Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-0750
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.

cri-o
<1.33.1
*
rhcos

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
Package maintainers: 2
CVE-2025-23684
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2.

debug-tool
=<2.2

pkgs.python312Packages.django-debug-toolbar

Configurable set of panels that display debug information about the current request/response

pkgs.python313Packages.django-debug-toolbar

Configurable set of panels that display debug information about the current request/response

pkgs.python312Packages.django-graphiql-debug-toolbar

Django Debug Toolbar for GraphiQL IDE

pkgs.python313Packages.django-graphiql-debug-toolbar

Django Debug Toolbar for GraphiQL IDE
Package maintainers: 2
CVE-2025-23592
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress dForms plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound dForms allows Reflected XSS. This issue affects dForms: from n/a through 1.0.

dforms
=<1.0

pkgs.python312Packages.permissionedforms

Django extension for creating forms that vary according to user permissions

pkgs.python313Packages.permissionedforms

Django extension for creating forms that vary according to user permissions
Package maintainers: 1
CVE-2024-11218
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

rhcos
*
podman
*
buildah
<1.38.1
<1.37.6
<1.35.5
<1.33.12
*
container-tools:rhel8
*
container-tools:rhel8/podman
container-tools:rhel8/buildah

pkgs.podman

Program for managing pods, containers and container images

pkgs.buildah

Tool which facilitates building OCI images

pkgs.podman-tui

Podman Terminal UI

pkgs.podman-bootc

Streamlining podman+bootc interactions

pkgs.podman-compose

Implementation of docker-compose with podman backend

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

pkgs.buildah-unwrapped

Tool which facilitates building OCI images

pkgs.nomad-driver-podman

Podman task driver for Nomad

pkgs.python312Packages.podman

Python bindings for Podman's RESTful API

pkgs.python313Packages.podman

Python bindings for Podman's RESTful API
Package maintainers: 8
CVE-2025-23892
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3.

progress-tracker
=<0.9.3

pkgs.progress-tracker

Simple kanban-style task organiser
Package maintainers: 1
CVE-2025-23884
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Annie plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through 2.1.1.

annie
=<2.1.1

pkgs.wannier90

Calculation of maximally localised Wannier functions
Package maintainers: 1
CVE-2025-23919
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39.

slide
=<0.0.39

pkgs.slides

Terminal based presentation tool

pkgs.openslide

C library that provides a simple interface to read whole-slide images

pkgs.manim-slides

Tool for live presentations using manim

pkgs.dvd-slideshow

Suite of command line programs that creates a slideshow-style video from groups of pictures

pkgs.gnomeExtensions.backslide

Automatic background-image (wallpaper) slideshow for Gnome Shell

pkgs.python312Packages.openslide

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python313Packages.openslide

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.haskellPackages.gogol-slides

Google Slides SDK

pkgs.python312Packages.goslide-api

Python API to utilise the Slide Open Cloud and Local API

pkgs.python313Packages.goslide-api

Python API to utilise the Slide Open Cloud and Local API

pkgs.typstPackages.gradslide_0_1_0

Simple component to show a value between 0 and 1 on a nice gradient slider

pkgs.typstPackages.typslides_1_1_1

Minimalistic Typst slides

pkgs.typstPackages.typslides_1_2_0

Minimalistic Typst slides

pkgs.typstPackages.typslides_1_2_1

Minimalistic Typst slides

pkgs.typstPackages.typslides_1_2_3

Minimalistic Typst slides

pkgs.typstPackages.typslides_1_2_4

Minimalistic Typst slides

pkgs.typstPackages.typslides_1_2_5

Minimalistic Typst slides

pkgs.typstPackages.typslides_1_2_6

Minimalistic Typst slides

pkgs.python312Packages.manim-slides

Tool for live presentations using manim

pkgs.python313Packages.manim-slides

Tool for live presentations using manim

pkgs.vscode-extensions.antfu.slidev

pkgs.python312Packages.textual-slider

Textual widget for a simple slider

pkgs.python313Packages.textual-slider

Textual widget for a simple slider

pkgs.typstPackages.parcio-slides_0_1_0

A simple polylux slide templated based on the ParCIO working group at OvGU Magdeburg

pkgs.typstPackages.parcio-slides_0_1_1

A simple polylux slide templated based on the ParCIO working group at OvGU Magdeburg

pkgs.gnomeExtensions.night-light-slider

Add a slider for Night Light temperature to the Quick Settings menu.

pkgs.gnomeExtensions.wallpaper-slideshow

Wallpaper slideshow extension. Optionally downloads BING wallpaper of the day.

