonmarker.aarch64-linux

pkgs.rubyPackages_3_1.commonmarker.x86_64-darwin

pkgs.rubyPackages_3_2.commonmarker.aarch64-linux

pkgs.rubyPackages_3_2.commonmarker.x86_64-darwin

pkgs.rubyPackages_3_3.commonmarker.aarch64-linux

pkgs.rubyPackages_3_3.commonmarker.x86_64-darwin

pkgs.rubyPackages_3_4.commonmarker.aarch64-linux

pkgs.rubyPackages_3_4.commonmarker.x86_64-darwin

pkgs.rubyPackages_3_1.commonmarker.aarch64-darwin

pkgs.rubyPackages_3_2.commonmarker.aarch64-darwin

pkgs.rubyPackages_3_3.commonmarker.aarch64-darwin

pkgs.rubyPackages_3_4.commonmarker.aarch64-darwin

CVE-2025-39434
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 months, 2 weeks ago
WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Avatar: from n/a through 0.1.4.

avatar
=<0.1.4

pkgs.yunfaavatar

Utility for automatic centralized changing of avatar in Github, Discord, Steam, Shikimori, and many more

pkgs.kdePackages.libgravatar

Library that provides Gravatar support

pkgs.gnomeExtensions.gravatar

Synchronize GNOME Shell user icon with Gravatar.
  • nixos-unstable 6
    • nixos-unstable-small 6
    • nixpkgs-unstable 6

