Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-62401 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 3 days ago Moodle: possible to bypass timer in timed assignments An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62397 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: router produces json instead of 404 error for invalid course id The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. moodle <5.0.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62399 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 3 weeks, 3 days ago Moodle: password brute force risk when mobile/web services enabled Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62394 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: quiz notifications sent to suspended participants Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information. moodle <5.0.3 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62393 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: course access permissions not properly checked in course_output_fragment_course_overview A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details. moodle <5.0.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62400 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: hidden group names visible to event creators Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62396 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: router (r.php) could expose application directories An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured. moodle <5.0.3 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62068 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 3 days ago WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09. e2pdf =<<= 1.28.09 pkgs.haskellPackages.line2pdf Simple command-line utility to convert text into PDF nixos-25.05 0.0.7 nixpkgs-25.05-darwin 0.0.7 nixos-25.05-small 0.0.7 nixos-unstable 0.0.7 nixos-unstable-small 0.0.7 nixpkgs-unstable 0.0.7 CVE-2025-11683 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): ADJACENT_NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago YAML::Syck versions before 1.36 for Perl has missing Null-Terminators which causes Out-of-Bounds Read and potential Information Disclosure YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module. YAML-Syck <1.36 pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable ??? nixos-unstable-small 1.34 nixpkgs-unstable 1.34 CVE-2025-11568 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 3 weeks, 3 days ago Luksmeta: data corruption when handling luks1 partitions with luksmeta A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue. rhcos luksmeta pkgs.luksmeta Simple library for storing metadata in the LUKSv1 header nixos-25.05 9 nixpkgs-25.05-darwin 9 nixos-25.05-small 9 nixos-unstable 9 nixos-unstable-small 9 nixpkgs-unstable 9 Package maintainers: 1 @fpletz Franz Pletz <fpletz@fnordicwalking.de>
CVE-2025-62401 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 3 days ago Moodle: possible to bypass timer in timed assignments An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62397 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: router produces json instead of 404 error for invalid course id The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. moodle <5.0.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62399 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 3 weeks, 3 days ago Moodle: password brute force risk when mobile/web services enabled Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62394 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: quiz notifications sent to suspended participants Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information. moodle <5.0.3 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62393 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: course access permissions not properly checked in course_output_fragment_course_overview A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details. moodle <5.0.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62400 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: hidden group names visible to event creators Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62396 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago Moodle: router (r.php) could expose application directories An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured. moodle <5.0.3 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62068 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 3 weeks, 3 days ago WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09. e2pdf =<<= 1.28.09 pkgs.haskellPackages.line2pdf Simple command-line utility to convert text into PDF nixos-25.05 0.0.7 nixpkgs-25.05-darwin 0.0.7 nixos-25.05-small 0.0.7 nixos-unstable 0.0.7 nixos-unstable-small 0.0.7 nixpkgs-unstable 0.0.7
pkgs.haskellPackages.line2pdf Simple command-line utility to convert text into PDF nixos-25.05 0.0.7 nixpkgs-25.05-darwin 0.0.7 nixos-25.05-small 0.0.7 nixos-unstable 0.0.7 nixos-unstable-small 0.0.7 nixpkgs-unstable 0.0.7
CVE-2025-11683 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): ADJACENT_NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 3 weeks, 3 days ago YAML::Syck versions before 1.36 for Perl has missing Null-Terminators which causes Out-of-Bounds Read and potential Information Disclosure YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module. YAML-Syck <1.36 pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable ??? nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable ??? nixos-unstable-small 1.34 nixpkgs-unstable 1.34
CVE-2025-11568 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 3 weeks, 3 days ago Luksmeta: data corruption when handling luks1 partitions with luksmeta A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue. rhcos luksmeta pkgs.luksmeta Simple library for storing metadata in the LUKSv1 header nixos-25.05 9 nixpkgs-25.05-darwin 9 nixos-25.05-small 9 nixos-unstable 9 nixos-unstable-small 9 nixpkgs-unstable 9 Package maintainers: 1 @fpletz Franz Pletz <fpletz@fnordicwalking.de>
pkgs.luksmeta Simple library for storing metadata in the LUKSv1 header nixos-25.05 9 nixpkgs-25.05-darwin 9 nixos-25.05-small 9 nixos-unstable 9 nixos-unstable-small 9 nixpkgs-unstable 9