Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-28855
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Teleport allows Reflected XSS. This issue affects Teleport: from n/a through 1.2.4.

teleport
=<1.2.4

pkgs.teleport_16

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

pkgs.teleport_17

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

pkgs.teleport_18

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

pkgs.lomiri.teleports

Ubuntu Touch Telegram client

pkgs.obs-studio-plugins.obs-teleport

OBS Studio plugin for an open NDI-like replacement
Package maintainers: 8
CVE-2025-28873
8.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Shuffle plugin <= 0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Shuffle allows Blind SQL Injection. This issue affects Shuffle: from n/a through 0.5.

shuffle
=<0.5

pkgs.ashuffle

Automatic library-wide shuffle for mpd

pkgs.linuxPackages.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.haskellPackages.list-shuffle

List shuffling and sampling

pkgs.haskellPackages.pure-shuffle

pkgs.linuxPackages_lqx.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxPackages_zen.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.haskellPackages.random-shuffle

Random shuffle implementation

pkgs.linuxPackages-libre.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxPackages_latest.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxPackages_xanmod.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxPackages_latest-libre.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxPackages_xanmod_stable.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_1.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_6.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_lqx.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_zen.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_12.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_16.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_libre.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_xanmod.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_latest_libre.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_12_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_xanmod_stable.shufflecake

Plausible deniability (hidden storage) layer for Linux
  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 2
CVE-2024-47516
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Pagure: argument injection in pagurerepo.log()

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

pagure
==5.14.1

pkgs.haskellPackages.pagure

Pagure REST client library

pkgs.haskellPackages.pagure-cli

A Pagure gitforge query tool
CVE-2022-1804
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Accountsservice incorrectly drops privileges

accountsservice no longer drops permissions when writting .pam_environment

accountsservice
<22.07.5-2ubuntu1.3

pkgs.accountsservice

D-Bus interface for user account query and manipulation
Package maintainers: 2
CVE-2025-30617
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allows Cross Site Request Forgery. This issue affects Rewrite: from n/a through 0.2.1.

rewrite
=<0.2.1

pkgs.haskellPackages.rest-rewrite

Rewriting library with online termination checking

pkgs.rubyPackages.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_1.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_2.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_3.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_4.cocoapods-git_url_rewriter

Package maintainers: 3
CVE-2025-30566
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Clink - <= <= 1.2.2 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aryan Themes Clink allows DOM-Based XSS. This issue affects Clink: from n/a through 1.2.2.

clink
=<1.2.2

pkgs.haskellPackages.gogol-firebase-dynamiclinks

Google Firebase Dynamic Links SDK
CVE-2025-30595
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress include-file - <= <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tstafford include-file allows Stored XSS. This issue affects include-file: from n/a through 1.

include-file
=<1

pkgs.haskellPackages.include-file

Inclusion of files in executables at compile-time
CVE-2025-30621
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.

translator
=<0.3

pkgs.gtranslator

GNOME translation making program

pkgs.deep-translator

Python tool to translate between different languages by using multiple translators

pkgs.appmenu-glib-translator

Library for translating from DBusMenu to GMenuModel

pkgs.python312Packages.deep-translator

Python tool to translate between different languages by using multiple translators

pkgs.python313Packages.deep-translator

Python tool to translate between different languages by using multiple translators

pkgs.azure-cli-extensions.cli-translator

Translate ARM template to executable Azure CLI scripts

pkgs.python312Packages.aws-sam-translator

Python library to transform SAM templates into AWS CloudFormation templates

pkgs.python313Packages.aws-sam-translator

Python library to transform SAM templates into AWS CloudFormation templates
Package maintainers: 4
CVE-2024-25132
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
Openshift-dedicated: hive: hibernation controller denial of service

A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop leading to a panic when accessing a non-existing field in the ClusterDeployment’s status section, resulting in a denial of service.

