Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-12133
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

rhcos
libtasn1
<4.20.0
*
discovery/discovery-ui-rhel9
*
discovery/discovery-server-rhel9
*
registry.redhat.io/discovery/discovery-ui-rhel9
*
registry.redhat.io/discovery/discovery-server-rhel9
*

pkgs.libtasn1

ASN.1 library
CVE-2024-11831
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

pcs
ceph
pybind
grafana
libarrow
dotnet6.0
dotnet7.0
dotnet8.0
*
nodejs-webpack
quay/quay-rhel8
mta/mta-ui-rhel9
mta/mta-cli-rhel9
rh-dotnet60-dotnet
rhdh-hub-container
odf4/mcg-core-rhel8
odf4/mcg-core-rhel9
odh-dashboard-rhel8
rhdh/rhdh-hub-rhel9
devspaces/code-rhel8
rhacm2/console-rhel8
rhacm2/console-rhel9
serialize-javascript
<6.0.2
automation-controller
aap-cloud-ui-container
odf4/odf-console-rhel9
*
odh-operator-container
openshift3/ose-console
devspaces/traefik-rhel8
odh-dashboard-container
rhdh-operator-container
odh-model-registry-rhel8
automation-eda-controller
devspaces/dashboard-rhel8
rhosdt/jaeger-agent-rhel8
rhosdt/jaeger-query-rhel8
discovery-server-container
3scale-amp-system-container
rhosdt/jaeger-ingester-rhel8
odf4/ocs-client-console-rhel9
*
odh-ml-pipelines-driver-rhel8
odh-notebook-controller-rhel8
rhosdt/jaeger-collector-rhel8
nodejs-uglifyjs-webpack-plugin
rhosdt/jaeger-all-in-one-rhel8
odh-ml-pipelines-launcher-rhel8
openshift-logging/kibana6-rhel8
rhosdt/jaeger-es-rollover-rhel8
odh-kf-notebook-controller-rhel8
nodejs-compression-webpack-plugin
openshift-service-mesh/kiali-rhel8
nodejs-css-minimizer-webpack-plugin
odf4/odf-multicluster-console-rhel8
odf4/odf-multicluster-console-rhel9
*
odh-ml-pipelines-api-server-v2-rhel8
rhosdt/jaeger-es-index-cleaner-rhel8
openshift4/ose-monitoring-plugin-rhel9
openshift-service-mesh/kiali-ossmc-rhel8
rhtpa/rhtpa-trustification-service-rhel9
advanced-cluster-security/rhacs-main-rhel8
*
odh-ml-pipelines-persistenceagent-v2-rhel8
openshift-pipelines/pipelines-hub-ui-rhel8
odh-ml-pipelines-scheduledworkflow-v2-rhel8
openshift-pipelines/pipelines-hub-api-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-rhel8-operator
odh-data-science-pipelines-argo-argoexec-rhel8
ansible-automation-platform-24/lightspeed-rhel8
ansible-automation-platform-25/lightspeed-rhel8
advanced-cluster-security/rhacs-central-db-rhel8
advanced-cluster-security/rhacs-scanner-v4-rhel8
openshift-pipelines-console-plugin-rhel8-container
openshift-pipelines/pipelines-console-plugin-rhel8
advanced-cluster-security/rhacs-scanner-v4-db-rhel8
openshift-pipelines/pipelines-hub-db-migration-rhel8
odh-data-science-pipelines-argo-workflowcontroller-rhel8
migration-toolkit-virtualization/mtv-console-plugin-rhel9
openshift-lightspeed-beta/lightspeed-console-plugin-rhel9

pkgs.vpcs

Simple virtual PC simulator

pkgs.pcsx2

Playstation 2 emulator

pkgs.rpcs3

PS3 emulator/debugger

pkgs.pcstat

Page Cache stat: get page cache stats for files on Linux

pkgs.grafana

Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB

pkgs.pcsclite

Middleware to access a smart card using SCard API (PC/SC)

pkgs.appcsxcad

Minimal Application using the QCSXCAD library

pkgs.pcsctools

Tools used to test a PC/SC driver, card or reader

pkgs.pcsx2-bin

Playstation 2 emulator (precompiled binary, repacked from official website)

