Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-31784
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more allows Cross Site Request Forgery. This issue affects Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more: from n/a through 1.4.0.

embed-extended
=<1.4.0

pkgs.wordpressPackages.plugins.embed-extended

CVE-2025-31787
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Cue by AudioTheme.com plugin <= 2.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4.

cue
=<2.4.4

pkgs.cue

Data constraint language which aims to simplify tasks involving defining and using data

pkgs.mkcue

Generates CUE sheets from a CD TOC

pkgs.cuelsp

Language Server implementation for CUE, with built-in support for Dagger

pkgs.cuetsy

Experimental CUE->TypeScript exporter

pkgs.libcue

CUE Sheet Parser Library

pkgs.cuetools

Set of utilities for working with cue files and toc files

pkgs.ddrescue

GNU ddrescue, a data recovery tool

pkgs.mrrescue

Arcade-style fire fighting game

pkgs.myrescue

Hard disk recovery tool that reads undamaged regions first

pkgs.dd_rescue

Tool to copy data from a damaged block device

pkgs.rescuetime

Helps you understand your daily habits so you can focus and be more productive

pkgs.ddrescueview

Tool to graphically examine ddrescue mapfiles

pkgs.tests.cue-validation

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.haskellPackages.cue-sheet

Support for construction, rendering, and parsing of CUE sheets

pkgs.python312Packages.aiooncue

Module to interact with the Kohler Oncue API

pkgs.python313Packages.aiooncue

Module to interact with the Kohler Oncue API

pkgs.vscode-extensions.asdine.cue

Cue language support for Visual Studio Code

pkgs.home-assistant-component-tests.oncue

Open source home automation that puts local control and privacy first

pkgs.tree-sitter-grammars.tree-sitter-cue

pkgs.vimPlugins.nvim-treesitter-parsers.cue

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-cue

Python bindings for tree-sitter-cue

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-cue

Python bindings for tree-sitter-cue
Package maintainers: 18
CVE-2025-31846
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Theater for WordPress plugin <= 0.18.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7.

theatre
=<0.18.7

pkgs.haskellPackages.theatre-dev

Minimalistic actor library experiments
CVE-2025-31446
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress WP Cleaner plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner allows Reflected XSS. This issue affects WP Cleaner: from n/a through 1.1.5.

wpcleaner
=<1.1.5
Package maintainers: 1
CVE-2025-31557
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress OSM – OpenStreetMap plugin <= 6.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiKa OSM – OpenStreetMap allows DOM-Based XSS. This issue affects OSM – OpenStreetMap: from n/a through 6.1.6.

osm
=<6.1.6

pkgs.josm

Extensible editor for OpenStreetMap

pkgs.osmo

Handy personal organizer

pkgs.mosml

Light-weight implementation of Standard ML

pkgs.osmid

Lightweight, portable, easy to use tool to convert MIDI to OSC and OSC to MIDI

pkgs.erosmb

SMB network scanner

pkgs.gosmee

Command line server and client for webhooks deliveries (and https://smee.io)

pkgs.imposm

Imports OpenStreetMap data into PostGIS

pkgs.qosmic

Cosmic recursive flame fractal editor

pkgs.cosmocc

Compilers for Cosmopolitan C/C++ programs

pkgs.readosm

Open source library to extract valid data from within an Open Street Map input file

pkgs.osmo-bsc

GSM Base Station Controller

pkgs.osmo-bts

Osmocom GSM Base Transceiver Station (BTS)

pkgs.osmo-hlr

Osmocom implementation of 3GPP Home Location Registr (HLR)

pkgs.osmo-iuh

Osmocom IuH library

pkgs.osmo-mgw

Osmocom Media Gateway (MGW). speaks RTP and E1 as well as MGCP

pkgs.osmo-msc

Osmocom implementation of 3GPP Mobile Swtiching Centre (MSC)

pkgs.osmo-pcu

Osmocom Packet control Unit (PCU): Network-side GPRS (RLC/MAC); BTS- or BSC-colocated

pkgs.cosmic-bg

Applies Background for the COSMIC Desktop Environment

pkgs.libosmium

Fast and flexible C++ library for working with OpenStreetMap data

pkgs.osm2pgsql

OpenStreetMap data to PostgreSQL converter

pkgs.osmctools

Command line tools for transforming Open Street Map files

pkgs.osmo-ggsn

Osmocom Gateway GPRS Support Node (GGSN), successor of OpenGGSN

pkgs.osmo-sgsn

Osmocom implementation of the 3GPP Serving GPRS Support Node (SGSN)

