⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-31177
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 weeks ago
Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one

gnuplot is affected by a heap buffer overflow at function utf8_copy_one.

gnuplot
<6.0

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot.x86_64-linux

A portable command-line driven graphing utility for many platforms

pkgs.gnuplot.aarch64-linux

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot.x86_64-darwin

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot.aarch64-darwin

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt.x86_64-linux

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot.x86_64-linux

General purpose pipe-oriented plotting tool

pkgs.gnuplot_qt.aarch64-linux

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt.x86_64-darwin

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot.aarch64-linux

General purpose pipe-oriented plotting tool

pkgs.feedgnuplot.x86_64-darwin

General purpose pipe-oriented plotting tool

pkgs.gnuplot_qt.aarch64-darwin

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot.aarch64-darwin

General purpose pipe-oriented plotting tool

pkgs.texlivePackages.gnuplottex

Embed Gnuplot commands in LaTeX documents

pkgs.gnuplot_aquaterm.x86_64-linux

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_aquaterm.aarch64-linux

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_aquaterm.x86_64-darwin

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_aquaterm.aarch64-darwin

A portable command-line driven graphing utility for many platforms

pkgs.texlivePackages.context-gnuplot

Inclusion of Gnuplot graphs in ConTeXt

pkgs.haskellPackages.gnuplot.x86_64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-darwin

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-darwin

2D and 3D plots using gnuplot

pkgs.texlivePackages.gnuplottex.x86_64-linux

Embed Gnuplot commands in LaTeX documents

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.texlivePackages.context-gnuplot.x86_64-linux

Inclusion of Gnuplot graphs in ConTeXt

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe.x86_64-linux

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot.x86_64-linux

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe.aarch64-linux

A simple interface to Gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe.x86_64-darwin

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot.aarch64-linux

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot.x86_64-darwin

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe.aarch64-darwin

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot.aarch64-darwin

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???
CVE-2022-47599
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 weeks, 1 day ago
WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.

file-manager
=<5.2.7

pkgs.python311Packages.show-in-file-manager.x86_64-linux

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.x86_64-linux

Open the system file manager and select files in it

pkgs.python311Packages.show-in-file-manager.aarch64-linux

Open the system file manager and select files in it

pkgs.python311Packages.show-in-file-manager.x86_64-darwin

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.aarch64-linux

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.x86_64-darwin

Open the system file manager and select files in it

pkgs.python311Packages.show-in-file-manager.aarch64-darwin

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.aarch64-darwin

Open the system file manager and select files in it
CVE-2024-12225
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 2 weeks, 1 day ago
Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.

quarkus
<3.15.3.1
io.quarkus:quarkus-security-webauthn

pkgs.quarkus.x86_64-linux

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.aarch64-linux

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.x86_64-darwin

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.aarch64-darwin

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards
CVE-2025-4373
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 weeks, 1 day ago
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

bootc
glib2
librsvg2
mingw-glib2
CVE-2023-40745
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 weeks, 6 days ago
Libtiff: integer overflow in tiffcp.c

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

libtiff
*
<4.6.0
mingw-libtiff
compact-libtiff
compat-libtiff3

pkgs.libtiff_t

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)
CVE-2023-3576
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 weeks, 6 days ago
Libtiff: memory leak in tiffcrop.c

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

libtiff
*
mingw-libtiff
compat-libtiff3

pkgs.libtiff_t

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)
CVE-2023-41175
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 weeks, 6 days ago
Libtiff: potential integer overflow in raw2tiff.c

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

libtiff
*
<4.6.0
mingw-libtiff
compact-libtiff
compat-libtiff3

pkgs.libtiff_t

Library and utilities for working with the TIFF image file format (fork containing tools dropped in original libtiff version)
CVE-2023-4813
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks ago
Glibc: potential use-after-free in gaih_inet()

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

glibc
*
compat-glibc
CVE-2023-4806
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks ago
Glibc: potential use-after-free in getaddrinfo()

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

glibc
*
compat-glibc
CVE-2023-40204
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks, 1 day ago
WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2.

folders
=<2.9.2

pkgs.platform-folders

A C++ library to look for standard platform directories so that you do not need to write platform-specific code

pkgs.vscode-extensions.moshfeu.compare-folders

Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side