⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-40906 created 5 days, 15 hours ago
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.

BSON-XS
=<0.8.4

pkgs.perl536Packages.BSONXS

XS implementation of MongoDB's BSON serialization (EOL)

pkgs.perl540Packages.BSONXS

XS implementation of MongoDB's BSON serialization (EOL)

pkgs.perl536Packages.BSONXS.x86_64-linux

XS implementation of MongoDB's BSON serialization (EOL)

pkgs.perl538Packages.BSONXS.x86_64-linux

XS implementation of MongoDB's BSON serialization (EOL)

pkgs.perl540Packages.BSONXS.x86_64-linux

XS implementation of MongoDB's BSON serialization (EOL)

pkgs.perl536Packages.BSONXS.aarch64-linux

XS implementation of MongoDB's BSON serialization (EOL)

pkgs.perl538Packages.BSONXS.aarch64-linux

XS implementation of MongoDB's BSON serialization (EOL)

pkgs.perl540Packages.BSONXS.aarch64-linux

XS implementation of MongoDB's BSON serialization (EOL)
CVE-2025-40907
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 5 days, 15 hours ago
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

FCGI
=<0.82

pkgs.perl536Packages.FCGI

Fast CGI module

pkgs.perl540Packages.FCGI

Fast CGI module

pkgs.perl536Packages.FCGIClient

Client library for fastcgi protocol

pkgs.perl538Packages.FCGIClient

Client library for fastcgi protocol

pkgs.perl540Packages.FCGIClient

Client library for fastcgi protocol

pkgs.perl536Packages.FCGIProcManager

A perl-based FastCGI process manager

pkgs.perl538Packages.FCGIProcManager

Perl-based FastCGI process manager

pkgs.perl540Packages.FCGIProcManager

Perl-based FastCGI process manager

pkgs.perl536Packages.FCGI.x86_64-linux

Fast CGI module

pkgs.perl538Packages.FCGI.x86_64-linux

Fast CGI module

pkgs.perl540Packages.FCGI.x86_64-linux

Fast CGI module

pkgs.perl536Packages.FCGI.aarch64-linux

Fast CGI module

pkgs.perl536Packages.FCGI.x86_64-darwin

Fast CGI module

pkgs.perl538Packages.FCGI.aarch64-linux

Fast CGI module

pkgs.perl538Packages.FCGI.x86_64-darwin

Fast CGI module

pkgs.perl540Packages.FCGI.aarch64-linux

Fast CGI module

pkgs.perl540Packages.FCGI.x86_64-darwin

Fast CGI module

pkgs.perl536Packages.FCGI.aarch64-darwin

Fast CGI module

pkgs.perl538Packages.FCGI.aarch64-darwin

Fast CGI module

pkgs.perl540Packages.FCGI.aarch64-darwin

Fast CGI module

pkgs.perl536Packages.FCGIClient.x86_64-linux

Client library for fastcgi protocol

pkgs.perl538Packages.FCGIClient.x86_64-linux

Client library for fastcgi protocol

pkgs.perl540Packages.FCGIClient.x86_64-linux

Client library for fastcgi protocol

pkgs.perl536Packages.FCGIClient.aarch64-linux

Client library for fastcgi protocol

pkgs.perl536Packages.FCGIClient.x86_64-darwin

Client library for fastcgi protocol

pkgs.perl538Packages.FCGIClient.aarch64-linux

Client library for fastcgi protocol

pkgs.perl538Packages.FCGIClient.x86_64-darwin

Client library for fastcgi protocol

pkgs.perl540Packages.FCGIClient.aarch64-linux

Client library for fastcgi protocol

pkgs.perl540Packages.FCGIClient.x86_64-darwin

Client library for fastcgi protocol

pkgs.perl536Packages.FCGIClient.aarch64-darwin

Client library for fastcgi protocol

pkgs.perl538Packages.FCGIClient.aarch64-darwin

Client library for fastcgi protocol

pkgs.perl540Packages.FCGIClient.aarch64-darwin

Client library for fastcgi protocol

pkgs.perl536Packages.FCGIProcManager.x86_64-linux

A perl-based FastCGI process manager

pkgs.perl538Packages.FCGIProcManager.x86_64-linux

Perl-based FastCGI process manager

pkgs.perl540Packages.FCGIProcManager.x86_64-linux

Perl-based FastCGI process manager

pkgs.perl536Packages.FCGIProcManager.aarch64-linux

A perl-based FastCGI process manager

pkgs.perl536Packages.FCGIProcManager.x86_64-darwin

