Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-1386 created 2 months, 2 weeks ago
Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

ch-go
<0.65.0

pkgs.immich-go

Immich client tool for bulk-uploads
Package maintainers: 1
CVE-2025-32618
8.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
WordPress Wishlist plugin <= 1.0.43 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.43.

wishlist
=<1.0.43

pkgs.wishlist

Single entrypoint for multiple SSH endpoints
Package maintainers: 2
CVE-2025-32230
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0.

tutor
=<3.4.0

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2025-23386
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
gerbera: Privilege escalation from user gerbera to root because of insecure %post script

A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.

gerbera
<2.5.0-1.1

pkgs.gerbera

UPnP Media Server for 2024
Package maintainers: 1
CVE-2025-32584
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
WordPress Chat2 plugin <= 3.6.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 allows Cross Site Request Forgery. This issue affects Chat2: from n/a through 3.6.3.

chat2
=<3.6.3

pkgs.python312Packages.deltachat2

Client library for Delta Chat core JSON-RPC interface

pkgs.python313Packages.deltachat2

Client library for Delta Chat core JSON-RPC interface
Package maintainers: 1
CVE-2025-31003
2.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
WordPress Squeeze plugin <= 1.6 - Full Path Disclosure (FPD) vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6.

squeeze
=<1.6

pkgs.squeezelite

Lightweight headless squeezebox client emulator

pkgs.squeezelite-pulse

Lightweight headless squeezebox client emulator

pkgs.postgresqlPackages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.python312Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

pkgs.python313Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

pkgs.postgresql13Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql14Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql15Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql16Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql18Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.home-assistant-component-tests.squeezebox

Open source home automation that puts local control and privacy first
Package maintainers: 5
CVE-2025-31002
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.

squeeze
=<1.6

pkgs.squeezelite

Lightweight headless squeezebox client emulator

pkgs.squeezelite-pulse

Lightweight headless squeezebox client emulator

pkgs.postgresqlPackages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.python312Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

pkgs.python313Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

pkgs.postgresql13Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql14Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql15Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql16Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.postgresql18Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

pkgs.home-assistant-component-tests.squeezebox

Open source home automation that puts local control and privacy first
Package maintainers: 5
CVE-2025-31375
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0.

scheduled
=<1.0

pkgs.azure-cli-extensions.scheduled-query

Microsoft Azure Command-Line Tools Scheduled_query Extension
Package maintainers: 2
CVE-2025-3416
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

gjs
polkit
firefox
mozjs60
openssl
rpm-ostree
389-ds-base
rust-bootupd
rust-openssl
<0.10.72
mingw-openssl
kata-containers
keylime-agent-rust
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
389-ds:1.4/389-ds-base
firefox:flatpak/firefox
python3.12-cryptography
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
rhtpa/rhtpa-trustification-service-rhel9

pkgs.gjs

JavaScript bindings for GNOME

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

pkgs.openssl

Cryptographic library that implements the SSL and TLS protocols

pkgs.xulrunner

Web browser built from Firefox source tree

pkgs.cmd-polkit

Easily create polkit authentication agents by using commands

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

pkgs.openssl_1_1

Cryptographic library that implements the SSL and TLS protocols

pkgs.openssl_3_0

Cryptographic library that implements the SSL and TLS protocols

pkgs.openssl_3_5

Cryptographic library that implements the SSL and TLS protocols

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

pkgs.polkit_gnome

Dbus session bus service that is used to bring up authentication dialogs

pkgs.tpm2-openssl

OpenSSL Provider for TPM2 integration

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.openssl_legacy

Cryptographic library that implements the SSL and TLS protocols

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.hyprpolkitagent

Polkit authentication agent written in QT/QML

pkgs.mate.mate-polkit

Integrates polkit authentication for MATE desktop

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

pkgs.pcscliteWithPolkit

Middleware to access a smart card using SCard API (PC/SC)

