⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2023-30797
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 4 months, 3 weeks ago
Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

lemur
<<1.3.2

pkgs.lemurs.x86_64-linux

A customizable TUI display/login manager written in Rust

pkgs.lemurs.aarch64-linux

A customizable TUI display/login manager written in Rust
Notify package maintainers: 1
CVE-2021-3429
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 4 months, 3 weeks ago
sensitive data exposure in cloud-init logs

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.

cloud-init
<21.2

pkgs.cloud-init

Provides configuration and customization of cloud instance

pkgs.cloud-init.x86_64-linux

Provides configuration and customization of cloud instance

pkgs.cloud-init.aarch64-linux

Provides configuration and customization of cloud instance
Notify package maintainers: 2
CVE-2023-30798
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 months, 3 weeks ago
MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

starlette
<0.25.0

pkgs.python311Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

pkgs.python311Packages.starlette-wtf

A simple tool for integrating Starlette and WTForms

pkgs.python312Packages.starlette-wtf

A simple tool for integrating Starlette and WTForms

pkgs.python311Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python312Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python311Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python312Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python312Packages.starlette.aarch64-linux

Little ASGI framework that shines

pkgs.python312Packages.starlette.x86_64-darwin

Little ASGI framework that shines

pkgs.python312Packages.starlette.aarch64-darwin

Little ASGI framework that shines

pkgs.python311Packages.sse-starlette.x86_64-linux

Server Sent Events for Starlette and FastAPI

pkgs.python311Packages.starlette-wtf.x86_64-linux

A simple tool for integrating Starlette and WTForms

pkgs.python312Packages.sse-starlette.x86_64-linux

Server Sent Events for Starlette and FastAPI

pkgs.python312Packages.starlette-wtf.x86_64-linux

Simple tool for integrating Starlette and WTForms

pkgs.python311Packages.sse-starlette.aarch64-linux

Server Sent Events for Starlette and FastAPI

pkgs.python311Packages.sse-starlette.x86_64-darwin

Server Sent Events for Starlette and FastAPI

pkgs.python311Packages.starlette-wtf.aarch64-linux

A simple tool for integrating Starlette and WTForms

pkgs.python311Packages.starlette-wtf.x86_64-darwin

A simple tool for integrating Starlette and WTForms

pkgs.python312Packages.sse-starlette.aarch64-linux

Server Sent Events for Starlette and FastAPI

pkgs.python312Packages.sse-starlette.x86_64-darwin

Server Sent Events for Starlette and FastAPI

pkgs.python312Packages.starlette-wtf.aarch64-linux

Simple tool for integrating Starlette and WTForms

pkgs.python312Packages.starlette-wtf.x86_64-darwin

Simple tool for integrating Starlette and WTForms

pkgs.python311Packages.sse-starlette.aarch64-darwin

Server Sent Events for Starlette and FastAPI

pkgs.python311Packages.starlette-admin.x86_64-linux

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python311Packages.starlette-wtf.aarch64-darwin

A simple tool for integrating Starlette and WTForms

pkgs.python312Packages.sse-starlette.aarch64-darwin

Server Sent Events for Starlette and FastAPI

pkgs.python312Packages.starlette-admin.x86_64-linux

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python312Packages.starlette-wtf.aarch64-darwin

Simple tool for integrating Starlette and WTForms

pkgs.python311Packages.starlette-admin.aarch64-linux

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python311Packages.starlette-admin.x86_64-darwin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python312Packages.starlette-admin.aarch64-linux

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python312Packages.starlette-admin.x86_64-darwin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python311Packages.starlette-admin.aarch64-darwin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python311Packages.starlette-context.x86_64-linux

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python312Packages.starlette-admin.aarch64-darwin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

pkgs.python312Packages.starlette-context.x86_64-linux

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python311Packages.starlette-context.aarch64-linux

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python311Packages.starlette-context.x86_64-darwin

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python312Packages.starlette-context.aarch64-linux

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python312Packages.starlette-context.x86_64-darwin

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python311Packages.starlette-context.aarch64-darwin

Middleware for Starlette that allows you to store and access the context data of a request

pkgs.python312Packages.starlette-context.aarch64-darwin

Middleware for Starlette that allows you to store and access the context data of a request
Notify package maintainers: 7
CVE-2025-24684
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 months, 3 weeks ago
WordPress Media Downloader Plugin <= 0.4.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5.

media-downloader
=<0.4.7.5

pkgs.media-downloader.x86_64-linux

A Qt/C++ GUI front end for yt-dlp and others

pkgs.media-downloader.aarch64-linux

A Qt/C++ GUI front end for yt-dlp and others
Notify package maintainers: 1
CVE-2025-22703
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 4 months, 3 weeks ago
WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.