A perl-based FastCGI process manager

pkgs.perl538Packages.FCGIProcManager.aarch64-linux

Perl-based FastCGI process manager

pkgs.perl538Packages.FCGIProcManager.x86_64-darwin

Perl-based FastCGI process manager

pkgs.perl540Packages.FCGIProcManager.aarch64-linux

Perl-based FastCGI process manager

pkgs.perl540Packages.FCGIProcManager.x86_64-darwin

Perl-based FastCGI process manager

pkgs.perl536Packages.FCGIProcManager.aarch64-darwin

A perl-based FastCGI process manager

pkgs.perl538Packages.FCGIProcManager.aarch64-darwin

Perl-based FastCGI process manager

pkgs.perl540Packages.FCGIProcManager.aarch64-darwin

Perl-based FastCGI process manager
CVE-2025-4476
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 5 days, 15 hours ago
Libsoup: null pointer dereference in libsoup may lead to denial of service

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.

libsoup

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Notify package maintainers: 6
CVE-2025-31639
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 days, 15 hours ago
WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.

spare
=<1.7

pkgs.asciiquarium-transparent

An aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.texlivePackages.transparent

Using a color stack for transparency with pdfTeX

pkgs.texlivePackages.transparent-io

Show for approval the filenames used in input, openin, or openout

pkgs.gnomeExtensions.transparent-topbar

Transparent Topbar with Multi monitors support
  • nixos-24.05 4
    • nixos-24.05-small 4

pkgs.gnomeExtensions.transparent-top-bar

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.

pkgs.asciiquarium-transparent.x86_64-linux

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.asciiquarium-transparent.aarch64-linux

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.asciiquarium-transparent.x86_64-darwin

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.asciiquarium-transparent.aarch64-darwin

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.texlivePackages.transparent.x86_64-linux

Using a color stack for transparency with pdfTeX

pkgs.gnomeExtensions.transparent-window-moving

Makes the window semi-transparent when moving or resizing

pkgs.texlivePackages.transparent-io.x86_64-linux

Show for approval the filenames used in input, openin, or openout

pkgs.gnomeExtensions.transparent-topbar.x86_64-linux

Transparent Topbar with Multi monitors support
  • nixos-24.05 4
    • nixpkgs-24.05-darwin 4

pkgs.gnomeExtensions.transparent-top-bar.x86_64-linux

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.

pkgs.gnomeExtensions.transparent-topbar.aarch64-linux

Transparent Topbar with Multi monitors support
  • nixos-24.05 4
    • nixpkgs-24.05-darwin 4

pkgs.gnomeExtensions.transparent-top-bar.aarch64-linux

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.

pkgs.gnomeExtensions.transparent-window-moving.x86_64-linux

Makes the window semi-transparent when moving or resizing

pkgs.gnomeExtensions.transparent-window-moving.aarch64-linux

Makes the window semi-transparent when moving or resizing

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency.x86_64-linux

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency.aarch64-linux

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar
Notify package maintainers: 4
CVE-2024-4981
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 1 week, 2 days ago by @mweinelt Activity log
  • Created automatic suggestion
  • @fricklerhandwerk removed package pkgs.haskellPackages.pagure 0.1.2
  • @mweinelt dismissed
  • @mweinelt marked as untriaged
Pagure: _update_file_in_git() follows symbolic links in temporary clones

