⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-2236
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 5 months ago
Libgcrypt: vulnerable to marvin attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

libgcrypt
*
<9.4.0
mingw-libgcrypt

pkgs.libgcrypt

General-purpose cryptographic library

pkgs.libgcrypt_1_8

General-purpose cryptographic library
CVE-2023-6917
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 5 months ago
Pcp: unsafe use of directories allows pcp to root privilege escalation

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.

pcp
*

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

pkgs.ncmpcpp

Featureful ncurses based MPD client inspired by ncmpc

pkgs.libamqpcpp

Library for communicating with a RabbitMQ server

pkgs.python311Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-linux

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.x86_64-darwin

C99 preprocessor written in pure Python

pkgs.python312Packages.pcpp.aarch64-darwin

C99 preprocessor written in pure Python
Package maintainers: 5
CVE-2025-31787
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 5 months ago
WordPress Cue by AudioTheme.com plugin <= 2.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4.

cue
=<2.4.4

pkgs.cue

Data constraint language which aims to simplify tasks involving defining and using data

pkgs.mkcue

Generates CUE sheets from a CD TOC
  • nixos-unstable 1
    • nixos-unstable-small 1
    • nixpkgs-unstable 1

pkgs.cuelsp

Language Server implementation for CUE, with built-in support for Dagger

pkgs.cuetsy

Experimental CUE->TypeScript exporter

pkgs.libcue

CUE Sheet Parser Library

pkgs.cuetools

Set of utilities for working with cue files and toc files

pkgs.ddrescue

GNU ddrescue, a data recovery tool

pkgs.mrrescue

Arcade-style fire fighting game

pkgs.myrescue

Hard disk recovery tool that reads undamaged regions first

pkgs.dd_rescue

Tool to copy data from a damaged block device

pkgs.rescuetime

Helps you understand your daily habits so you can focus and be more productive

pkgs.ddrescueview

Tool to graphically examine ddrescue mapfiles

pkgs.tests.cue-validation

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.rescuetime.x86_64-linux

Helps you understand your daily habits so you can focus and be more productive

pkgs.haskellPackages.cue-sheet

Support for construction, rendering, and parsing of CUE sheets

pkgs.python311Packages.aiooncue

Module to interact with the Kohler Oncue API

pkgs.python312Packages.aiooncue

Module to interact with the Kohler Oncue API

pkgs.vscode-extensions.asdine.cue

Cue language support for Visual Studio Code

pkgs.vimPlugins.vim-cue.x86_64-linux

pkgs.vimPlugins.vim-cue.aarch64-linux

pkgs.vimPlugins.vim-cue.x86_64-darwin

pkgs.vimPlugins.vim-cue.aarch64-darwin

pkgs.home-assistant-component-tests.oncue

Open source home automation that puts local control and privacy first

pkgs.haskellPackages.cue-sheet.x86_64-linux

Support for construction, rendering, and parsing of CUE sheets

pkgs.vimPlugins.nvim-treesitter-parsers.cue

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.haskellPackages.cue-sheet.aarch64-linux

Support for construction, rendering, and parsing of CUE sheets

pkgs.haskellPackages.cue-sheet.x86_64-darwin

Support for construction, rendering, and parsing of CUE sheets

pkgs.haskellPackages.cue-sheet.aarch64-darwin

Support for construction, rendering, and parsing of CUE sheets

pkgs.vscode-extensions.asdine.cue.x86_64-linux

Cue language support for Visual Studio Code

pkgs.vscode-extensions.asdine.cue.aarch64-linux

Cue language support for Visual Studio Code

pkgs.vscode-extensions.asdine.cue.x86_64-darwin

Cue language support for Visual Studio Code

pkgs.vscode-extensions.asdine.cue.aarch64-darwin

Cue language support for Visual Studio Code
Package maintainers: 18
CVE-2025-22523
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 5 months, 1 week ago
WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.

schedule
=<1.0.0

pkgs.system76-scheduler

System76 Scheduler

pkgs.haskellPackages.schedule

Pure deterministic scheduled computations

pkgs.python311Packages.schedule

Python job scheduling for humans

pkgs.python312Packages.schedule

Python job scheduling for humans

pkgs.python311Packages.pyschedule

Formulate and solve resource-constrained scheduling problems

pkgs.python312Packages.pyschedule

Formulate and solve resource-constrained scheduling problems

pkgs.python311Packages.apscheduler

Library that lets you schedule your Python code to be executed

pkgs.python312Packages.apscheduler

Library that lets you schedule your Python code to be executed

pkgs.haskellPackages.monad-schedule

A new, simple, composable concurrency abstraction

pkgs.haskellPackages.amazonka-scheduler

Amazon EventBridge Scheduler SDK

pkgs.python311Packages.django-scheduler

Calendar app for Django

pkgs.python312Packages.django-scheduler

Calendar app for Django

pkgs.azure-cli-extensions.scheduled-query

Microsoft Azure Command-Line Tools Scheduled_query Extension

pkgs.linuxPackages_zen.system76-scheduler

System76 Scheduler

pkgs.python311Packages.django-apscheduler

APScheduler for Django

pkgs.python312Packages.django-apscheduler

APScheduler for Django

pkgs.python311Packages.azure-mgmt-scheduler

This is the Microsoft Azure Scheduler Management Client Library

pkgs.python311Packages.finetuning-scheduler

PyTorch Lightning extension for foundation model experimentation with flexible fine-tuning schedules

