Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-31162
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
fig2dev float point exception

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.

fig2dev
==3.2.9a

pkgs.fig2dev

Tool to convert Xfig files to other formats

pkgs.transfig

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2025-31164
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
fig2dev heap-buffer overflow

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline.

fig2dev
==3.2.9a

pkgs.fig2dev

Tool to convert Xfig files to other formats

pkgs.transfig

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2025-1860
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Data-Entropy
<0.008

pkgs.perlPackages.DataEntropy

Entropy (randomness) management

pkgs.perl538Packages.DataEntropy

Entropy (randomness) management

pkgs.perl540Packages.DataEntropy

Entropy (randomness) management
CVE-2025-31181
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Gnuplot: gnuplot segmentation fault on x11_graphics

A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.

gnuplot
<6.1

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-30896
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4.

erp
=<1.13.4

pkgs.lerpn

Curses RPN calculator written in straight Python

pkgs.serpl

Simple terminal UI for search and replace, ala VS Code

pkgs.sherpa

Monte Carlo event generator for the Simulation of High-Energy Reactions of PArticles

pkgs.makerpm

Clean, simple RPM packager reimplemented completely from scratch

pkgs.serpent

Compiler for the Serpent language for Ethereum

pkgs.overpass

Font heavily inspired by Highway Gothic

pkgs.overpush

Self-hosted, drop-in replacement for Pushover that can use XMPP

pkgs.powerpipe

Dynamically query your cloud, code, logs & more with SQL

pkgs.featherpad

Lightweight Qt5 Plain-Text Editor for Linux

pkgs.filterpath

Retrieve a valid path from a messy piped line
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.browserpass

Browserpass native client app

pkgs.centerpiece

Your trusty omnibox search

pkgs.ciderpress2

File archive utility for Apple II disk images and file archives

pkgs.letterpress

Create beautiful ASCII art

pkgs.pufferpanel

Free, open source game management panel

pkgs.fingerprintx

Standalone utility for service discovery on open ports

pkgs.hyperpotamus

YAML based HTTP script processing engine

pkgs.etherpad-lite

Modern really-real-time collaborative document editor

pkgs.masterpdfeditor

Master PDF Editor

pkgs.masterpdfeditor4

Master PDF Editor - version 4, without watermark

pkgs.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

pkgs.luaPackages.serpent

Lua serializer and pretty printer

pkgs.nerd-fonts.overpass

Nerd Fonts: An open source font family inspired by Highway Gothic

pkgs.haskellPackages.derp

Derivative Parsing

pkgs.world-serpant-search

Command-line tool for vulnerability detection

pkgs.beamerpresenter-mupdf

Modular multi screen pdf presentation viewer

pkgs.lua51Packages.serpent

Lua serializer and pretty printer

pkgs.lua52Packages.serpent

Lua serializer and pretty printer

pkgs.lua53Packages.serpent

Lua serializer and pretty printer

pkgs.lua54Packages.serpent

Lua serializer and pretty printer

pkgs.unigine-superposition

Unigine Superposition GPU benchmarking tool

pkgs.luajitPackages.serpent

Lua serializer and pretty printer

pkgs.beamerpresenter-poppler

Modular multi screen pdf presentation viewer

pkgs.python312Packages.serpy

Ridiculously fast object serialization

pkgs.python313Packages.serpy

Ridiculously fast object serialization

pkgs.haskellPackages.Euterpea

Library for computer music research and education

pkgs.python312Packages.overpy

Python Wrapper to access the Overpass API

pkgs.python313Packages.overpy

Python Wrapper to access the Overpass API

pkgs.stalwart-mail-enterprise

Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)

