Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-3359 6.2 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 months, 3 weeks ago Gnuplot: segmentation fault via io_str_init_static_internal function A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. gnuplot <6.1 pkgs.gnuplot Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.gnuplot_qt Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.feedgnuplot General purpose pipe-oriented plotting tool nixos-unstable 1.61 nixos-unstable-small 1.61 nixpkgs-unstable 1.61 pkgs.gnuplot_aquaterm Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.emacsPackages.gnuplot nixos-unstable 20240914.1522 nixos-unstable-small 20240914.1522 nixpkgs-unstable 20240914.1522 pkgs.haskellPackages.gnuplot 2D and 3D plots using gnuplot nixos-unstable 0.5.7 nixos-unstable-small 0.5.7 nixpkgs-unstable 0.5.7 pkgs.emacsPackages.gnuplot-mode nixos-unstable 20171013.1616 nixos-unstable-small 20171013.1616 nixpkgs-unstable 20171013.1616 pkgs.haskellPackages.gnuplot.x86_64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.x86_64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe A simple interface to Gnuplot nixos-unstable 0.4.2 nixos-unstable-small 0.4.2 nixpkgs-unstable 0.4.2 pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot nixos-unstable ??? nixos-unstable-small nixpkgs-unstable Package maintainers: 3 @lovek323 Jason O'Conal <jason@oconal.id.au> @mnacamura Mitsuhiro Nakamura <m.nacamura@gmail.com> @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2025-3360 3.7 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 4 months, 3 weeks ago Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. glib <2.82.5 bootc glib2 loupe librsvg2 mingw-glib2 glycin-loaders pkgs.bootc Boot and upgrade via container images nixos-unstable 1.1.2 nixos-unstable-small 1.1.2 nixpkgs-unstable 1.1.2 pkgs.mlxbf-bootctl Control BlueField boot partitions nixos-unstable 1.1-6 nixos-unstable-small 1.1-6 nixpkgs-unstable 1.1-6 pkgs.rubyPackages.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 pkgs.rubyPackages_3_1.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 Package maintainers: 2 @Thesola10 Karim Vergnes <me@thesola.io> @nikstur nikstur <nikstur@outlook.com> CVE-2025-30195 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 months, 3 weeks ago A crafted zone can lead to an illegal memory access in the PowerDNS Recursor An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention. pdns-recursor ==5.2.0 pkgs.pdns-recursor Recursive DNS server nixos-unstable 5.1.2 nixos-unstable-small 5.1.2 nixpkgs-unstable 5.1.2 Package maintainers: 1 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org> CVE-2025-2784 7.0 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): HIGH created 5 months ago Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. libsoup * <3.6.5 libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> CVE-2025-32050 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 5 months ago Libsoup: integer overflow in append_param_quoted A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. libsoup <3.6.1 * libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> CVE-2025-32049 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 5 months ago Libsoup: denial of service attack to websocket server A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). libsoup * =<3.6.4 libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> CVE-2025-32052 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): LOW created 5 months ago Libsoup: heap buffer overflow in sniff_unknown() A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. libsoup <3.6.1 * libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> CVE-2025-32051 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 5 months ago Libsoup: segmentation fault when parsing malformed data uri A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). libsoup <3.6.1 libsoup3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> CVE-2025-32053 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): LOW created 5 months ago Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. libsoup <3.6.1 * libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> CVE-2025-31746 6.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW created 5 months ago WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4. clients =<1.1.4 pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3 pkgs.xorg.xlsclients nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5 pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 Package maintainers: 1 @leenaars Michiel Leenaars <ml.software@leenaa.rs>
CVE-2025-3359 6.2 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 months, 3 weeks ago Gnuplot: segmentation fault via io_str_init_static_internal function A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. gnuplot <6.1 pkgs.gnuplot Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.gnuplot_qt Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.feedgnuplot General purpose pipe-oriented plotting tool nixos-unstable 1.61 nixos-unstable-small 1.61 nixpkgs-unstable 1.61 pkgs.gnuplot_aquaterm Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.emacsPackages.gnuplot nixos-unstable 20240914.1522 nixos-unstable-small 20240914.1522 nixpkgs-unstable 20240914.1522 pkgs.haskellPackages.gnuplot 2D and 3D plots using gnuplot nixos-unstable 0.5.7 nixos-unstable-small 0.5.7 nixpkgs-unstable 0.5.7 pkgs.emacsPackages.gnuplot-mode nixos-unstable 20171013.1616 nixos-unstable-small 20171013.1616 nixpkgs-unstable 20171013.1616 pkgs.haskellPackages.gnuplot.x86_64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.x86_64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe A simple interface to Gnuplot nixos-unstable 0.4.2 nixos-unstable-small 0.4.2 nixpkgs-unstable 0.4.2 pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot nixos-unstable ??? nixos-unstable-small nixpkgs-unstable Package maintainers: 3 @lovek323 Jason O'Conal <jason@oconal.id.au> @mnacamura Mitsuhiro Nakamura <m.nacamura@gmail.com> @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.gnuplot Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1