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.libsForQt5.polkit-qt

Qt wrapper around PolKit

pkgs.rubyPackages.openssl

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

pkgs.gnomeExtensions.gjs-osk

A new Onscreen Keyboard built using GNOME JS

pkgs.kdePackages.polkit-qt-1

Qt wrapper around Polkit-1 client libraries

pkgs.php81Extensions.openssl

PHP upstream extension: openssl

pkgs.php82Extensions.openssl

PHP upstream extension: openssl

pkgs.php83Extensions.openssl

PHP upstream extension: openssl

pkgs.php84Extensions.openssl

PHP upstream extension: openssl

pkgs.haskellPackages.hopenssl

FFI Bindings to OpenSSL's EVP Digest Interface

pkgs.rubyPackages_3_1.openssl

pkgs.rubyPackages_3_2.openssl

pkgs.rubyPackages_3_3.openssl

pkgs.rubyPackages_3_4.openssl

pkgs.bruteforce-salted-openssl

Try to find the password of file encrypted with OpenSSL

pkgs.plasma5Packages.polkit-qt

Qt wrapper around PolKit

pkgs.python312Packages.pypugjs

PugJS syntax template adapter for Django, Jinja2, Mako and Tornado templates

pkgs.python313Packages.pypugjs

PugJS syntax template adapter for Django, Jinja2, Mako and Tornado templates

pkgs.lomiri.lomiri-polkit-agent

Policy kit agent for the Lomiri desktop

pkgs.python312Packages.pyopenssl

Python wrapper around the OpenSSL library

pkgs.python313Packages.pyopenssl

Python wrapper around the OpenSSL library

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

pkgs.python312Packages.aioopenssl

TLS-capable transport using OpenSSL for asyncio

pkgs.python313Packages.aioopenssl

TLS-capable transport using OpenSSL for asyncio

pkgs.luaPackages.lua-resty-openssl

No summary

pkgs.kdePackages.polkit-kde-agent-1

Daemon providing a Polkit authentication UI for Plasma

pkgs.pantheon.pantheon-agent-polkit

Polkit Agent for the Pantheon Desktop

pkgs.php81Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

pkgs.php82Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

pkgs.php83Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

pkgs.php84Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

pkgs.python312Packages.cryptography

Package which provides cryptographic recipes and primitives

pkgs.haskellPackages.openssl-streams

OpenSSL network support for io-streams

pkgs.lua51Packages.lua-resty-openssl

No summary

pkgs.lua52Packages.lua-resty-openssl

No summary

pkgs.lua53Packages.lua-resty-openssl

No summary

pkgs.lua54Packages.lua-resty-openssl

No summary

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

pkgs.luajitPackages.lua-resty-openssl

No summary

pkgs.haskellPackages.openssl-createkey

Create OpenSSL keypairs

pkgs.python312Packages.types-pyopenssl

Typing stubs for pyopenssl

pkgs.python313Packages.types-pyopenssl

Typing stubs for pyopenssl

pkgs.haskellPackages.cryptonite-openssl

Crypto stuff using OpenSSL cryptographic library

pkgs.haskellPackages.http-client-openssl

http-client backend using the OpenSSL library

pkgs.chickenPackages_5.chickenEggs.openssl

Bindings to the OpenSSL SSL/TLS library

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssl

Test whether openssl-3.5.1 exposes pkg-config modules libssl
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.openssl

Test whether openssl-3.5.1 exposes pkg-config modules openssl
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.libcrypto

Test whether openssl-3.5.1 exposes pkg-config modules libcrypto
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.testers.hasPkgConfigModules.openssl-has-openssl

Test whether openssl-3.5.1 exposes pkg-config modules openssl
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

pkgs.tests.testers.hasPkgConfigModules.openssl-has-all-meta-pkgConfigModules

Test whether openssl-3.5.1 exposes pkg-config modules libcrypto, libssl, openssl
  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 48
CVE-2025-3359
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Gnuplot: segmentation fault via io_str_init_static_internal function

A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.

gnuplot
<6.1

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 3