pkgs.python312Packages.serpent

Simple serialization library based on ast.literal_eval

pkgs.python313Packages.serpent

Simple serialization library based on ast.literal_eval

pkgs.libsForQt5.kdesignerplugin

pkgs.python312Packages.derpconf

Module to abstract loading configuration files for your app

pkgs.python312Packages.gitterpy

Python interface for the Gitter API

pkgs.python312Packages.pyinterp

Python library for optimized geo-referenced interpolation

pkgs.python312Packages.spiderpy

Unofficial Python wrapper for the Spider API

pkgs.python312Packages.userpath

Cross-platform tool for adding locations to the user PATH

pkgs.python313Packages.derpconf

Module to abstract loading configuration files for your app

pkgs.python313Packages.gitterpy

Python interface for the Gitter API

pkgs.python313Packages.pyinterp

Python library for optimized geo-referenced interpolation

pkgs.python313Packages.spiderpy

Unofficial Python wrapper for the Spider API

pkgs.python313Packages.userpath

Cross-platform tool for adding locations to the user PATH

pkgs.haskellPackages.interpolate

String interpolation done right

pkgs.python312Packages.boilerpy3

Python port of Boilerpipe library

pkgs.python312Packages.dockerpty

Functionality needed to operate the pseudo-tty (PTY) allocated to a docker container

pkgs.python312Packages.pyzerproc

Python library to control Zerproc Bluetooth LED smart string lights

pkgs.python313Packages.boilerpy3

Python port of Boilerpipe library

pkgs.python313Packages.dockerpty

Functionality needed to operate the pseudo-tty (PTY) allocated to a docker container

pkgs.python313Packages.pyzerproc

Python library to control Zerproc Bluetooth LED smart string lights

pkgs.haskellPackages.interprocess

Shared memory and control structures for IPC

pkgs.python312Packages.inquirerpy

Python port of Inquirer.js

pkgs.python313Packages.inquirerpy

Python port of Inquirer.js

pkgs.typstPackages.tierpist_0_1_0

Make simple tierlists using the Catppuccin pastel color palettes

pkgs.haskellPackages.Interpolation

Multiline strings, interpolation and templating

pkgs.haskellPackages.interpolation

piecewise linear and cubic Hermite interpolation

pkgs.python312Packages.betterproto

Code generator & library for Protobuf 3 and async gRPC

pkgs.python312Packages.hyperpyyaml

Extensions to YAML syntax for better python interaction

pkgs.python313Packages.betterproto

Code generator & library for Protobuf 3 and async gRPC

pkgs.python313Packages.hyperpyyaml

Extensions to YAML syntax for better python interaction

pkgs.perlPackages.StringInterpolate

String::Interpolate - Wrapper for builtin the Perl interpolation engine

pkgs.python312Packages.fingerprints

Library to generate entity fingerprints

pkgs.python312Packages.headerparser

Module to parse key-value pairs in the style of RFC 822 (e-mail) headers

pkgs.python313Packages.fingerprints

Library to generate entity fingerprints

pkgs.python313Packages.headerparser

Module to parse key-value pairs in the style of RFC 822 (e-mail) headers

pkgs.plasma5Packages.kdesignerplugin

pkgs.python312Packages.cypherpunkpay

Modern self-hosted software for accepting Bitcoin

pkgs.python313Packages.cypherpunkpay

Modern self-hosted software for accepting Bitcoin

pkgs.haskellPackages.reinterpret-cast

Memory reinterpretation casts for Float/Double and Word32/Word64

pkgs.python312Packages.betterproto-fw

Fork of betterproto used in fireworks-ai

pkgs.python312Packages.llm-perplexity

LLM access to pplx-api

pkgs.python313Packages.betterproto-fw

Fork of betterproto used in fireworks-ai

pkgs.python313Packages.llm-perplexity

LLM access to pplx-api

pkgs.haskellPackages.hasql-interpolate

QuasiQuoter that supports expression interpolation for hasql

pkgs.perl538Packages.StringInterpolate

String::Interpolate - Wrapper for builtin the Perl interpolation engine

pkgs.perl540Packages.StringInterpolate

String::Interpolate - Wrapper for builtin the Perl interpolation engine

pkgs.python312Packages.cppheaderparser

Parse C++ header files using ply.lex to generate navigable class tree representing the class structure

pkgs.python312Packages.cxxheaderparser

Modern pure python C++ header parser

pkgs.python313Packages.cppheaderparser

Parse C++ header files using ply.lex to generate navigable class tree representing the class structure