hive
<126c7eb43aa55a008b8f0cf594e7bd18086841eb

pkgs.hivex

Windows registry hive extraction library

pkgs.enchive

Encrypted personal archives

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

pkgs.hivemind

Process manager for Procfile-based applications

pkgs.zarchive

File archive format supporting random-access reads

pkgs.xarchiver

GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)

pkgs.ytarchive

Garbage Youtube livestream downloader

pkgs.disarchive

Disassemble software into data and metadata

pkgs.fsarchiver

File system archiver for linux

pkgs.libarchive

Multi-format archive and compression library

pkgs.tg-archive

Tool for exporting Telegram group chats into static websites like mailing list archives

pkgs.archivemount

Gateway between FUSE and libarchive: allows mounting of cpio, .tar.gz, .tar.bz2 archives

pkgs.fuse-archive

Serve an archive or a compressed file as a read-only FUSE file system

pkgs.jpeg-archive

Utilities for archiving photos for saving to long term storage or serving over the web

pkgs.web-archives

Web archives reader offering the ability to browse offline millions of articles

pkgs.hivelytracker

Chip music tracker based upon the AHX format

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

pkgs.lparchive2epub

Transform any LP from lparchive into an epub document

pkgs.the-unarchiver

Unpacks archive files

pkgs.git-archive-all

Archive a repository with all its submodules

pkgs.internetarchive

Python and Command-Line Interface to Archive.org

pkgs.autoconf-archive

Archive of autoconf m4 macros

pkgs.guile-disarchive

Disassemble software into data and metadata

pkgs.mastodon-archive

Utility for backing up your Mastodon content

pkgs.mlarchive2maildir

Imports mail from (pipermail) archives into a maildir

pkgs.lxqt.lxqt-archiver

Archive tool for the LXQt desktop environment

pkgs.libsForQt5.karchive

pkgs.php81Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.php82Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.php83Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.php84Packages.phive

Phar Installation and Verification Environment (PHIVE)

pkgs.kdePackages.karchive

Qt addon providing access to numerous types of archives

pkgs.CuboCore.corearchiver

Archiver from the C Suite to create and extract archives

pkgs.stripJavaArchivesHook

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.canonicalize-jars-hook

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.perlPackages.ArchiveTar

Manipulates TAR archives

pkgs.perlPackages.ArchiveCpio

Module for manipulations of cpio archives

pkgs.plasma5Packages.karchive

pkgs.wayback-machine-archiver

Python script to submit web pages to the Wayback Machine for archiving

pkgs.kodiPackages.archive_tool

Set of common python functions to work with the Kodi archive virtual file system (vfs) binary addons