pkgs.grafanactl

Tool designed to simplify interaction with Grafana instances

pkgs.baidupcs-go

Baidu Netdisk commandline client, mimicking Linux shell file handling commands

pkgs.mcp-grafana

MCP server for Grafana

pkgs.grafana-loki

Like Prometheus, but for logs

pkgs.pcsc-safenet

Safenet Authentication Client

pkgs.rpcsvc-proto

This package contains rpcsvc proto.x files from glibc, which are missing in libtirpc

pkgs.grafana-alloy

Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles

pkgs.grafana-kiosk

Kiosk Utility for Grafana

pkgs.pcsc-cyberjack

REINER SCT cyberJack USB chipcard reader user space driver

pkgs.grafana-to-ntfy

Bridge to forward Grafana alerts to ntfy.sh notification service

pkgs.pcsc-scm-scl011

SCM Microsystems SCL011 chipcard reader user space driver

pkgs.pcscliteWithPolkit

Middleware to access a smart card using SCard API (PC/SC)

pkgs.grafana-dash-n-grab

Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities

pkgs.haskellPackages.gpcsets

Generalized Pitch Class Sets for Haskell

pkgs.terraform-providers.grafana

pkgs.python312Packages.grafanalib

Library for building Grafana dashboards

pkgs.python313Packages.grafanalib

Library for building Grafana dashboards

pkgs.haskellPackages.amazonka-grafana

Amazon Managed Grafana SDK

pkgs.grafanaPlugins.grafana-oncall-app

Developer-friendly incident response for Grafana

pkgs.grafanaPlugins.grafana-clock-panel

Clock panel for Grafana

pkgs.grafanaPlugins.grafana-pyroscope-app

Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data

pkgs.python312Packages.mypy-boto3-grafana

Type annotations for boto3 grafana

pkgs.python313Packages.mypy-boto3-grafana

Type annotations for boto3 grafana

pkgs.grafanaPlugins.grafana-piechart-panel

Pie chart panel for Grafana

pkgs.grafanaPlugins.grafana-polystat-panel

Hexagonal multi-stat panel for Grafana

pkgs.grafanaPlugins.grafana-worldmap-panel

World Map panel for Grafana

pkgs.grafanaPlugins.grafana-lokiexplore-app

Browse Loki logs without the need for writing complex queries

pkgs.grafanaPlugins.grafana-mqtt-datasource

Visualize streaming MQTT data from within Grafana

pkgs.grafanaPlugins.grafana-exploretraces-app

Opinionated traces app

pkgs.grafanaPlugins.grafana-github-datasource

Allows GitHub API data to be visually represented in Grafana dashboards

pkgs.grafanaPlugins.grafana-sentry-datasource

Integrate Sentry data into Grafana

pkgs.grafanaPlugins.grafana-discourse-datasource

Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana

pkgs.grafanaPlugins.grafana-metricsdrilldown-app

Queryless experience for browsing Prometheus-compatible metrics. Quickly find related metrics without writing PromQL queries

pkgs.python312Packages.types-aiobotocore-grafana

Type annotations for aiobotocore grafana

pkgs.python313Packages.types-aiobotocore-grafana

Type annotations for aiobotocore grafana

pkgs.grafanaPlugins.grafana-clickhouse-datasource

Connects Grafana to ClickHouse

pkgs.grafanaPlugins.grafana-opensearch-datasource

Empowers you to seamlessly integrate JSON data into Grafana

pkgs.grafanaPlugins.grafana-googlesheets-datasource

Integrate JSON data into Grafana
Package maintainers: 46
CVE-2024-45497
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Openshift-api: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.

openshift
==4.16
openshift-controller-manager
openshift4/ose-openshift-apiserver-rhel7
openshift4/ose-openshift-apiserver-rhel9
openshift4/ose-openshift-controller-manager-rhel9
*
org.arquillian.cube/arquillian-cube-openshift-api
openshift4/ose-cluster-openshift-apiserver-operator
*
openshift4/ose-cluster-openshift-apiserver-rhel9-operator
*

pkgs.openshift

Build, deploy, and manage your applications with Docker and Kubernetes

pkgs.python312Packages.openshift

Python client for the OpenShift API

pkgs.python313Packages.openshift

Python client for the OpenShift API

pkgs.python312Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python313Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python
Package maintainers: 4
CVE-2025-22696
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0.

document
=<1.1.0

pkgs.phpdocumentor

PHP documentation generator

pkgs.qdocumentview

Widget to render multi-page documents

pkgs.documentation-highlighter

Highlight.js sources for the Nix Ecosystem's documentation
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.onlyoffice-documentserver