pkgs.python312Packages.azure-mgmt-scheduler

This is the Microsoft Azure Scheduler Management Client Library

pkgs.python312Packages.finetuning-scheduler

PyTorch Lightning extension for foundation model experimentation with flexible fine-tuning schedules

pkgs.home-assistant-component-tests.schedule

Open source home automation that puts local control and privacy first

pkgs.python312Packages.schedule.x86_64-linux

Python job scheduling for humans

pkgs.python312Packages.schedule.aarch64-linux

Python job scheduling for humans

pkgs.python312Packages.schedule.x86_64-darwin

Python job scheduling for humans

pkgs.python312Packages.pyschedule.x86_64-linux

Formulate and solve resource-constrained scheduling problems

pkgs.python312Packages.schedule.aarch64-darwin

Python job scheduling for humans

pkgs.python312Packages.pyschedule.aarch64-linux

Formulate and solve resource-constrained scheduling problems

pkgs.python312Packages.pyschedule.x86_64-darwin

Formulate and solve resource-constrained scheduling problems

pkgs.haskellPackages.monad-schedule.x86_64-linux

A new, simple, composable concurrency abstraction

pkgs.python312Packages.pyschedule.aarch64-darwin

Formulate and solve resource-constrained scheduling problems

pkgs.haskellPackages.monad-schedule.aarch64-linux

A new, simple, composable concurrency abstraction

pkgs.haskellPackages.monad-schedule.x86_64-darwin

A new, simple, composable concurrency abstraction

pkgs.haskellPackages.monad-schedule.aarch64-darwin

A new, simple, composable concurrency abstraction

pkgs.python311Packages.types-aiobotocore-scheduler

Type annotations for aiobotocore scheduler

pkgs.python312Packages.types-aiobotocore-scheduler

Type annotations for aiobotocore scheduler

pkgs.linuxPackages_zen.system76-scheduler.x86_64-linux

System76 Scheduler

pkgs.linuxKernel.packages.linux_5_10.system76-scheduler

System76 Scheduler

pkgs.linuxPackages_zen.system76-scheduler.aarch64-linux

System76 Scheduler

pkgs.python312Packages.mypy-boto3-scheduler.x86_64-linux

Type annotations for boto3 scheduler

pkgs.python312Packages.mypy-boto3-scheduler.aarch64-linux

Type annotations for boto3 scheduler

pkgs.python312Packages.mypy-boto3-scheduler.x86_64-darwin

Type annotations for boto3 scheduler

pkgs.python312Packages.mypy-boto3-scheduler.aarch64-darwin

Type annotations for boto3 scheduler

pkgs.home-assistant-custom-components.waste_collection_schedule

Home Assistant integration framework for (garbage collection) schedules

pkgs.linuxKernel.packages.linux_5_4_hardened.system76-scheduler

System76 Scheduler

pkgs.linuxKernel.packages.linux_latest_libre.system76-scheduler

System76 Scheduler

pkgs.python312Packages.types-aiobotocore-scheduler.x86_64-linux

Type annotations for aiobotocore scheduler

pkgs.python312Packages.types-aiobotocore-scheduler.aarch64-linux

Type annotations for aiobotocore scheduler

pkgs.python312Packages.types-aiobotocore-scheduler.x86_64-darwin

Type annotations for aiobotocore scheduler

pkgs.python312Packages.types-aiobotocore-scheduler.aarch64-darwin

Type annotations for aiobotocore scheduler

pkgs.linuxKernel.packages.linux_latest_libre.system76-scheduler.x86_64-linux

System76 Scheduler

pkgs.linuxKernel.packages.linux_latest_libre.system76-scheduler.aarch64-linux

System76 Scheduler
Package maintainers: 13
CVE-2024-13939
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 5 months, 1 week ago
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

String-Compare-ConstantTime
=<0.321

pkgs.perl538Packages.StringCompareConstantTime

Timing side-channel protected string compare

pkgs.perl540Packages.StringCompareConstantTime

Timing side-channel protected string compare

pkgs.perl540Packages.StringCompareConstantTime.x86_64-linux

Timing side-channel protected string compare

pkgs.perl540Packages.StringCompareConstantTime.aarch64-linux

Timing side-channel protected string compare

pkgs.perl540Packages.StringCompareConstantTime.x86_64-darwin

Timing side-channel protected string compare

pkgs.perl540Packages.StringCompareConstantTime.aarch64-darwin

Timing side-channel protected string compare
CVE-2025-1860
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 5 months, 1 week ago
Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Data-Entropy
<0.008

pkgs.perl538Packages.DataEntropy

Entropy (randomness) management

pkgs.perl540Packages.DataEntropy

Entropy (randomness) management
CVE-2025-31164
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 5 months, 1 week ago
fig2dev heap-buffer overflow

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline.

fig2dev
==3.2.9a

pkgs.fig2dev

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2025-31163
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 5 months, 1 week ago
fig2dev segmentation fault

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.

fig2dev
==3.2.9a

pkgs.fig2dev

Tool to convert Xfig files to other formats
Package maintainers: 1
CVE-2025-31176
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Gnuplot: gnuplot segmentation fault on plot3d_points

A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.

gnuplot
<6.0

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-darwin

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-darwin

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-31180
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Gnuplot: gnuplot segmentation fault on canvas_text

A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.

gnuplot
<6.0

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-darwin

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-darwin

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Package maintainers: 3