pkgs.haskellPackages.gravatar

Generate Gravatar image URLs

pkgs.haskellPackages.libravatar

Use Libravatar, the decentralized avatar delivery service

pkgs.rubyPackages.jekyll-avatar

pkgs.python311Packages.libgravatar

Library that provides a Python 3 interface for the Gravatar API

pkgs.python312Packages.libgravatar

Library that provides a Python 3 interface for the Gravatar API

pkgs.rubyPackages_3_1.jekyll-avatar

pkgs.rubyPackages_3_2.jekyll-avatar

pkgs.rubyPackages_3_3.jekyll-avatar

pkgs.rubyPackages_3_4.jekyll-avatar

pkgs.python311Packages.flask-gravatar

Small and simple integration of gravatar into flask

pkgs.python312Packages.flask-gravatar

Small and simple integration of gravatar into flask

pkgs.libsForQt5.libgravatar.x86_64-linux

pkgs.libsForQt5.libgravatar.aarch64-linux

pkgs.haskellPackages.gravatar.x86_64-linux

Generate Gravatar image URLs

pkgs.haskellPackages.gravatar.aarch64-linux

Generate Gravatar image URLs

pkgs.haskellPackages.gravatar.x86_64-darwin

Generate Gravatar image URLs

pkgs.haskellPackages.gravatar.aarch64-darwin

Generate Gravatar image URLs

pkgs.haskellPackages.libravatar.x86_64-linux

Use Libravatar, the decentralized avatar delivery service

pkgs.haskellPackages.libravatar.aarch64-linux

Use Libravatar, the decentralized avatar delivery service

pkgs.haskellPackages.libravatar.x86_64-darwin

Use Libravatar, the decentralized avatar delivery service

pkgs.plasma5Packages.libgravatar.x86_64-linux

pkgs.haskellPackages.libravatar.aarch64-darwin

Use Libravatar, the decentralized avatar delivery service

pkgs.perl538Packages.MojoliciousPluginGravatar

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginGravatar

Globally Recognized Avatars for Mojolicious

pkgs.plasma5Packages.libgravatar.aarch64-linux

pkgs.python312Packages.libgravatar.x86_64-linux

Library that provides a Python 3 interface for the Gravatar API

pkgs.python312Packages.libgravatar.aarch64-linux

Library that provides a Python 3 interface for the Gravatar API

pkgs.python312Packages.libgravatar.x86_64-darwin

Library that provides a Python 3 interface for the Gravatar API

pkgs.rubyPackages_3_1.jekyll-avatar.x86_64-linux

pkgs.rubyPackages_3_2.jekyll-avatar.x86_64-linux

pkgs.rubyPackages_3_3.jekyll-avatar.x86_64-linux

pkgs.rubyPackages_3_4.jekyll-avatar.x86_64-linux

pkgs.python312Packages.libgravatar.aarch64-darwin

Library that provides a Python 3 interface for the Gravatar API

pkgs.rubyPackages_3_1.jekyll-avatar.aarch64-linux

pkgs.rubyPackages_3_1.jekyll-avatar.x86_64-darwin

pkgs.rubyPackages_3_2.jekyll-avatar.aarch64-linux

pkgs.rubyPackages_3_2.jekyll-avatar.x86_64-darwin

pkgs.rubyPackages_3_3.jekyll-avatar.aarch64-linux

pkgs.rubyPackages_3_3.jekyll-avatar.x86_64-darwin

pkgs.rubyPackages_3_4.jekyll-avatar.aarch64-linux

pkgs.rubyPackages_3_4.jekyll-avatar.x86_64-darwin

pkgs.gnomeExtensions.user-avatar-in-quick-settings

Display the user avatar in the Quick Settings menu, part of the "System" settings
  • nixos-unstable 8
    • nixos-unstable-small 8
    • nixpkgs-unstable 8

pkgs.python312Packages.flask-gravatar.x86_64-linux

Small and simple integration of gravatar into flask

pkgs.rubyPackages_3_1.jekyll-avatar.aarch64-darwin

pkgs.rubyPackages_3_2.jekyll-avatar.aarch64-darwin

pkgs.rubyPackages_3_3.jekyll-avatar.aarch64-darwin

pkgs.rubyPackages_3_4.jekyll-avatar.aarch64-darwin

pkgs.python312Packages.flask-gravatar.aarch64-linux

Small and simple integration of gravatar into flask

pkgs.python312Packages.flask-gravatar.x86_64-darwin

Small and simple integration of gravatar into flask

pkgs.python312Packages.flask-gravatar.aarch64-darwin

Small and simple integration of gravatar into flask

pkgs.perl540Packages.MojoliciousPluginGravatar.x86_64-linux

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginGravatar.aarch64-linux

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginGravatar.x86_64-darwin

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginGravatar.aarch64-darwin

Globally Recognized Avatars for Mojolicious
Package maintainers: 13
CVE-2025-39436
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months, 2 weeks ago
WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.

idraw
=<1.0

pkgs.kanjidraw

Handwritten kanji recognition

pkgs.jitsi-excalidraw

Excalidraw collaboration backend for Jitsi
  • nixos-unstable 21
    • nixos-unstable-small 21
    • nixpkgs-unstable 21

pkgs.excalidraw_export

CLI to export Excalidraw drawings to SVG and PDF

pkgs.tests.pkg-config.defaultPkgConfigPackages.hidapi-hidraw

Test whether hidapi-0.14.0 exposes pkg-config modules hidapi-hidraw
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Package maintainers: 4
CVE-2025-27324
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 months, 2 weeks ago
WordPress 17TRACK for WooCommerce Plugin <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 17track 17TRACK for WooCommerce allows Reflected XSS. This issue affects 17TRACK for WooCommerce: from n/a through 1.2.10.

17track
=<1.2.10
CVE-2025-39580
5.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 4 months, 2 weeks ago
WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability

Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.

dashi
=<3.1.8

pkgs.dashing

Dash Generator Script for Any HTML

pkgs.python311Packages.dashing

Terminal dashboards for Python

pkgs.python312Packages.dashing

Terminal dashboards for Python
Package maintainers: 1
CVE-2025-24655
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 months, 2 weeks ago
WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 1.0.39.

wishlist
=<1.0.39

pkgs.wishlist

Single entrypoint for multiple SSH endpoints
Package maintainers: 2