Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-32230 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 4 months, 3 weeks ago WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0. tutor =<3.4.0 pkgs.emacsPackages.evil-tutor nixos-unstable 20150103.653 nixos-unstable-small 20150103.653 nixpkgs-unstable 20150103.653 pkgs.emacsPackages.evil-tutor-ja nixos-unstable 20160917.132 nixos-unstable-small 20160917.132 nixpkgs-unstable 20160917.132 pkgs.emacsPackages.evil-tutor-sc nixos-unstable 20240326.1239 nixos-unstable-small 20240326.1239 nixpkgs-unstable 20240326.1239 pkgs.haskellPackages.timeless-tutorials Initial project template from stack nixos-unstable 1.0.0.0 nixos-unstable-small 1.0.0.0 nixpkgs-unstable 1.0.0.0 CVE-2025-23386 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 3 weeks ago gerbera: Privilege escalation from user gerbera to root because of insecure %post script A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. gerbera <2.5.0-1.1 pkgs.gerbera UPnP Media Server for 2020 nixos-unstable 1.12.1 nixos-unstable-small 1.12.1 nixpkgs-unstable 1.12.1 Package maintainers: 1 @ardumont Antoine R. Dumont <eniotna.t@gmail.com> CVE-2025-31002 9.1 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 3 weeks ago WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6. squeeze =<1.6 pkgs.squeezelite Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.squeezelite-pulse Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.postgresqlPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.python311Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.python312Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.postgresql13Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresqlJitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql13JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.home-assistant-component-tests.squeezebox Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.pysqueezebox.x86_64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.x86_64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 Package maintainers: 5 @adamcstephens Adam C. Stephens <happy.plan4249@valkor.net> @nyanloutre Paul Trehiou <paul@nyanlout.re> @Mic92 Jörg Thalheim <joerg@thalheim.io> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> CVE-2025-31003 2.7 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 4 months, 3 weeks ago WordPress Squeeze plugin <= 1.6 - Full Path Disclosure (FPD) vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6. squeeze =<1.6 pkgs.squeezelite Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.squeezelite-pulse Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.postgresqlPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.python311Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.python312Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.postgresql13Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresqlJitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql13JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.home-assistant-component-tests.squeezebox Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.pysqueezebox.x86_64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.x86_64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 Package maintainers: 5 @adamcstephens Adam C. Stephens <happy.plan4249@valkor.net> @nyanloutre Paul Trehiou <paul@nyanlout.re> @Mic92 Jörg Thalheim <joerg@thalheim.io> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> CVE-2023-4320 7.6 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): HIGH Availability impact (A): LOW created 4 months, 3 weeks ago Satellite: arithmetic overflow in satellite An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. foreman * Security pkgs.foreman Process manager for applications with multiple components nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2 pkgs.emacsPackages.foreman-mode nixos-unstable 20170725.1422 nixos-unstable-small 20170725.1422 nixpkgs-unstable 20170725.1422 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com> CVE-2025-32584 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 months, 3 weeks ago WordPress Chat2 plugin <= 3.6.3 - CSRF to Stored XSS vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 allows Cross Site Request Forgery. This issue affects Chat2: from n/a through 3.6.3. chat2 =<3.6.3 pkgs.python311Packages.deltachat2 Client library for Delta Chat core JSON-RPC interface nixos-unstable deltachat2-0.6.2 nixos-unstable-small deltachat2-0.6.2 nixpkgs-unstable deltachat2-0.6.2 pkgs.python312Packages.deltachat2 Client library for Delta Chat core JSON-RPC interface nixos-unstable deltachat2-0.6.2 nixos-unstable-small deltachat2-0.6.2 nixpkgs-unstable deltachat2-0.6.2 Package maintainers: 1 @dotlambda Robert Schütz <rschuetz17@gmail.com> CVE-2023-4886 6.7 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 3 weeks ago Foreman: world readable file containing secrets A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. foreman * foreman-installer * pkgs.foreman Process manager for applications with multiple components nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2 pkgs.emacsPackages.foreman-mode nixos-unstable 20170725.1422 nixos-unstable-small 20170725.1422 nixpkgs-unstable 20170725.1422 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com> CVE-2024-2496 5.0 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 months, 3 weeks ago Libvirt: null pointer dereference in udevconnectlistallinterfaces() A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. libvirt * <9.7.0 virt:av/libvirt virt:rhel/libvirt pkgs.libvirt Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.libvirt-glib Library for working with virtual machines nixos-unstable 5.0.0 nixos-unstable-small 5.0.0 nixpkgs-unstable 5.0.0 pkgs.libvirt.x86_64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.x86_64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt-glib.x86_64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.python311Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.python312Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.rubyPackages.ruby-libvirt nixos-unstable ??? nixos-unstable-small 0.8.2 pkgs.libvirt-glib.aarch64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.x86_64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.aarch64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.prometheus-libvirt-exporter Prometheus metrics exporter for libvirt nixos-unstable 2.3.3 nixos-unstable-small 2.3.3 nixpkgs-unstable 2.3.3 pkgs.terraform-providers.libvirt nixos-unstable 0.8.1 nixos-unstable-small 0.8.1 nixpkgs-unstable 0.8.1 pkgs.rubyPackages_3_1.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.python312Packages.libvirt.x86_64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.x86_64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 Package maintainers: 4 @farcaller Vladimir Pouzanov <farcaller@gmail.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @lovesegfault Bernardo Meurer <meurerbernardo@gmail.com> @globin Robin Gloster <mail@glob.in> CVE-2025-31375 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 months, 3 weeks ago WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0. scheduled =<1.0 pkgs.azure-cli-extensions.scheduled-query Microsoft Azure Command-Line Tools Scheduled_query Extension nixos-unstable 1.0.0b1 nixos-unstable-small 1.0.0b1 nixpkgs-unstable 1.0.0b1 Package maintainers: 2 @katexochen Paul Meyer <katexochen0@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com> CVE-2023-23457 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 months, 4 weeks ago Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. upx * pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
CVE-2025-32230 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 4 months, 3 weeks ago WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0. tutor =<3.4.0 pkgs.emacsPackages.evil-tutor nixos-unstable 20150103.653 nixos-unstable-small 20150103.653 nixpkgs-unstable 20150103.653 pkgs.emacsPackages.evil-tutor-ja nixos-unstable 20160917.132 nixos-unstable-small 20160917.132 nixpkgs-unstable 20160917.132 pkgs.emacsPackages.evil-tutor-sc nixos-unstable 20240326.1239 nixos-unstable-small 20240326.1239 nixpkgs-unstable 20240326.1239 pkgs.haskellPackages.timeless-tutorials Initial project template from stack nixos-unstable 1.0.0.0 nixos-unstable-small 1.0.0.0 nixpkgs-unstable 1.0.0.0
pkgs.emacsPackages.evil-tutor nixos-unstable 20150103.653 nixos-unstable-small 20150103.653 nixpkgs-unstable 20150103.653
pkgs.emacsPackages.evil-tutor-ja nixos-unstable 20160917.132 nixos-unstable-small 20160917.132 nixpkgs-unstable 20160917.132
pkgs.emacsPackages.evil-tutor-sc nixos-unstable 20240326.1239 nixos-unstable-small 20240326.1239 nixpkgs-unstable 20240326.1239
pkgs.haskellPackages.timeless-tutorials Initial project template from stack nixos-unstable 1.0.0.0 nixos-unstable-small 1.0.0.0 nixpkgs-unstable 1.0.0.0
CVE-2025-23386 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 3 weeks ago gerbera: Privilege escalation from user gerbera to root because of insecure %post script A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. gerbera <2.5.0-1.1 pkgs.gerbera UPnP Media Server for 2020 nixos-unstable 1.12.1 nixos-unstable-small 1.12.1 nixpkgs-unstable 1.12.1 Package maintainers: 1 @ardumont Antoine R. Dumont <eniotna.t@gmail.com>
pkgs.gerbera UPnP Media Server for 2020 nixos-unstable 1.12.1 nixos-unstable-small 1.12.1 nixpkgs-unstable 1.12.1
CVE-2025-31002 9.1 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 3 weeks ago WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6. squeeze =<1.6 pkgs.squeezelite Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.squeezelite-pulse Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.postgresqlPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.python311Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.python312Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.postgresql13Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresqlJitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql13JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.home-assistant-component-tests.squeezebox Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.pysqueezebox.x86_64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.x86_64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 Package maintainers: 5 @adamcstephens Adam C. Stephens <happy.plan4249@valkor.net> @nyanloutre Paul Trehiou <paul@nyanlout.re> @Mic92 Jörg Thalheim <joerg@thalheim.io> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
pkgs.squeezelite Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504
pkgs.squeezelite-pulse Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504
pkgs.postgresqlPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.python311Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0
pkgs.python312Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0
