⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2022-47161
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 months, 1 week ago
WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.

health-check
=<1.5.1

pkgs.grpc-health-check.x86_64-linux

Minimal, high performance, memory-friendly, safe implementation of the gRPC health checking protocol

pkgs.grpc-health-check.aarch64-linux

Minimal, high performance, memory-friendly, safe implementation of the gRPC health checking protocol

pkgs.grpc-health-check.x86_64-darwin

Minimal, high performance, memory-friendly, safe implementation of the gRPC health checking protocol

pkgs.grpc-health-check.aarch64-darwin

Minimal, high performance, memory-friendly, safe implementation of the gRPC health checking protocol

pkgs.rubyPackages.github-pages-health-check

pkgs.python312Packages.django-health-check.x86_64-linux

Pluggable app that runs a full check on the deployment

pkgs.python312Packages.django-health-check.aarch64-linux

Pluggable app that runs a full check on the deployment

pkgs.python312Packages.django-health-check.x86_64-darwin

Pluggable app that runs a full check on the deployment

pkgs.rubyPackages.github-pages-health-check.x86_64-linux

pkgs.python312Packages.django-health-check.aarch64-darwin

Pluggable app that runs a full check on the deployment

pkgs.rubyPackages.github-pages-health-check.aarch64-linux

pkgs.rubyPackages.github-pages-health-check.x86_64-darwin

pkgs.python312Packages.grpcio-health-checking.x86_64-linux

Standard Health Checking Service for gRPC

pkgs.rubyPackages.github-pages-health-check.aarch64-darwin

pkgs.python312Packages.grpcio-health-checking.aarch64-linux

Standard Health Checking Service for gRPC

pkgs.python312Packages.grpcio-health-checking.x86_64-darwin

Standard Health Checking Service for gRPC

pkgs.python312Packages.grpcio-health-checking.aarch64-darwin

Standard Health Checking Service for gRPC

pkgs.rubyPackages_3_4.github-pages-health-check.x86_64-linux

pkgs.rubyPackages_3_4.github-pages-health-check.aarch64-linux

pkgs.rubyPackages_3_4.github-pages-health-check.x86_64-darwin

pkgs.rubyPackages_3_4.github-pages-health-check.aarch64-darwin

Notify package maintainers: 4
CVE-2023-32550
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 months, 1 week ago
Landscape's Apache server-status is accessible by default

Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.

landscape
<19.10.05

pkgs.terraform-landscape

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains

Unreal Engine 4 Linux demos
  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.terraform-landscape.x86_64-linux

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.aarch64-linux

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.x86_64-darwin

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.aarch64-darwin

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains.x86_64-linux

Unreal Engine 4 Linux demos
  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???
Notify package maintainers: 3
CVE-2023-32549
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 5 months, 1 week ago
Landscape insecure token generation

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.

landscape
<19.10.05

pkgs.terraform-landscape

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains

Unreal Engine 4 Linux demos
  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.terraform-landscape.x86_64-linux

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.aarch64-linux

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.x86_64-darwin

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.aarch64-darwin

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains.x86_64-linux

Unreal Engine 4 Linux demos
  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???
Notify package maintainers: 3
CVE-2023-32551
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 months, 1 week ago
Landscape Open Redirect

Landscape allowed URLs which caused open redirection.

landscape
<19.10.05

pkgs.terraform-landscape

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains

Unreal Engine 4 Linux demos
  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.terraform-landscape.x86_64-linux

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.aarch64-linux

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.x86_64-darwin

Improve Terraform's plan output to be easier to read and understand

pkgs.terraform-landscape.aarch64-darwin

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains.x86_64-linux

Unreal Engine 4 Linux demos
  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???
Notify package maintainers: 3
CVE-2023-6277
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Libtiff: out-of-memory in tiffopen via a craft file