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

pagure
<5.14.1

pkgs.haskellPackages.pagure.x86_64-linux

Pagure REST client library

pkgs.haskellPackages.pagure.aarch64-linux

Pagure REST client library

pkgs.haskellPackages.pagure.x86_64-darwin

Pagure REST client library

pkgs.haskellPackages.pagure.aarch64-darwin

Pagure REST client library

pkgs.haskellPackages.pagure-cli.x86_64-linux

Pagure client

pkgs.haskellPackages.pagure-cli.aarch64-linux

Pagure client

pkgs.haskellPackages.pagure-cli.x86_64-darwin

Pagure client

pkgs.haskellPackages.pagure-cli.aarch64-darwin

Pagure client
CVE-2024-4982
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 week, 2 days ago
Pagure: path traversal in view_issue_raw_file()

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

pagure
<5.14.1

pkgs.haskellPackages.pagure.x86_64-linux

Pagure REST client library

pkgs.haskellPackages.pagure.aarch64-linux

Pagure REST client library

pkgs.haskellPackages.pagure.x86_64-darwin

Pagure REST client library

pkgs.haskellPackages.pagure.aarch64-darwin

Pagure REST client library

pkgs.haskellPackages.pagure-cli.x86_64-linux

Pagure client

pkgs.haskellPackages.pagure-cli.aarch64-linux

Pagure client

pkgs.haskellPackages.pagure-cli.x86_64-darwin

Pagure client

pkgs.haskellPackages.pagure-cli.aarch64-darwin

Pagure client
CVE-2024-24762
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 week, 5 days ago
python-multipart vulnerable to content-type header Regular expression Denial of Service

`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

fastapi
<0.109.1
startlette
<0.36.2
python-multipart
<0.0.7

pkgs.fastapi-cli

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.fastapi-cli.x86_64-linux

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.fastapi-cli.aarch64-linux

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.fastapi-cli.x86_64-darwin

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.fastapi-cli.aarch64-darwin

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi-cli

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi-sso

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python312Packages.fastapi-cli

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python312Packages.fastapi-sso

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python311Packages.fastapi-mail

Module for sending emails and attachments

pkgs.python311Packages.fastapi-cli.x86_64-linux

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi-sso.x86_64-linux

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python312Packages.fastapi-cli.x86_64-linux

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python312Packages.fastapi-sso.x86_64-linux

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python311Packages.fastapi-cli.aarch64-linux

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi-cli.x86_64-darwin

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi-sso.aarch64-linux

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python311Packages.fastapi-sso.x86_64-darwin

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python312Packages.fastapi-cli.aarch64-linux

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python312Packages.fastapi-cli.x86_64-darwin

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python312Packages.fastapi-mail.x86_64-linux

Module for sending emails and attachments

pkgs.python312Packages.fastapi-sso.aarch64-linux

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python312Packages.fastapi-sso.x86_64-darwin

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python311Packages.fastapi-cli.aarch64-darwin

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python311Packages.fastapi-sso.aarch64-darwin

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python312Packages.fastapi-cli.aarch64-darwin