pkgs.haskellPackages.libarchive

Haskell interface to libarchive

pkgs.perl538Packages.ArchiveTar

Manipulates TAR archives

pkgs.perl540Packages.ArchiveTar

Manipulates TAR archives

pkgs.xfce.thunar-archive-plugin

Thunar plugin providing file context menus for archives

pkgs.haskellPackages.archive-sig

Backpack signature for archive libraries

pkgs.haskellPackages.archive-tar

Common interface using the tar package

pkgs.haskellPackages.zip-archive

Library for creating and modifying zip archives

pkgs.kodiPackages.vfs-libarchive

LibArchive Virtual Filesystem add-on for Kodi

pkgs.perl538Packages.ArchiveCpio

Module for manipulations of cpio archives

pkgs.perl540Packages.ArchiveCpio

Module for manipulations of cpio archives

pkgs.perlPackages.ArchiveAnyLite

Simple CPAN package extractor

pkgs.perlPackages.ArchiveExtract

Generic archive extracting mechanism

pkgs.terraform-providers.archive

pkgs.perlPackages.ArchiveZip_1_53

Provide an interface to ZIP archive files

pkgs.rubyPackages.jekyll-archives

pkgs.perl538Packages.ArchiveAnyLite

Simple CPAN package extractor

pkgs.perl538Packages.ArchiveExtract

Generic archive extracting mechanism

pkgs.perl540Packages.ArchiveAnyLite

Simple CPAN package extractor

pkgs.perl540Packages.ArchiveExtract

Generic archive extracting mechanism

pkgs.perlPackages.ArchiveLibarchive

Modern Perl bindings to libarchive

pkgs.perlPackages.ArchiveTarWrapper

API wrapper around the 'tar' utility

pkgs.python312Packages.libarchive-c

Python interface to libarchive

pkgs.python313Packages.libarchive-c

Python interface to libarchive

pkgs.perl538Packages.ArchiveZip_1_53

Provide an interface to ZIP archive files

pkgs.perl540Packages.ArchiveZip_1_53

Provide an interface to ZIP archive files

pkgs.perlPackages.NetCoverArtArchive

Query the coverartarchive.org

pkgs.python312Packages.craft-archives

Library for handling archives/repositories in Canonical craft applications

pkgs.python312Packages.handy-archives

Some handy archive helpers for Python

pkgs.python313Packages.craft-archives

Library for handling archives/repositories in Canonical craft applications

pkgs.python313Packages.handy-archives

Some handy archive helpers for Python

pkgs.rubyPackages_3_1.jekyll-archives

pkgs.rubyPackages_3_2.jekyll-archives

pkgs.rubyPackages_3_3.jekyll-archives

pkgs.rubyPackages_3_4.jekyll-archives

pkgs.perl538Packages.ArchiveLibarchive

Modern Perl bindings to libarchive

pkgs.perl538Packages.ArchiveTarWrapper

API wrapper around the 'tar' utility

pkgs.perl540Packages.ArchiveLibarchive

Modern Perl bindings to libarchive

pkgs.perl540Packages.ArchiveTarWrapper

API wrapper around the 'tar' utility

pkgs.python312Packages.dissect-archive

Dissect module implementing parsers for various archive and backup formats

pkgs.python312Packages.internetarchive

Python and Command-Line Interface to Archive.org

pkgs.python313Packages.dissect-archive

Dissect module implementing parsers for various archive and backup formats

pkgs.python313Packages.internetarchive

Python and Command-Line Interface to Archive.org

pkgs.haskellPackages.archive-libarchive

Common interface using libarchive

pkgs.haskellPackages.libarchive-conduit

Read many archive formats with libarchive and conduit

pkgs.perl538Packages.NetCoverArtArchive

Query the coverartarchive.org

pkgs.perl540Packages.NetCoverArtArchive

Query the coverartarchive.org

pkgs.perlPackages.ArchiveLibarchivePeek

Peek into archives without extracting them

pkgs.perlPackages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

pkgs.home-assistant-component-tests.hive

Open source home automation that puts local control and privacy first

pkgs.python312Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

pkgs.python313Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

pkgs.python312Packages.pyhive-integration

Python library to interface with the Hive API

pkgs.python313Packages.pyhive-integration

Python library to interface with the Hive API

pkgs.perl538Packages.ArchiveLibarchivePeek

Peek into archives without extracting them

pkgs.perl538Packages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

pkgs.perl540Packages.ArchiveLibarchivePeek

Peek into archives without extracting them

pkgs.perl540Packages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

pkgs.perlPackages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

pkgs.perl538Packages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

pkgs.perl540Packages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

pkgs.haskellPackages.amazonka-kinesis-video-archived-media

Amazon Kinesis Video Streams Archived Media SDK

pkgs.python312Packages.types-aiobotocore-kinesis-video-archived-media

Type annotations for aiobotocore kinesis-video-archived-media

pkgs.python313Packages.types-aiobotocore-kinesis-video-archived-media

Type annotations for aiobotocore kinesis-video-archived-media
Package maintainers: 49
CVE-2024-11736
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.

keycloak
<26.0.8
rhbk/keycloak-rhel9
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
org.keycloak/keycloak-quarkus-server

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4