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

iv
tkimg
libtiff
mingw-libtiff
compat-libtiff3

pkgs.libtiff_t

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff.x86_64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff_t.x86_64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-linux

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.x86_64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)

pkgs.libtiff_t.aarch64-darwin

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)
Notify package maintainers: 8
CVE-2023-6596
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325)

An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.

openshift
<4.12.48
<4.11.58
openshift4/ose-olm-rukpak-rhel8
openshift4/ose-operator-lifecycle-manager
*

pkgs.python311Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python312Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python311Packages.azure-mgmt-redhatopenshift.x86_64-linux

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python312Packages.azure-mgmt-redhatopenshift.x86_64-linux

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python311Packages.azure-mgmt-redhatopenshift.aarch64-linux

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python311Packages.azure-mgmt-redhatopenshift.x86_64-darwin

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python312Packages.azure-mgmt-redhatopenshift.aarch64-linux

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python312Packages.azure-mgmt-redhatopenshift.x86_64-darwin

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python311Packages.azure-mgmt-redhatopenshift.aarch64-darwin

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python312Packages.azure-mgmt-redhatopenshift.aarch64-darwin

Microsoft Azure Red Hat Openshift Management Client Library for Python
Notify package maintainers: 4
CVE-2024-45617
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 5 months, 2 weeks ago
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

opensc
libopensc
<0.26.0

pkgs.openscad-lsp.x86_64-linux

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscad-lsp.aarch64-linux

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscad-lsp.x86_64-darwin

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscad-lsp.aarch64-darwin

LSP (Language Server Protocol) server for OpenSCAD

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.x86_64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.x86_64-darwin

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-darwin

OpenSCAD highlighting, snippets, and more for VSCode
Notify package maintainers: 8
CVE-2024-38789
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 5 months, 2 weeks ago
WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.

telegram-bot
=<3.8.2

pkgs.telegram-bot-api

Telegram Bot API server

pkgs.telegram-bot-api.x86_64-linux

Telegram Bot API server

pkgs.telegram-bot-api.aarch64-linux

Telegram Bot API server

pkgs.telegram-bot-api.x86_64-darwin

Telegram Bot API server

pkgs.telegram-bot-api.aarch64-darwin

Telegram Bot API server

pkgs.haskellPackages.telegram-bot-api

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.python311Packages.python-telegram-bot

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot

Python library to interface with the Telegram Bot API

pkgs.haskellPackages.telegram-bot-api.x86_64-linux

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.haskellPackages.telegram-bot-api.aarch64-linux

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.haskellPackages.telegram-bot-api.x86_64-darwin

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.haskellPackages.telegram-bot-api.aarch64-darwin

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.haskellPackages.telegram-bot-simple.x86_64-linux

Easy to use library for building Telegram bots

pkgs.haskellPackages.telegram-bot-simple.aarch64-linux

Easy to use library for building Telegram bots

pkgs.haskellPackages.telegram-bot-simple.x86_64-darwin

Easy to use library for building Telegram bots

pkgs.haskellPackages.telegram-bot-simple.aarch64-darwin

Easy to use library for building Telegram bots

pkgs.python311Packages.python-telegram-bot.x86_64-linux

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.x86_64-linux

Python library to interface with the Telegram Bot API

pkgs.python311Packages.python-telegram-bot.aarch64-linux

Python library to interface with the Telegram Bot API

pkgs.python311Packages.python-telegram-bot.x86_64-darwin

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.aarch64-linux

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.x86_64-darwin

Python library to interface with the Telegram Bot API

pkgs.python311Packages.python-telegram-bot.aarch64-darwin

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.aarch64-darwin

Python library to interface with the Telegram Bot API
Notify package maintainers: 5
CVE-2024-38766
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 months, 2 weeks ago
WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.

matomo
=<5.1.1
Notify package maintainers: 12
CVE-2023-47183
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 months, 2 weeks ago
WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.

give
=<2.33.1
Notify package maintainers: 1