⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-28975
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month ago
WordPress Alike - WordPress Custom Post Comparison <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1.

alike
=<3.0.1

pkgs.soundalike

Find duplicate audio files using acoustic fingerprints

pkgs.gnomeExtensions.compiz-alike-magic-lamp-effect

Magic lamp effect inspired by the Compiz ones
Package maintainers: 2
CVE-2025-49053
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month ago
WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdrop Manager: from n/a through 1.0.5.

airdrop
=<1.0.5

pkgs.pairdrop

Local file sharing in your browser

pkgs.nodePackages.hs-airdrop

Handshake airdrop redemption

pkgs.nodePackages_latest.hs-airdrop

Handshake airdrop redemption
Package maintainers: 3
CVE-2025-54671
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month ago
WordPress oik Plugin plugin <= 4.15.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.

oik
=<4.15.2

pkgs.libvoikko

Finnish language processing library
Package maintainers: 1
CVE-2025-54689
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month ago
WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue affects Urna: from n/a through 2.5.7.

urna
=<2.5.7

pkgs.furnace

Multi-system chiptune tracker compatible with DefleMask modules

pkgs.xournalpp

Xournal++ is a handwriting Notetaking software with PDF annotation support

pkgs.journalist

RSS aggregator

pkgs.lazyjournal

TUI for journalctl, file system logs, as well as Docker and Podman containers

pkgs.qjournalctl

Qt-based graphical user interface for systemd's journalctl command

pkgs.tui-journal

Your journal app if you live in a terminal

pkgs.journalwatch

Tool to find error messages in the systemd journal

pkgs.annapurna-sil

Unicode-based font family with broad support for writing systems that use the Devanagari script

pkgs.journaldriver

Log forwarder from journald to Stackdriver Logging

pkgs.systemd-journal2gelf

Export entries from systemd's journal and send them to a graylog server using gelf

pkgs.kdePackages.kjournald

Framework for interacting with systemd-journald

pkgs.perlPackages.LogJournald

Send messages to a systemd journal

pkgs.perl538Packages.LogJournald

Send messages to a systemd journal

pkgs.perl540Packages.LogJournald

Send messages to a systemd journal

pkgs.python312Packages.swh-journal

Persistent logger of changes to the archive, with publish-subscribe support

pkgs.python313Packages.swh-journal

Persistent logger of changes to the archive, with publish-subscribe support

pkgs.python312Packages.waterfurnace

Python interface to waterfurnace geothermal systems

pkgs.python313Packages.waterfurnace

Python interface to waterfurnace geothermal systems

pkgs.haskellPackages.journalctl-stream

Stream logs using journalctl

pkgs.haskellPackages.libsystemd-journal

Haskell bindings to libsystemd-journal

pkgs.python312Packages.logging-journald

Logging handler for writing logs to the journald

pkgs.python313Packages.logging-journald

Logging handler for writing logs to the journald

pkgs.haskellPackages.logging-facade-journald

Journald back-end for logging-facade

pkgs.typstPackages.starter-journal-article_0_1_1

A starter template for journal articles

pkgs.typstPackages.starter-journal-article_0_2_0

A starter template for journal articles

pkgs.typstPackages.starter-journal-article_0_3_0

A starter template for journal articles

pkgs.typstPackages.starter-journal-article_0_3_1

A starter template for journal articles

pkgs.typstPackages.starter-journal-article_0_3_2

A starter template for journal articles

pkgs.typstPackages.starter-journal-article_0_3_3

A starter template for journal articles

pkgs.typstPackages.starter-journal-article_0_4_0

A starter template for journal articles
Package maintainers: 20
CVE-2025-8941
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month ago
Linux-pam: incomplete fix for cve-2025-6020

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

pam
*
web-terminal/web-terminal-tooling-rhel9
*
web-terminal/web-terminal-rhel9-operator
*
registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
*

