Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-62402 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 day, 14 hours ago Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. apache-airflow <3.1.1 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co> CVE-2025-62231 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): HIGH created 1 day, 14 hours ago Xorg: xmayland: value overflow in xkbsetcompatmap() A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0 CVE-2025-54941 4.6 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 day, 14 hours ago Apache Airflow: Command injection in "example_dag_decorator" An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly. apache-airflow << 3.0.5 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co> CVE-2025-64228 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. affs =<<= 11.0.0 pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9 pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30 Package maintainers: 2 @stigtsp Stig Palmquist <stig@stig.io> @KSJ2000 KSJ2000 <katsho123@outlook.com> CVE-2025-62952 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 day, 14 hours ago WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0. chatbot =<<= 7.3.0 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-62395 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago Moodle: external cohort search service leaks system cohort data A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62398 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago Moodle: possible to bypass mfa A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. moodle <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-12105 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 day, 14 hours ago Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition. libsoup libsoup3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-25.05 3.6.5 nixpkgs-25.05-darwin 3.6.5 nixos-25.05-small 3.6.5 nixos-unstable 3.6.5 nixos-unstable-small 3.6.5 nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-25.05 2.74.3 nixpkgs-25.05-darwin 2.74.3 nixos-25.05-small 2.74.3 nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small nixos-unstable ??? nixos-unstable-small nixpkgs-unstable Package maintainers: 6 @7c6f434c Michael Raskin <7c6f434c@mail.ru> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @lovek323 Jason O'Conal <jason@oconal.id.au> @bobby285271 Bobby Rong <rjl931189261@126.com> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> CVE-2025-62401 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW created 1 day, 14 hours ago Moodle: possible to bypass timer in timed assignments An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-62397 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago Moodle: router produces json instead of 404 error for invalid course id The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. moodle <5.0.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
CVE-2025-62402 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 day, 14 hours ago Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. apache-airflow <3.1.1 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co>
pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3
CVE-2025-62231 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): HIGH created 1 day, 14 hours ago Xorg: xmayland: value overflow in xkbsetcompatmap() A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
CVE-2025-54941 4.6 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 day, 14 hours ago Apache Airflow: Command injection in "example_dag_decorator" An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly. apache-airflow << 3.0.5 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co>
pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3
CVE-2025-64228 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. affs =<<= 11.0.0 pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9 pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30 Package maintainers: 2 @stigtsp Stig Palmquist <stig@stig.io> @KSJ2000 KSJ2000 <katsho123@outlook.com>
pkgs.unyaffs Tool to extract files from a YAFFS2 file system image nixos-25.05 0.9 nixpkgs-25.05-darwin 0.9 nixos-25.05-small 0.9 nixos-unstable 0.9 nixos-unstable-small 0.9 nixpkgs-unstable 0.9
pkgs.yaffshiv Simple YAFFS file system parser and extractor nixos-25.05 0-unstable-2024-08-30 nixpkgs-25.05-darwin 0-unstable-2024-08-30 nixos-25.05-small 0-unstable-2024-08-30 nixos-unstable 0-unstable-2024-08-30 nixos-unstable-small 0-unstable-2024-08-30 nixpkgs-unstable 0-unstable-2024-08-30
CVE-2025-62952 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 day, 14 hours ago WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0. chatbot =<<= 7.3.0 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22
CVE-2025-62395 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago Moodle: external cohort search service leaks system cohort data A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62398 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago Moodle: possible to bypass mfa A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. moodle <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-12105 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 day, 14 hours ago Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition. libsoup libsoup3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-25.05 3.6.5 nixpkgs-25.05-darwin 3.6.5 nixos-25.05-small 3.6.5 nixos-unstable 3.6.5 nixos-unstable-small 3.6.5 nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-25.05 2.74.3 nixpkgs-25.05-darwin 2.74.3 nixos-25.05-small 2.74.3 nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small nixos-unstable ??? nixos-unstable-small nixpkgs-unstable Package maintainers: 6 @7c6f434c Michael Raskin <7c6f434c@mail.ru> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @lovek323 Jason O'Conal <jason@oconal.id.au> @bobby285271 Bobby Rong <rjl931189261@126.com> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-25.05 3.6.5 nixpkgs-25.05-darwin 3.6.5 nixos-25.05-small 3.6.5 nixos-unstable 3.6.5 nixos-unstable-small 3.6.5 nixpkgs-unstable 3.6.5
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-25.05 2.74.3 nixpkgs-25.05-darwin 2.74.3 nixos-25.05-small 2.74.3 nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small nixos-unstable ??? nixos-unstable-small nixpkgs-unstable
CVE-2025-62401 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW created 1 day, 14 hours ago Moodle: possible to bypass timer in timed assignments An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment. moodle <4.1.21 <5.0.3 <4.4.11 <4.5.7 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62397 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 day, 14 hours ago Moodle: router produces json instead of 404 error for invalid course id The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. moodle <5.0.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 5.0 nixpkgs-25.05-darwin 5.0 nixos-25.05-small 5.0 nixos-unstable 5.0.2 nixos-unstable-small 5.0.2 nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 2.3.13 nixpkgs-25.05-darwin 2.3.13 nixos-25.05-small 2.3.13 nixos-unstable 2.3.13 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13