pkgs.postgresql13Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql14Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql15Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql16Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql17Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresqlJitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql13JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql14JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql15JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql16JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql17JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.home-assistant-component-tests.squeezebox Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3
pkgs.python312Packages.pysqueezebox.x86_64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
pkgs.python312Packages.pysqueezebox.aarch64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
pkgs.python312Packages.pysqueezebox.x86_64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
pkgs.python312Packages.pysqueezebox.aarch64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
CVE-2025-31003 2.7 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 4 months, 3 weeks ago WordPress Squeeze plugin <= 1.6 - Full Path Disclosure (FPD) vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6. squeeze =<1.6 pkgs.squeezelite Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.squeezelite-pulse Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504 pkgs.postgresqlPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.python311Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.python312Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0 pkgs.postgresql13Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresqlJitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql13JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql14JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql15JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql16JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.postgresql17JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0 pkgs.home-assistant-component-tests.squeezebox Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.pysqueezebox.x86_64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.x86_64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 pkgs.python312Packages.pysqueezebox.aarch64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 Package maintainers: 5 @adamcstephens Adam C. Stephens <happy.plan4249@valkor.net> @nyanloutre Paul Trehiou <paul@nyanlout.re> @Mic92 Jörg Thalheim <joerg@thalheim.io> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
pkgs.squeezelite Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504
pkgs.squeezelite-pulse Lightweight headless squeezebox client emulator nixos-unstable 2.0.0.1504 nixos-unstable-small 2.0.0.1504 nixpkgs-unstable 2.0.0.1504
pkgs.postgresqlPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.python311Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0
pkgs.python312Packages.pysqueezebox Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0 nixos-unstable-small 10.0.0 nixpkgs-unstable 10.0.0
pkgs.postgresql13Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql14Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql15Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql16Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql17Packages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresqlJitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql13JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql14JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql15JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql16JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.postgresql17JitPackages.pg_squeeze PostgreSQL extension for automatic bloat cleanup nixos-unstable 1.7.0 nixos-unstable-small 1.7.0 nixpkgs-unstable 1.7.0
pkgs.home-assistant-component-tests.squeezebox Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3
pkgs.python312Packages.pysqueezebox.x86_64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
pkgs.python312Packages.pysqueezebox.aarch64-linux Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
pkgs.python312Packages.pysqueezebox.x86_64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
pkgs.python312Packages.pysqueezebox.aarch64-darwin Asynchronous library to control Logitech Media Server nixos-unstable 10.0.0
CVE-2023-4320 7.6 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): HIGH Availability impact (A): LOW created 4 months, 3 weeks ago Satellite: arithmetic overflow in satellite An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. foreman * Security pkgs.foreman Process manager for applications with multiple components nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2 pkgs.emacsPackages.foreman-mode nixos-unstable 20170725.1422 nixos-unstable-small 20170725.1422 nixpkgs-unstable 20170725.1422 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com>
pkgs.foreman Process manager for applications with multiple components nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2
pkgs.emacsPackages.foreman-mode nixos-unstable 20170725.1422 nixos-unstable-small 20170725.1422 nixpkgs-unstable 20170725.1422
CVE-2025-32584 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 months, 3 weeks ago WordPress Chat2 plugin <= 3.6.3 - CSRF to Stored XSS vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 allows Cross Site Request Forgery. This issue affects Chat2: from n/a through 3.6.3. chat2 =<3.6.3 pkgs.python311Packages.deltachat2 Client library for Delta Chat core JSON-RPC interface nixos-unstable deltachat2-0.6.2 nixos-unstable-small deltachat2-0.6.2 nixpkgs-unstable deltachat2-0.6.2 pkgs.python312Packages.deltachat2 Client library for Delta Chat core JSON-RPC interface nixos-unstable deltachat2-0.6.2 nixos-unstable-small deltachat2-0.6.2 nixpkgs-unstable deltachat2-0.6.2 Package maintainers: 1 @dotlambda Robert Schütz <rschuetz17@gmail.com>
pkgs.python311Packages.deltachat2 Client library for Delta Chat core JSON-RPC interface nixos-unstable deltachat2-0.6.2 nixos-unstable-small deltachat2-0.6.2 nixpkgs-unstable deltachat2-0.6.2
pkgs.python312Packages.deltachat2 Client library for Delta Chat core JSON-RPC interface nixos-unstable deltachat2-0.6.2 nixos-unstable-small deltachat2-0.6.2 nixpkgs-unstable deltachat2-0.6.2
CVE-2023-4886 6.7 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 3 weeks ago Foreman: world readable file containing secrets A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. foreman * foreman-installer * pkgs.foreman Process manager for applications with multiple components nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2 pkgs.emacsPackages.foreman-mode nixos-unstable 20170725.1422 nixos-unstable-small 20170725.1422 nixpkgs-unstable 20170725.1422 Package maintainers: 1 @zimbatm zimbatm <zimbatm@zimbatm.com>
pkgs.foreman Process manager for applications with multiple components nixos-unstable 0.87.2 nixos-unstable-small 0.87.2 nixpkgs-unstable 0.87.2
pkgs.emacsPackages.foreman-mode nixos-unstable 20170725.1422 nixos-unstable-small 20170725.1422 nixpkgs-unstable 20170725.1422
CVE-2024-2496 5.0 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 months, 3 weeks ago Libvirt: null pointer dereference in udevconnectlistallinterfaces() A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. libvirt * <9.7.0 virt:av/libvirt virt:rhel/libvirt pkgs.libvirt Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.libvirt-glib Library for working with virtual machines nixos-unstable 5.0.0 nixos-unstable-small 5.0.0 nixpkgs-unstable 5.0.0 pkgs.libvirt.x86_64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.x86_64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt-glib.x86_64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.python311Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.python312Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.rubyPackages.ruby-libvirt nixos-unstable ??? nixos-unstable-small 0.8.2 pkgs.libvirt-glib.aarch64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.x86_64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.aarch64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.prometheus-libvirt-exporter Prometheus metrics exporter for libvirt nixos-unstable 2.3.3 nixos-unstable-small 2.3.3 nixpkgs-unstable 2.3.3 pkgs.terraform-providers.libvirt nixos-unstable 0.8.1 nixos-unstable-small 0.8.1 nixpkgs-unstable 0.8.1 pkgs.rubyPackages_3_1.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.python312Packages.libvirt.x86_64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.x86_64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 Package maintainers: 4 @farcaller Vladimir Pouzanov <farcaller@gmail.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @lovesegfault Bernardo Meurer <meurerbernardo@gmail.com> @globin Robin Gloster <mail@glob.in>
pkgs.libvirt Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0
pkgs.libvirt-glib Library for working with virtual machines nixos-unstable 5.0.0 nixos-unstable-small 5.0.0 nixpkgs-unstable 5.0.0
pkgs.libvirt.x86_64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt.aarch64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt.x86_64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt.aarch64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt-glib.x86_64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.python311Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0
pkgs.python312Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0
pkgs.libvirt-glib.aarch64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.libvirt-glib.x86_64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.libvirt-glib.aarch64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.prometheus-libvirt-exporter Prometheus metrics exporter for libvirt nixos-unstable 2.3.3 nixos-unstable-small 2.3.3 nixpkgs-unstable 2.3.3
pkgs.terraform-providers.libvirt nixos-unstable 0.8.1 nixos-unstable-small 0.8.1 nixpkgs-unstable 0.8.1
pkgs.rubyPackages_3_1.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
pkgs.rubyPackages_3_2.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
pkgs.rubyPackages_3_3.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
pkgs.rubyPackages_3_4.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
CVE-2025-31375 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 months, 3 weeks ago WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0. scheduled =<1.0 pkgs.azure-cli-extensions.scheduled-query Microsoft Azure Command-Line Tools Scheduled_query Extension nixos-unstable 1.0.0b1 nixos-unstable-small 1.0.0b1 nixpkgs-unstable 1.0.0b1 Package maintainers: 2 @katexochen Paul Meyer <katexochen0@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
pkgs.azure-cli-extensions.scheduled-query Microsoft Azure Command-Line Tools Scheduled_query Extension nixos-unstable 1.0.0b1 nixos-unstable-small 1.0.0b1 nixpkgs-unstable 1.0.0b1
CVE-2023-23457 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 months, 4 weeks ago Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. upx * pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4