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

pkgs.dspam

Community Driven Antispam Filter

pkgs.pamix

Pulseaudio terminal mixer

pkgs.rspamd

Advanced spam filtering system

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

pkgs.pamixer

Pulseaudio command line mixer

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

pkgs.opam2json

Convert opam file syntax to JSON

pkgs.pam_dp9ik

dp9ik pam module

pkgs.pam_gnupg

Unlock GnuPG keys on login

pkgs.pam_mount

PAM module to mount volumes for a user session

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

pkgs.pam_rundir

Provide user runtime directory on Linux systems

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

pkgs.yubico-pam

Yubico PAM module

pkgs.pam-watchid

PAM plugin module that allows the Apple Watch to be used for authentication

pkgs.apparmor-pam

Mandatory access control system - PAM service

pkgs.opam-publish

Tool to ease contributions to opam repositories

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

pkgs.spamassassin

Open-Source Spam Filter

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

pkgs.libpam-wrapper

Wrapper for testing PAM modules

pkgs.opam-installer

Handle (un)installation from opam install files

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

pkgs.pam_ssh_agent_auth

PAM module for authentication through the SSH agent

pkgs.decode-spam-headers

Script that helps you understand why your E-Mail ended up in Spam

pkgs.haskellPackages.pam

Haskell binding for C PAM API

pkgs.luaPackages.lua-pam

Lua module for PAM authentication

pkgs.google-authenticator

Two-step verification, with pam module

pkgs.lua51Packages.lua-pam

Lua module for PAM authentication

pkgs.lua52Packages.lua-pam

Lua module for PAM authentication

pkgs.lua53Packages.lua-pam

Lua module for PAM authentication

pkgs.kdePackages.kwallet-pam

PAM Integration with KWallet - Unlock KWallet when you login

pkgs.opensmtpd-filter-rspamd

OpenSMTPD filter integration for the Rspamd daemon

pkgs.python312Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python313Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python312Packages.pamela

PAM interface using ctypes

pkgs.python313Packages.pamela

PAM interface using ctypes

pkgs.stalwart-mail-spam-filter

Secure & modern all-in-one mail server Stalwart (spam-filter module)

pkgs.python312Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python313Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python312Packages.python-pam

Python pam module

pkgs.python313Packages.python-pam

Python pam module

pkgs.wordpressPackages.plugins.antispam-bee

pkgs.matrix-synapse-plugins.matrix-synapse-pam

PAM auth provider for the Synapse Matrix server

pkgs.matrix-synapse-plugins.synapse-http-antispam

Synapse module that forwards spam checking to an HTTP server

pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam

AntiSpam / Banlist plugin to be used with mjolnir

pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github

VS Code extension to open the current project or file in github.com
Package maintainers: 55
CVE-2025-47444
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month ago
WordPress GiveWP Plugin < 4.6.1 is vulnerable to Sensitive Data (PII) Exposure

Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1.

give
<4.6.1

pkgs.filegive

Easy p2p file sending program
CVE-2025-40920
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month ago
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

Catalyst-Authentication-Credential-HTTP
=<1.018

pkgs.perlPackages.CatalystAuthenticationCredentialHTTP

HTTP Basic and Digest authentication for Catalyst

pkgs.perl538Packages.CatalystAuthenticationCredentialHTTP

HTTP Basic and Digest authentication for Catalyst

pkgs.perl540Packages.CatalystAuthenticationCredentialHTTP

HTTP Basic and Digest authentication for Catalyst
CVE-2025-6505
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month ago
Unauthorized access and impersonation can occur in versions 4.6.2.3226 and …

Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.  When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters.