pkgs.cosmic-osd

OSD for the COSMIC Desktop Environment

pkgs.osmo-hnbgw

Osmocom Home NodeB Gateway, for attaching femtocells to the 3G CN (OsmoMSC, OsmoSGSN)

pkgs.cosmic-comp

Compositor for the COSMIC Desktop Environment

pkgs.cosmic-edit

Text Editor for the COSMIC Desktop Environment

pkgs.cosmic-idle

Idle daemon for the COSMIC Desktop Environment

pkgs.cosmic-term

Terminal for the COSMIC Desktop Environment

pkgs.libosmoabis

Osmocom Abis interface library

pkgs.libosmocore

Set of Osmocom core libraries

pkgs.libosmscout

Simple, high-level interfaces for offline location and POI lokup, rendering and routing functionalities based on OpenStreetMap (OSM) data

pkgs.osm-gps-map

GTK widget for displaying OpenStreetMap tiles

pkgs.osmium-tool

Multipurpose command line tool for working with OpenStreetMap data based on the Osmium library

pkgs.osmo-hnodeb

Upper layers implementation of HomeNodeB for 3G/UMTS

pkgs.cosmic-files

File Manager for the COSMIC Desktop Environment

pkgs.cosmic-icons

System76 Cosmic icon theme for Linux

pkgs.cosmic-panel

Panel for the COSMIC Desktop Environment

pkgs.cosmic-randr

Library and utility for displaying and configuring Wayland outputs

pkgs.cosmic-store

App Store for the COSMIC Desktop Environment

pkgs.cosmopolitan

Your build-once run-anywhere c library

pkgs.osmtogeojson

Converts OSM data to GeoJSON

pkgs.cosmic-player

Media player for the COSMIC Desktop Environment

pkgs.libosmo-netif

Osmocom network / socket interface library

pkgs.cosmic-applets

Applets for the COSMIC Desktop Environment

pkgs.cosmic-ext-ctl

CLI for COSMIC Desktop configuration management

pkgs.cosmic-greeter

Greeter for the COSMIC Desktop Environment

pkgs.cosmic-session

Session manager for the COSMIC desktop environment

pkgs.cosmic-launcher

Launcher for the COSMIC Desktop Environment

pkgs.cosmic-settings

Settings for the COSMIC Desktop Environment

pkgs.libosmo-sigtran

SCCP + SIGTRAN (SUA/M3UA) libraries as well as OsmoSTP

pkgs.osmscout-server

Maps server providing tiles, geocoder, and router

pkgs.rtl-sdr-osmocom

Software to turn the RTL2832U into a SDR receiver

pkgs.cosmic-protocols

Additional wayland-protocols used by the COSMIC desktop environment

pkgs.libcosmicAppHook

Setup hook for configuring and wrapping applications based on libcosmic
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.cosmic-applibrary

Application Template for the COSMIC Desktop Environment

pkgs.cosmic-ext-tweaks

Tweaking tool for the COSMIC Desktop Environment

pkgs.cosmic-screenshot

Screenshot tool for the COSMIC Desktop Environment

pkgs.cosmic-wallpapers

Wallpapers for the COSMIC Desktop Environment

pkgs.luaPackages.cosmo

Safe templates for Lua

pkgs.osmo-sip-connector

This implements an interface between the MNCC (Mobile Network Call Control) interface of OsmoMSC (and also previously OsmoNITB) and SIP

pkgs.lua51Packages.cosmo

Safe templates for Lua

pkgs.lua52Packages.cosmo

Safe templates for Lua

pkgs.lua53Packages.cosmo

Safe templates for Lua

pkgs.lua54Packages.cosmo

Safe templates for Lua

pkgs.python-cosmopolitan

Actually Portable Python using Cosmopolitan

pkgs.cosmic-notifications

Notifications for the COSMIC Desktop Environment

pkgs.luajitPackages.cosmo

Safe templates for Lua

pkgs.cosmic-ext-calculator

Calculator for the COSMIC Desktop Environment

pkgs.cosmic-settings-daemon

Settings Daemon for the COSMIC Desktop Environment

pkgs.cosmic-workspaces-epoch

Workspaces Epoch for the COSMIC Desktop Environment

pkgs.python312Packages.osmnx

Package to easily download, construct, project, visualize, and analyze complex street networks from OpenStreetMap with NetworkX

pkgs.python313Packages.osmnx

Package to easily download, construct, project, visualize, and analyze complex street networks from OpenStreetMap with NetworkX