pkgs.python313Packages.cxxheaderparser

Modern pure python C++ header parser

pkgs.haskellPackages.Interpolation-maxs

Multiline strings, interpolation and templating

pkgs.haskellPackages.erpnext-api-client

Generic API client library for ERPNext

pkgs.haskellPackages.neat-interpolation

Quasiquoter for neat and simple multiline text interpolation

pkgs.haskellPackages.string-interpolate

Haskell string/text/bytestring interpolation that just works

pkgs.python312Packages.enterpriseattack

Module to interact with the Mitre Att&ck Enterprise dataset

pkgs.python312Packages.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

pkgs.python313Packages.enterpriseattack

Module to interact with the Mitre Att&ck Enterprise dataset

pkgs.python313Packages.open-interpreter

OpenAI's Code Interpreter in your terminal, running locally

pkgs.akkuPackages.slib-array-interpolate

Interpolated array access

pkgs.haskellPackages.copilot-interpreter

Interpreter for Copilot

pkgs.perlPackages.StringInterpolateNamed

Interpolated named arguments in string

pkgs.azure-cli-extensions.redisenterprise

Microsoft Azure Command-Line Tools RedisEnterprise Extension

pkgs.haskellPackages.prettyprinter-interp

Efficient interpolation for Prettyprinter

pkgs.graylogPlugins.enterprise-integrations

Integrations are tools that help Graylog work with external systems (unfree enterprise integrations)

pkgs.haskellPackages.exploring-interpreters

A generic exploring interpreter for exploratory programming

pkgs.haskellPackages.x-sum-type-boilerplate

(Forked) Library for reducing the boilerplate involved with sum types

pkgs.home-assistant-component-tests.zerproc

Open source home automation that puts local control and privacy first

pkgs.perl538Packages.StringInterpolateNamed

Interpolated named arguments in string

pkgs.perl540Packages.StringInterpolateNamed

Interpolated named arguments in string

pkgs.perlPackages.StringBinaryInterpolation

Make it easier to interpolate binary bytes into a string

pkgs.python312Packages.langchain-perplexity

Build LangChain applications with Perplexity

pkgs.python313Packages.langchain-perplexity

Build LangChain applications with Perplexity

pkgs.haskellPackages.gogol-android-enterprise

Google Play EMM SDK

pkgs.haskellPackages.interpolatedstring-perl6

QuasiQuoter for Perl6-style multi-line interpolated strings

pkgs.python312Packages.betterproto-rust-codec

Converter between betterproto messages and the Protobuf wire format

pkgs.python313Packages.betterproto-rust-codec

Converter between betterproto messages and the Protobuf wire format

pkgs.perl538Packages.StringBinaryInterpolation

Make it easier to interpolate binary bytes into a string

pkgs.perl540Packages.StringBinaryInterpolation

Make it easier to interpolate binary bytes into a string

pkgs.haskellPackages.gogol-recaptcha-enterprise

Google reCAPTCHA Enterprise SDK

pkgs.haskellPackages.lambda-calculus-interpreter

Lambda Calculus interpreter

pkgs.haskellPackages.postgresql-simple-interpolate

Interpolated SQL queries via quasiquotation

pkgs.perlPackages.TestRunPluginAlternateInterpreters

Define different interpreters for different test scripts with Test::Run

pkgs.perl538Packages.TestRunPluginAlternateInterpreters

Define different interpreters for different test scripts with Test::Run

pkgs.perl540Packages.TestRunPluginAlternateInterpreters

Define different interpreters for different test scripts with Test::Run
Package maintainers: 61
CVE-2025-31180
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Gnuplot: gnuplot segmentation fault on canvas_text

A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.

gnuplot
<6.0

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-31178
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Gnuplot: gnuplot segmentation fault on getannotatestring

A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.

gnuplot
<6.0

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-31179
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Gnuplot: gnuplot segmentation fault on xstrftime

A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.

gnuplot
<6.0

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-31176
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Gnuplot: gnuplot segmentation fault on plot3d_points

A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.

gnuplot
<6.0

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-28916
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1.

docpro
=<2.0.1

pkgs.python312Packages.jupyter-docprovider

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

pkgs.python313Packages.jupyter-docprovider

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models
Package maintainers: 3