ONLYOFFICE Document Server is an online office suite comprising viewers and editors

pkgs.kdePackages.libkeduvocdocument

Library to parse, convert, and manipulate KVTML files

pkgs.python312Packages.pydocumentdb

Azure Cosmos DB API

pkgs.python313Packages.pydocumentdb

Azure Cosmos DB API

pkgs.cudaPackages.cuda_documentation

CUDA Documentation. By downloading and using the packages you accept the terms and conditions of the CUDA EULA

pkgs.haskellPackages.symantic-document

Symantics combinators for generating documents

pkgs.python312Packages.netbox-documents

Plugin designed to faciliate the storage of site, circuit, device type and device specific documents within NetBox

pkgs.python313Packages.netbox-documents

Plugin designed to faciliate the storage of site, circuit, device type and device specific documents within NetBox

pkgs.tests.haskell.documentationTarball

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.haskellPackages.pdf-toolbox-document

A collection of tools for processing PDF files

pkgs.python312Packages.tableaudocumentapi

Python module for working with Tableau files

pkgs.python313Packages.tableaudocumentapi

Python module for working with Tableau files

pkgs.haskellPackages.persistent-documentation

Documentation DSL for persistent entities

pkgs.python312Packages.azure-search-documents

Microsoft Azure Cognitive Search Client Library for Python

pkgs.python313Packages.azure-search-documents

Microsoft Azure Cognitive Search Client Library for Python

pkgs.typstPackages.basic-document-props_0_1_0

Simple document with header, footer, page numbering and mail-adress

pkgs.python312Packages.azure-ai-documentintelligence

Azure AI Document Intelligence client library for Python

pkgs.python313Packages.azure-ai-documentintelligence

Azure AI Document Intelligence client library for Python

pkgs.typstPackages.unofficial-fhict-document-template_1_0_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_1_0_1

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_1_0_2

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_1_1_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_1_1_1

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_1_1_2

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_1_1_3

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_0_10_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_0_10_1

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

pkgs.typstPackages.unofficial-fhict-document-template_0_11_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT
Package maintainers: 22
CVE-2025-24684
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Media Downloader Plugin <= 0.4.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5.

media-downloader
=<0.4.7.5

pkgs.media-downloader

Qt/C++ GUI front end for yt-dlp and others
Package maintainers: 2
CVE-2025-22703
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.

forge
=<1.4.6

pkgs.forgejo

Self-hosted lightweight software forge

pkgs.forge-mtg

Magic: the Gathering card game with rules enforcement

pkgs.mindforger

Thinking Notebook & Markdown IDE

pkgs.forgejo-cli

CLI application for interacting with Forgejo

pkgs.forgejo-lts

Self-hosted lightweight software forge

pkgs.mcdreforged

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.forge-sparks

Get Git forges notifications

pkgs.fontforge-gtk

Font editor

pkgs.forgejo-runner

Runner for Forgejo based on act

pkgs.fontforge-fonttools

Font editor

pkgs.gnomeExtensions.forge

Tiling and window manager for GNOME

pkgs.python312Packages.fontforge

Font editor

pkgs.python313Packages.fontforge

Font editor

pkgs.python312Packages.mcdreforged

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.python313Packages.mcdreforged

Rewritten version of MCDaemon, a python tool to control your Minecraft server

pkgs.python312Packages.browserforge

Intelligent browser header & fingerprint generator

pkgs.python313Packages.browserforge

Intelligent browser header & fingerprint generator

pkgs.nodePackages.@electron-forge/cli

A complete tool for building modern Electron applications

pkgs.nodePackages_latest.@electron-forge/cli

A complete tool for building modern Electron applications
Package maintainers: 20
CVE-2025-23987
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0.

designer
=<1.6.0

pkgs.libsForQt5.kdesignerplugin

pkgs.plasma5Packages.kdesignerplugin

Package maintainers: 2
CVE-2020-11936
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
gdbus setgid privilege escalation

gdbus setgid privilege escalation

apport
<2.20.11-0ubuntu27.6

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum
Package maintainers: 1
CVE-2023-0092
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
An authenticated user who has read access to the juju …

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

juju
<2.9.38
<3.0.3

pkgs.juju

Open source modelling tool for operating software in the cloud

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer
Package maintainers: 5
CVE-2022-28653
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Users can consume unlimited disk space in /var/crash

Users can consume unlimited disk space in /var/crash

apport
<2.21.0

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum
Package maintainers: 1