pkgs.gnuradioPackages.osmosdr

Gnuradio block for OsmoSDR and rtl-sdr

pkgs.graylogPlugins.twiliosms

Alarm callback plugin for integrating the Twilio SMS API into Graylog

pkgs.python312Packages.aiosmb

Python SMB library

pkgs.python312Packages.osmapi

Python wrapper for the OSM API

pkgs.python313Packages.aiosmb

Python SMB library

pkgs.python313Packages.osmapi

Python wrapper for the OSM API

pkgs.kdePackages.kosmindoormap

OSM multi-floor indoor map renderer

pkgs.xdg-desktop-portal-cosmic

XDG Desktop Portal for the COSMIC Desktop Environment

pkgs.python312Packages.aiosmtpd

Asyncio based SMTP server

pkgs.python312Packages.pyosmium

Python bindings for libosmium

pkgs.python313Packages.aiosmtpd

Asyncio based SMTP server

pkgs.python313Packages.pyosmium

Python bindings for libosmium

pkgs.python312Packages.aiosmtplib

Module which provides a SMTP client

pkgs.python312Packages.py-aosmith

Python client library for A. O. Smith water heaters

pkgs.python313Packages.aiosmtplib

Module which provides a SMTP client

pkgs.python313Packages.py-aosmith

Python client library for A. O. Smith water heaters

pkgs.python312Packages.azure-cosmos

Azure Cosmos DB API

pkgs.python313Packages.azure-cosmos

Azure Cosmos DB API

pkgs.python312Packages.osmpythontools

Library to access OpenStreetMap-related services

pkgs.python313Packages.osmpythontools

Library to access OpenStreetMap-related services

pkgs.azure-cli-extensions.cosmosdb-preview

Microsoft Azure Command-Line Tools Cosmosdb-preview Extension

pkgs.python312Packages.azure-mgmt-cosmosdb

Module to work with the Microsoft Azure Cosmos DB Management

pkgs.python313Packages.azure-mgmt-cosmosdb

Module to work with the Microsoft Azure Cosmos DB Management

pkgs.home-assistant-component-tests.aosmith

Open source home automation that puts local control and privacy first

pkgs.python312Packages.azure-cosmosdb-nspkg

This is the Microsoft Azure CosmosDB namespace package

pkgs.python312Packages.azure-cosmosdb-table

This is the Microsoft Azure Log Analytics Client Library

pkgs.python313Packages.azure-cosmosdb-nspkg

This is the Microsoft Azure CosmosDB namespace package

pkgs.python313Packages.azure-cosmosdb-table

This is the Microsoft Azure Log Analytics Client Library
Package maintainers: 54
CVE-2025-31549
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Fusion plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion allows DOM-Based XSS. This issue affects Fusion: from n/a through 1.6.3.

fusion
=<1.6.3

pkgs.datafusion-cli

CLI for Apache Arrow DataFusion

pkgs.lxgw-fusionkai

Simplified Chinese font derived from LXGW WenKai GB, iansui and Klee One

pkgs.finalfusion-utils

Utility for converting, quantizing, and querying word embeddings

pkgs.python312Packages.datafusion

Extensible query execution framework

pkgs.python313Packages.datafusion

Extensible query execution framework

pkgs.haskellPackages.fusion-plugin

GHC plugin to make stream fusion more predictable

pkgs.python312Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

pkgs.python312Packages.k-diffusion

Karras et al. (2022) diffusion models for PyTorch

pkgs.python313Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

pkgs.python313Packages.k-diffusion

Karras et al. (2022) diffusion models for PyTorch

pkgs.haskellPackages.gogol-datafusion

Google Cloud Data Fusion SDK

pkgs.haskellPackages.list-fusion-probe

testing list fusion for success

pkgs.haskellPackages.gogol-fusiontables

Google Fusion Tables SDK

pkgs.haskellPackages.fusion-plugin-types

Types for the fusion-plugin package

pkgs.vimPlugins.nvim-treesitter-parsers.fusion

  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 4
CVE-2025-31538
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Checklist plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in checklistcom Checklist allows Stored XSS. This issue affects Checklist: from n/a through 1.1.9.

checklist
=<1.1.9

pkgs.haskellPackages.tasty-checklist

Check multiple items during a tasty test
CVE-2024-13939
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