pkgs.gnuplot_qt Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1
pkgs.feedgnuplot General purpose pipe-oriented plotting tool nixos-unstable 1.61 nixos-unstable-small 1.61 nixpkgs-unstable 1.61
pkgs.gnuplot_aquaterm Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1
pkgs.emacsPackages.gnuplot nixos-unstable 20240914.1522 nixos-unstable-small 20240914.1522 nixpkgs-unstable 20240914.1522
pkgs.haskellPackages.gnuplot 2D and 3D plots using gnuplot nixos-unstable 0.5.7 nixos-unstable-small 0.5.7 nixpkgs-unstable 0.5.7
pkgs.emacsPackages.gnuplot-mode nixos-unstable 20171013.1616 nixos-unstable-small 20171013.1616 nixpkgs-unstable 20171013.1616
pkgs.haskellPackages.gnuplot.x86_64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.haskellPackages.gnuplot.aarch64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.haskellPackages.gnuplot.x86_64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.haskellPackages.gnuplot.aarch64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe A simple interface to Gnuplot nixos-unstable 0.4.2 nixos-unstable-small 0.4.2 nixpkgs-unstable 0.4.2
pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot nixos-unstable ??? nixos-unstable-small nixpkgs-unstable
CVE-2025-3360 3.7 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 4 months, 3 weeks ago Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. glib <2.82.5 bootc glib2 loupe librsvg2 mingw-glib2 glycin-loaders pkgs.bootc Boot and upgrade via container images nixos-unstable 1.1.2 nixos-unstable-small 1.1.2 nixpkgs-unstable 1.1.2 pkgs.mlxbf-bootctl Control BlueField boot partitions nixos-unstable 1.1-6 nixos-unstable-small 1.1-6 nixpkgs-unstable 1.1-6 pkgs.rubyPackages.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 pkgs.rubyPackages_3_1.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 Package maintainers: 2 @Thesola10 Karim Vergnes <me@thesola.io> @nikstur nikstur <nikstur@outlook.com>
pkgs.bootc Boot and upgrade via container images nixos-unstable 1.1.2 nixos-unstable-small 1.1.2 nixpkgs-unstable 1.1.2
pkgs.mlxbf-bootctl Control BlueField boot partitions nixos-unstable 1.1-6 nixos-unstable-small 1.1-6 nixpkgs-unstable 1.1-6
pkgs.rubyPackages_3_1.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
pkgs.rubyPackages_3_2.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
pkgs.rubyPackages_3_3.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
pkgs.rubyPackages_3_4.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
CVE-2025-30195 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 4 months, 3 weeks ago A crafted zone can lead to an illegal memory access in the PowerDNS Recursor An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention. pdns-recursor ==5.2.0 pkgs.pdns-recursor Recursive DNS server nixos-unstable 5.1.2 nixos-unstable-small 5.1.2 nixpkgs-unstable 5.1.2 Package maintainers: 1 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
pkgs.pdns-recursor Recursive DNS server nixos-unstable 5.1.2 nixos-unstable-small 5.1.2 nixpkgs-unstable 5.1.2
CVE-2025-2784 7.0 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): HIGH created 5 months ago Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. libsoup * <3.6.5 libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32050 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 5 months ago Libsoup: integer overflow in append_param_quoted A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. libsoup <3.6.1 * libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32049 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 5 months ago Libsoup: denial of service attack to websocket server A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). libsoup * =<3.6.4 libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32052 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): LOW created 5 months ago Libsoup: heap buffer overflow in sniff_unknown() A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. libsoup <3.6.1 * libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32051 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 5 months ago Libsoup: segmentation fault when parsing malformed data uri A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). libsoup <3.6.1 libsoup3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32053 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): LOW created 5 months ago Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. libsoup <3.6.1 * libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-31746 6.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW created 5 months ago WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4. clients =<1.1.4 pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3 pkgs.xorg.xlsclients nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5 pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 Package maintainers: 1 @leenaars Michiel Leenaars <ml.software@leenaa.rs>
pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3
pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0