Run and manage FastAPI apps from the command line with FastAPI CLI

pkgs.python312Packages.fastapi-mail.aarch64-linux

Module for sending emails and attachments

pkgs.python312Packages.fastapi-mail.x86_64-darwin

Module for sending emails and attachments

pkgs.python312Packages.fastapi-sso.aarch64-darwin

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account

pkgs.python312Packages.fastapi-mail.aarch64-darwin

Module for sending emails and attachments

pkgs.python311Packages.python-multipart.x86_64-linux

Streaming multipart parser for Python

pkgs.python311Packages.python-multipart.aarch64-linux

Streaming multipart parser for Python

pkgs.python311Packages.python-multipart.x86_64-darwin

Streaming multipart parser for Python

pkgs.python311Packages.python-multipart.aarch64-darwin

Streaming multipart parser for Python

pkgs.python311Packages.prometheus-fastapi-instrumentator

Instrument FastAPI with Prometheus metrics

pkgs.python312Packages.prometheus-fastapi-instrumentator

Instrument FastAPI with Prometheus metrics

pkgs.python311Packages.opentelemetry-instrumentation-fastapi

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi

OpenTelemetry Instrumentation for fastapi

pkgs.python311Packages.prometheus-fastapi-instrumentator.x86_64-linux

Instrument FastAPI with Prometheus metrics

pkgs.python312Packages.prometheus-fastapi-instrumentator.x86_64-linux

Instrument FastAPI with Prometheus metrics

pkgs.python311Packages.prometheus-fastapi-instrumentator.aarch64-linux

Instrument FastAPI with Prometheus metrics

pkgs.python312Packages.prometheus-fastapi-instrumentator.aarch64-linux

Instrument FastAPI with Prometheus metrics

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.x86_64-linux

OpenTelemetry Instrumentation for fastapi

pkgs.python311Packages.opentelemetry-instrumentation-fastapi.aarch64-linux

OpenTelemetry Instrumentation for fastapi

pkgs.python311Packages.opentelemetry-instrumentation-fastapi.x86_64-darwin

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.aarch64-linux

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.x86_64-darwin

OpenTelemetry Instrumentation for fastapi

pkgs.python311Packages.opentelemetry-instrumentation-fastapi.aarch64-darwin

OpenTelemetry Instrumentation for fastapi

pkgs.python312Packages.opentelemetry-instrumentation-fastapi.aarch64-darwin

OpenTelemetry Instrumentation for fastapi
CVE-2025-47509
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 weeks ago
WordPress Top 10 <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.

top-10
=<4.1.0

pkgs.darwin.top

pkgs.budgie.budgie-desktop

A feature-rich, modern desktop designed to keep out the way of the user

pkgs.darwin.top.x86_64-darwin

pkgs.darwin.top.aarch64-darwin

pkgs.gnomeExtensions.pip-on-top

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.

pkgs.budgie-desktop.x86_64-linux

Feature-rich, modern desktop designed to keep out the way of the user

pkgs.budgie-desktop.aarch64-linux

Feature-rich, modern desktop designed to keep out the way of the user

pkgs.gnomeExtensions.show-apps-at-top

Put show apps icon at top in Gnome default dash

pkgs.budgie.budgie-desktop.x86_64-linux

A feature-rich, modern desktop designed to keep out the way of the user

pkgs.budgie.budgie-desktop.aarch64-linux

A feature-rich, modern desktop designed to keep out the way of the user

pkgs.gnomeExtensions.pip-on-top.x86_64-linux

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.

pkgs.gnomeExtensions.pip-on-top.aarch64-linux

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.

pkgs.gnomeExtensions.show-apps-at-top.x86_64-linux

Put show apps icon at top in Gnome default dash

pkgs.gnomeExtensions.show-apps-at-top.aarch64-linux

Put show apps icon at top in Gnome default dash
CVE-2025-47441
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 weeks ago
WordPress Progress Bar <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar allows Stored XSS. This issue affects Progress Bar: from n/a through 2.2.3.

progress-bar
=<2.2.3

pkgs.haskellPackages.terminal-progress-bar.x86_64-linux

A progress bar in the terminal

pkgs.haskellPackages.terminal-progress-bar.aarch64-linux

A progress bar in the terminal

pkgs.haskellPackages.terminal-progress-bar.x86_64-darwin

A progress bar in the terminal

pkgs.haskellPackages.terminal-progress-bar.aarch64-darwin

A progress bar in the terminal
CVE-2025-1400
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 weeks ago
Out-of-bounds Read in libplctag library

Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

libplctag
=<2.6.3

pkgs.libplctag

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.x86_64-linux

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.aarch64-linux

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.x86_64-darwin

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.aarch64-darwin

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs