Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-26597 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: buffer overflow in xkbchangetypesofkey() A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2025-26594 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago X.org: xwayland: use-after-free of the root cursor A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2025-26599 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: use of uninitialized pointer in compredirectwindow() An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2025-26932 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5. chatbot =<6.3.5 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-unstable 11 nixos-unstable-small 11 nixpkgs-unstable 11 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-26596 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: heap overflow in xkbwritekeysyms() A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2025-26915 8.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW created 6 months, 1 week ago WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41. wishlist =<1.0.41 pkgs.wishlist Single entrypoint for multiple SSH endpoints nixos-unstable 0.15.0 nixos-unstable-small 0.15.0 nixpkgs-unstable 0.15.0 Package maintainers: 2 @caarlos0 Carlos A Becker <carlos@becker.software> @penguwin Nicolas Martin <penguwin@penguwin.eu> CVE-2025-26600 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: use-after-free in playreleasedevents() A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2025-26601 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: use-after-free in syncinittrigger() A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2023-28331 6.1 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 6 months, 1 week ago Moodle: xss risk when outputting database activity filter data Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. moodle <3.9.20 <3.11.13 <4.0.7 <4.1.2 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-26598 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: out-of-bounds write in createpointerbarrierclient() An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-26597 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: buffer overflow in xkbchangetypesofkey() A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-26594 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago X.org: xwayland: use-after-free of the root cursor A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-26599 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: use of uninitialized pointer in compredirectwindow() An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-26932 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5. chatbot =<6.3.5 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-unstable 11 nixos-unstable-small 11 nixpkgs-unstable 11 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-unstable 11 nixos-unstable-small 11 nixpkgs-unstable 11
CVE-2025-26596 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: heap overflow in xkbwritekeysyms() A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-26915 8.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW created 6 months, 1 week ago WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41. wishlist =<1.0.41 pkgs.wishlist Single entrypoint for multiple SSH endpoints nixos-unstable 0.15.0 nixos-unstable-small 0.15.0 nixpkgs-unstable 0.15.0 Package maintainers: 2 @caarlos0 Carlos A Becker <carlos@becker.software> @penguwin Nicolas Martin <penguwin@penguwin.eu>
pkgs.wishlist Single entrypoint for multiple SSH endpoints nixos-unstable 0.15.0 nixos-unstable-small 0.15.0 nixpkgs-unstable 0.15.0
CVE-2025-26600 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: use-after-free in playreleasedevents() A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-26601 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: use-after-free in syncinittrigger() A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2023-28331 6.1 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 6 months, 1 week ago Moodle: xss risk when outputting database activity filter data Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. moodle <3.9.20 <3.11.13 <4.0.7 <4.1.2 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
CVE-2025-26598 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 6 months, 1 week ago Xorg: xwayland: out-of-bounds write in createpointerbarrierclient() An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0