forge
=<1.4.6

pkgs.forge

OpenGL interop library that can be used with ArrayFire or any other application using CUDA or OpenCL compute backend

pkgs.mcdreforged

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.forge.x86_64-linux

An OpenGL interop library that can be used with ArrayFire or any other application using CUDA or OpenCL compute backend

pkgs.forge.aarch64-linux

An OpenGL interop library that can be used with ArrayFire or any other application using CUDA or OpenCL compute backend

pkgs.forgejo.x86_64-linux

A self-hosted lightweight software forge

pkgs.forgejo.aarch64-linux

A self-hosted lightweight software forge

pkgs.gnomeExtensions.forge

Tiling and window manager for GNOME

pkgs.forge-mtg.x86_64-linux

Magic: the Gathering card game with rules enforcement

pkgs.forge-mtg.aarch64-linux

Magic: the Gathering card game with rules enforcement

pkgs.forge-mtg.x86_64-darwin

Magic: the Gathering card game with rules enforcement

pkgs.forge-mtg.aarch64-darwin

Magic: the Gathering card game with rules enforcement

pkgs.forgejo-cli.x86_64-linux

CLI application for interacting with Forgejo

pkgs.forgejo-lts.x86_64-linux

Self-hosted lightweight software forge

pkgs.mcdreforged.x86_64-linux

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.forge-sparks.x86_64-linux

Get Git forges notifications

pkgs.forgejo-cli.aarch64-linux

CLI application for interacting with Forgejo

pkgs.forgejo-cli.x86_64-darwin

CLI application for interacting with Forgejo

pkgs.forgejo-lts.aarch64-linux

Self-hosted lightweight software forge

pkgs.mcdreforged.aarch64-linux

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.mcdreforged.x86_64-darwin

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.forge-sparks.aarch64-linux

Get Git forges notifications

pkgs.forgejo-cli.aarch64-darwin

CLI application for interacting with Forgejo

pkgs.mcdreforged.aarch64-darwin

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.forgejo-runner.x86_64-linux

A runner for Forgejo based on act

pkgs.forgejo-runner.aarch64-linux

A runner for Forgejo based on act

pkgs.forgejo-runner.x86_64-darwin

A runner for Forgejo based on act

pkgs.forgejo-runner.aarch64-darwin

A runner for Forgejo based on act

pkgs.gnomeExtensions.forge.x86_64-linux

Tiling and window manager for GNOME

pkgs.gnomeExtensions.forge.aarch64-linux

Tiling and window manager for GNOME
Notify package maintainers: 15
CVE-2023-4911
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 months ago
Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

glibc
<2.39
*
compat-glibc
redhat-virtualization-host
*
redhat-release-virtualization-host
*

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.mtrace.x86_64-linux

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.mtrace.aarch64-linux

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.libiconv.x86_64-linux

pkgs.libiconv.aarch64-linux

pkgs.glibcLocales.aarch64-linux

Locale information for the GNU C Library

pkgs.glibcLocalesUtf8.aarch64-linux

Locale information for the GNU C Library
Notify package maintainers: 3
CVE-2024-22029
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 4 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk removed
    124 packages
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.tomcat_connectors 1.2.48
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.5
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
    • pkgs.apachetomcatscanner 3.7.2
tomcat packaging allows for escalation to root from tomcat user

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

tomcat
<9.0.85-3.1
<9.0.85-150200.57.1

pkgs.tomcat11

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

pkgs.tomcat9.x86_64-linux

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat11.x86_64-linux

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat9.aarch64-linux

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat11.aarch64-linux

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat-native.x86_64-linux

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

pkgs.tomcat-native.aarch64-linux

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

pkgs.tomcat-native.x86_64-darwin

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

pkgs.tomcat-native.aarch64-darwin

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc
Notify package maintainers: 2
CVE-2023-46846
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 4 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion
  • @fricklerhandwerk removed
    148 packages
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.prometheus-squid-exporter 1.12.0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python311Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
    • pkgs.python312Packages.flyingsquid 0.0.0a0
Squid: request/response smuggling in http/1.1 and icap

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

squid
*
<6.4
squid34
squid:4
*

pkgs.squid

A caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

pkgs.squid.x86_64-linux

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

pkgs.squid.aarch64-linux

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more
Notify package maintainers: 1
CVE-2024-1488
8.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 months ago
Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

unbound
*
==1.16.2

pkgs.prometheus-unbound-exporter

Prometheus exporter for Unbound DNS resolver

pkgs.python311Packages.pyunbound

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python312Packages.pyunbound

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.lua52Packages.luaunbound.x86_64-linux

A binding to libunbound

pkgs.lua52Packages.luaunbound.aarch64-linux

A binding to libunbound

pkgs.lua52Packages.luaunbound.x86_64-darwin

A binding to libunbound

pkgs.lua52Packages.luaunbound.aarch64-darwin

A binding to libunbound

pkgs.python311Packages.pyunbound.x86_64-linux

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python312Packages.pyunbound.x86_64-linux

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python311Packages.pyunbound.aarch64-linux

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python311Packages.pyunbound.x86_64-darwin

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python312Packages.pyunbound.aarch64-linux

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python312Packages.pyunbound.x86_64-darwin

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python311Packages.pyunbound.aarch64-darwin

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.python312Packages.pyunbound.aarch64-darwin

Python library for Unbound, the validating, recursive, and caching DNS resolver

pkgs.haskellPackages.unbounded-delays.x86_64-linux

Unbounded thread delays and timeouts

pkgs.haskellPackages.unbounded-delays.aarch64-linux

Unbounded thread delays and timeouts

pkgs.haskellPackages.unbounded-delays.x86_64-darwin

Unbounded thread delays and timeouts

pkgs.haskellPackages.unbounded-delays.aarch64-darwin

Unbounded thread delays and timeouts
Notify package maintainers: 4
CVE-2025-23803
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 5 months, 1 week ago
WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1.

snippy
=<1.4.1