pkgs.typstPackages.silky-slides-insa_0_1_0

A template made for presentations of INSA, a French engineering school

pkgs.typstPackages.silky-slides-insa_0_1_1

A template made for presentations of INSA, a French engineering school

pkgs.gnomeExtensions.keyboard-backlight-slider

Allow setting the keyboard backlight brightness with a slider in the main menu

pkgs.gnomeExtensions.night-light-slider-updated

Kiyui's Night Light Slider updated for GNOME 45. Provides a slider in the quick settings menu to control the night light temperature. Some nice options can be set in the extension preferences menu. Original implementation: https://codeberg.org/kiyui/gnome-shell-night-light-slider-extension/

pkgs.home-assistant-component-tests.slide_local

Open source home automation that puts local control and privacy first

pkgs.typstPackages.tud-corporate-design-slides_0_1_0

Presentation template for TU Dresden (Technische Universität Dresden

pkgs.typstPackages.upb-corporate-design-slides_0_1_0

Presentation template for Paderborn University (UPB

pkgs.typstPackages.upb-corporate-design-slides_0_1_1

Presentation template for Paderborn University (UPB

pkgs.typstPackages.upb-corporate-design-slides_0_1_2

Presentation template for Paderborn University (UPB

pkgs.typstPackages.upb-corporate-design-slides_0_1_3

Presentation template for Paderborn University (UPB

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow

Package maintainers: 13
CVE-2025-23886
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1.

annie
=<2.1.1

pkgs.wannier90

Calculation of maximally localised Wannier functions
Package maintainers: 1
CVE-2025-23760
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Chatter plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.

chatter
=<1.0.1

pkgs.chatterino2

Chat client for Twitch chat

pkgs.chatterino7

Chat client for Twitch chat

pkgs.haskellPackages.chatter

A library of simple NLP algorithms

pkgs.typstPackages.chatter_0_1_0

Write dialog between any number of characters quickly and cleanly. Great for translations or short assignments
Package maintainers: 4
CVE-2024-11029
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Freeipa: administrative user data leaked through systemd journal

A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.

ipa
*
freeipa
==4.12.2
idm:DL1/ipa
idm:client/ipa

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.tipa

Phonetic font for TeX

pkgs.nipap

Neat IP Address Planner

pkgs.freeipa

Identity, Policy and Audit system

pkgs.ipafont

Japanese font package with Mincho and Gothic fonts

pkgs.ipatool

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

pkgs.codipack

Fast gradient evaluation in C++ based on Expression Templates

pkgs.snipaste

Screenshot tools

pkgs.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.iniparser

Free standalone ini file parsing library

pkgs.ipaexfont

Japanese font package with Mincho and Gothic fonts

pkgs.multipass

Ubuntu VMs on demand for any workstation

pkgs.nipap-cli

Neat IP Address Planner CLI

pkgs.nipap-www

Neat IP Address Planner CLI, web UI

pkgs.uriparser

Strictly RFC 3986 compliant URI parsing library

pkgs.frangipanni

Convert lines of text into a tree structure

pkgs.ipad_charge

Apple device USB charging utility for Linux

pkgs.nucleiparser

Nuclei output parser for CLI

pkgs.multipath-tools

Tools for the Linux multipathing storage driver

pkgs.ripasso-cursive

Simple password manager written in Rust

pkgs.multipart-parser-c

Http multipart parser implemented in C

pkgs.haskellPackages.ipa

Internal Phonetic Alphabet (IPA)

pkgs.python312Packages.nipap

Neat IP Address Planner

pkgs.python313Packages.nipap

Neat IP Address Planner

pkgs.python312Packages.ipaddr

IP address manipulation library

pkgs.python312Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.python313Packages.ipaddr

IP address manipulation library

pkgs.python313Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.haskellPackages.multipart

Parsers for the HTTP multipart format

pkgs.python312Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python313Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python312Packages.iniparse

Accessing and Modifying INI files

pkgs.python313Packages.iniparse

Accessing and Modifying INI files

pkgs.graylogPlugins.ipanonymizer

Graylog-server plugin that replaces the last octet of IP addresses in messages with xxx

pkgs.haskellPackages.unipatterns

Helpers which allow safe partial pattern matching in lambdas

pkgs.python312Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python312Packages.multipart

Parser for multipart/form-data

pkgs.python313Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python313Packages.multipart

Parser for multipart/form-data

pkgs.typstPackages.ascii-ipa_1_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_1

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_2_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.haskellPackages.multipart-names

Handling of multipart names in various casing styles

pkgs.haskellPackages.servant-multipart

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.flask-principal

Identity management for flask

pkgs.python312Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python313Packages.flask-principal

Identity management for flask

pkgs.python313Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python312Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

pkgs.python312Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python312Packages.sansio-multipart

Parser for multipart/form-data

pkgs.python313Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python313Packages.python-multipart

Streaming multipart parser for Python

pkgs.python313Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python313Packages.sansio-multipart

Parser for multipart/form-data

pkgs.haskellPackages.http-client-multipart

Generate multipart uploads for http-client. (deprecated)

pkgs.haskellPackages.servant-multipart-api

multipart/form-data (e.g file upload) support for servant

pkgs.haskellPackages.servant-multipart-client

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.python313Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.haskellPackages.amazonka-connectparticipant

Amazon Connect Participant Service SDK

pkgs.haskellPackages.autodocodec-servant-multipart

Autodocodec interpreters for Servant Multipart

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Reads & decodes HTTP multipart/form-data requests.

pkgs.python312Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python313Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python312Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python

pkgs.python313Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python
Package maintainers: 24