String-Compare-ConstantTime
=<0.321

pkgs.perlPackages.StringCompareConstantTime

Timing side-channel protected string compare

pkgs.perl538Packages.StringCompareConstantTime

Timing side-channel protected string compare

pkgs.perl540Packages.StringCompareConstantTime

Timing side-channel protected string compare
CVE-2025-22523
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.

schedule
=<1.0.0

pkgs.system76-scheduler

System76 Scheduler

pkgs.haskellPackages.schedule

Pure deterministic scheduled computations

pkgs.haskellPackages.scheduler

Work stealing scheduler

pkgs.python312Packages.schedule

Python job scheduling for humans

pkgs.python313Packages.schedule

Python job scheduling for humans

pkgs.python312Packages.scheduler

Simple in-process python scheduler library with asyncio, threading and timezone support

pkgs.python313Packages.scheduler

Simple in-process python scheduler library with asyncio, threading and timezone support

pkgs.python312Packages.pyschedule

Formulate and solve resource-constrained scheduling problems

pkgs.python313Packages.pyschedule

Formulate and solve resource-constrained scheduling problems

pkgs.python312Packages.apscheduler

Library that lets you schedule your Python code to be executed

pkgs.python313Packages.apscheduler

Library that lets you schedule your Python code to be executed

pkgs.haskellPackages.monad-schedule

A new, simple, composable concurrency abstraction

pkgs.python312Packages.swh-scheduler

Job scheduler for the Software Heritage project

pkgs.haskellPackages.amazonka-scheduler

Amazon EventBridge Scheduler SDK

pkgs.python312Packages.django-scheduler

Calendar app for Django

pkgs.python313Packages.django-scheduler

Calendar app for Django

pkgs.azure-cli-extensions.computeschedule

Microsoft Azure Command-Line Tools Computeschedule Extension

pkgs.azure-cli-extensions.scheduled-query

Microsoft Azure Command-Line Tools Scheduled_query Extension

pkgs.haskellPackages.gogol-cloudscheduler

Google Cloud Scheduler SDK

pkgs.linuxPackages_lqx.system76-scheduler

System76 Scheduler

pkgs.linuxPackages_zen.system76-scheduler

System76 Scheduler

pkgs.python312Packages.django-apscheduler

APScheduler for Django

pkgs.python313Packages.django-apscheduler

APScheduler for Django

pkgs.linuxPackages-libre.system76-scheduler

System76 Scheduler

pkgs.python312Packages.azure-mgmt-scheduler

This is the Microsoft Azure Scheduler Management Client Library

pkgs.python312Packages.checkpoint-schedules

Schedules for incremental checkpointing of adjoint simulations

pkgs.python312Packages.finetuning-scheduler

PyTorch Lightning extension for foundation model experimentation with flexible fine-tuning schedules

pkgs.python313Packages.azure-mgmt-scheduler

This is the Microsoft Azure Scheduler Management Client Library

pkgs.python313Packages.checkpoint-schedules

Schedules for incremental checkpointing of adjoint simulations

pkgs.python313Packages.finetuning-scheduler

PyTorch Lightning extension for foundation model experimentation with flexible fine-tuning schedules

pkgs.home-assistant-component-tests.schedule

Open source home automation that puts local control and privacy first

pkgs.linuxPackages_latest.system76-scheduler

System76 Scheduler

pkgs.python312Packages.types-aiobotocore-scheduler

Type annotations for aiobotocore scheduler

pkgs.python313Packages.types-aiobotocore-scheduler

Type annotations for aiobotocore scheduler

pkgs.linuxKernel.packages.linux_lqx.system76-scheduler

System76 Scheduler

pkgs.linuxKernel.packages.linux_zen.system76-scheduler

System76 Scheduler

pkgs.linuxKernel.packages.linux_5_10.system76-scheduler

System76 Scheduler

pkgs.linuxKernel.packages.linux_6_12.system76-scheduler

System76 Scheduler

pkgs.linuxKernel.packages.linux_6_16.system76-scheduler

System76 Scheduler

pkgs.linuxKernel.packages.linux_libre.system76-scheduler

System76 Scheduler

pkgs.home-assistant-custom-components.waste_collection_schedule

Home Assistant integration framework for (garbage collection) schedules

pkgs.linuxKernel.packages.linux_6_12_hardened.system76-scheduler

System76 Scheduler
Package maintainers: 15
CVE-2025-31163
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
fig2dev segmentation fault

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.

fig2dev
==3.2.9a

pkgs.fig2dev

Tool to convert Xfig files to other formats

pkgs.transfig

Tool to convert Xfig files to other formats
Package maintainers: 1