Server
=<4.6.2.3226

pkgs.perlPackages.NetServer

Extensible Perl internet server

pkgs.perl538Packages.NetServer

Extensible Perl internet server

pkgs.perl540Packages.NetServer

Extensible Perl internet server

pkgs.perlPackages.NetLDAPServer

LDAP server side protocol handling

pkgs.perlPackages.NetServerCoro

Co-operative multithreaded server using Coro

pkgs.perlPackages.ServerStarter

Superdaemon for hot-deploying server programs

pkgs.perl538Packages.NetLDAPServer

LDAP server side protocol handling

pkgs.perl538Packages.NetServerCoro

Co-operative multithreaded server using Coro

pkgs.perl538Packages.ServerStarter

Superdaemon for hot-deploying server programs

pkgs.perl540Packages.NetLDAPServer

LDAP server side protocol handling

pkgs.perl540Packages.NetServerCoro

Co-operative multithreaded server using Coro

pkgs.perl540Packages.ServerStarter

Superdaemon for hot-deploying server programs

pkgs.perlPackages.HTTPServerSimple

Lightweight HTTP server

pkgs.perlPackages.NetLDAPServerTest

Test Net::LDAP code

pkgs.perlPackages.NetAsyncHTTPServer

Serve HTTP with IO::Async

pkgs.perlPackages.NetServerSSPrefork

Hot-deployable variant of Net::Server::PreFork

pkgs.perlPackages.PerlLanguageServer

Language Server and Debug Protocol Adapter for Perl

pkgs.perl538Packages.HTTPServerSimple

Lightweight HTTP server

pkgs.perl540Packages.HTTPServerSimple

Lightweight HTTP server

pkgs.perl538Packages.NetLDAPServerTest

Test Net::LDAP code

pkgs.perl540Packages.NetLDAPServerTest

Test Net::LDAP code

pkgs.perlPackages.HTTPServerSimplePSGI

Perl Web Server Gateway Interface Specification

pkgs.perlPackages.TestHTTPServerSimple

Test::More functions for HTTP::Server::Simple

pkgs.perl538Packages.NetAsyncHTTPServer

Serve HTTP with IO::Async

pkgs.perl538Packages.NetServerSSPrefork

Hot-deployable variant of Net::Server::PreFork

pkgs.perl538Packages.PerlLanguageServer

Language Server and Debug Protocol Adapter for Perl

pkgs.perl540Packages.NetAsyncHTTPServer

Serve HTTP with IO::Async

pkgs.perl540Packages.NetServerSSPrefork

Hot-deployable variant of Net::Server::PreFork

pkgs.perl540Packages.PerlLanguageServer

Language Server and Debug Protocol Adapter for Perl

pkgs.perlPackages.HTTPServerSimpleMason

Simple mason server

pkgs.perlPackages.HTTPServerSimpleAuthen

Authentication plugin for HTTP::Server::Simple

pkgs.perl538Packages.HTTPServerSimplePSGI

Perl Web Server Gateway Interface Specification

pkgs.perl538Packages.TestHTTPServerSimple

Test::More functions for HTTP::Server::Simple

pkgs.perl540Packages.HTTPServerSimplePSGI

Perl Web Server Gateway Interface Specification

pkgs.perl540Packages.TestHTTPServerSimple

Test::More functions for HTTP::Server::Simple

pkgs.perlPackages.PlackTestExternalServer

Run HTTP tests on external live servers

pkgs.perl538Packages.HTTPServerSimpleMason

Simple mason server

pkgs.perl540Packages.HTTPServerSimpleMason

Simple mason server

pkgs.perl538Packages.HTTPServerSimpleAuthen

Authentication plugin for HTTP::Server::Simple

pkgs.perl540Packages.HTTPServerSimpleAuthen

Authentication plugin for HTTP::Server::Simple

pkgs.perl538Packages.PlackTestExternalServer

Run HTTP tests on external live servers

pkgs.perl540Packages.PlackTestExternalServer

Run HTTP tests on external live servers

pkgs.perlPackages.CatalystXScriptServerStarman

Replace the development server with Starman

pkgs.perl538Packages.CatalystXScriptServerStarman

Replace the development server with Starman

pkgs.perl540Packages.CatalystXScriptServerStarman

Replace the development server with Starman
Package maintainers: 1
CVE-2025-8283
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month ago
Netavark: podman: netavark may resolve hostnames to unexpected hosts

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.

rhcos
netavark
container-tools:rhel8/netavark
container-tools:rhel8/containers-common

pkgs.netavark

Rust based network stack for containers
Package maintainers: 2
CVE-2025-3910
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month ago
Org.keycloak.authentication: two factor authentication bypass

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

keycloak
<26.1.*
<26.0.11
<25.*
<26.2.2
rhbk/keycloak-rhel9
*
keycloak-rhel9-container
*
org.keycloak.authentication
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
keycloak-rhel9-operator-container
*
keycloak-rhel9-operator-bundle-container
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4