Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-49436
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
WordPress Custom Menu plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiudis Custom Menu allows Stored XSS. This issue affects Custom Menu: from n/a through 1.8.

custom-menu
=<1.8

pkgs.gnomeExtensions.custom-menu

Custom application menu with JSON configuration. Launch apps with specific profiles or execute toggle commands (e.g., for mounted drives) directly from your GNOME menu.
Package maintainers: 1
CVE-2025-48171
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress Cena Store <= 2.11.26 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store allows PHP Local File Inclusion. This issue affects Cena Store: from n/a through 2.11.26.

cena
=<2.11.26

pkgs.ocenaudio

Cross-platform, easy to use, fast and functional audio editor

pkgs.spacenavd

Device driver and SDK for 3Dconnexion 3D input devices

pkgs.asciinema-scenario

Create asciinema videos from a text file

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

pkgs.rubyPackages.mercenary

pkgs.rubyPackages_3_1.mercenary

pkgs.rubyPackages_3_2.mercenary

pkgs.rubyPackages_3_3.mercenary

pkgs.rubyPackages_3_4.mercenary

pkgs.python312Packages.testscenarios

Pyunit extension for dependency injection

pkgs.python313Packages.testscenarios

Pyunit extension for dependency injection

pkgs.azure-cli-extensions.scenario-guide

Microsoft Azure Command-Line Tools Scenario Guidance Extension

pkgs.haskellPackages.opengl-spacenavigator

Library and example for using a SpaceNavigator-compatible 3-D mouse with OpenGL
Package maintainers: 5
CVE-2023-5342
4.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
None

None

shim
shim-x64
<15.8-2

pkgs.yoshimi

High quality software synthesizer based on ZynAddSubFX

pkgs.epoll-shim

Small epoll implementation using kqueue

pkgs.libudev0-shim

Shim to preserve libudev.so.0 compatibility

pkgs.plex-mpv-shim

Allows casting of videos to MPV via the Plex mobile and web app

pkgs.shim-unsigned

UEFI shim loader

pkgs.doas-sudo-shim

Shim for the sudo command that utilizes doas

pkgs.rshim-user-space

User-space rshim driver for the BlueField SoC

pkgs.jellyfin-mpv-shim

Allows casting of videos to MPV via the jellyfin mobile and web app

pkgs.mpv-shim-default-shaders

Preconfigured set of MPV shaders and configurations for MPV Shim media clients

pkgs.python312Packages.shimmy

API conversion tool for popular external reinforcement learning environments

pkgs.pantheon.elementary-print-shim

Simple shim for printing support via Contractor

pkgs.python312Packages.notebook-shim

Switch frontends to Jupyter Server

pkgs.python313Packages.notebook-shim

Switch frontends to Jupyter Server

pkgs.python312Packages.pytz-deprecation-shim

Shims to make deprecation of pytz easier

pkgs.python313Packages.pytz-deprecation-shim

Shims to make deprecation of pytz easier
Package maintainers: 11
CVE-2025-55716
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability

Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15.

wp-statistics
=<14.15

pkgs.wordpressPackages.plugins.wp-statistics

CVE-2025-53241
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
WordPress Simplified Plugin <= 1.0.9 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9.

simplified
=<1.0.9

pkgs.gnomeExtensions.net-speed-simplified

A Net Speed extension With Loads of Customization. Fork of simplenetspeed

pkgs.gnomeExtensions.net-totals-simplified

A Net totals extension that only displays totals. Forked from Net Speed extension (netspeedsimplified@prateekmedia.extension) With Loads of Customization, version 43

pkgs.haskellPackages.phonetic-languages-simplified-base

A basics of the phonetic-languages functionality that can be groupped

pkgs.haskellPackages.phonetic-languages-simplified-properties-array-common

Common functionality for 'with-tuples' and old version of properties
Package maintainers: 1
CVE-2025-28975
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
WordPress Alike - WordPress Custom Post Comparison <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1.

alike
=<3.0.1

pkgs.soundalike

Find duplicate audio files using acoustic fingerprints

pkgs.gnomeExtensions.compiz-alike-magic-lamp-effect

Magic lamp effect inspired by the Compiz ones
Package maintainers: 2
CVE-2025-49053
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdrop Manager: from n/a through 1.0.5.

airdrop
=<1.0.5

pkgs.pairdrop

Local file sharing in your browser

pkgs.nodePackages.hs-airdrop

Handshake airdrop redemption

pkgs.nodePackages_latest.hs-airdrop

Handshake airdrop redemption
Package maintainers: 3
CVE-2025-8283
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
Netavark: podman: netavark may resolve hostnames to unexpected hosts

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.

rhcos
netavark
<1.15.1
container-tools:rhel8/netavark
container-tools:rhel8/containers-common

pkgs.netavark

Rust based network stack for containers
Package maintainers: 2
CVE-2025-3910
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
Org.keycloak.authentication: two factor authentication bypass

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

keycloak
<26.2.2
<25.*
<26.0.11
<26.1.*
rhbk/keycloak-rhel9
*
keycloak-rhel9-container
*
org.keycloak.authentication
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
keycloak-rhel9-operator-container
*
keycloak-rhel9-operator-bundle-container
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2025-4056
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
Glib: glib crash after long command line

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

glib
<2.84.1
bootc
glib2
loupe
librsvg2
mingw-glib2
glycin-loaders

pkgs.glib

C library of programming buildings blocks

pkgs.bootc

Boot and upgrade via container images

pkgs.glibc

GNU C Library

pkgs.iconv

GNU C Library

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

pkgs.alglib

Numerical analysis and data processing library

pkgs.glibmm

C++ interface to the GLib library

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.spglib

C library for finding and handling crystal symmetries

pkgs.taglib

Library for reading and editing audio file metadata

pkgs.poppler

PDF rendering library

pkgs.libiconv

pkgs.taglib_1

Library for reading and editing audio file metadata

pkgs.dbus-glib

Obsolete glib bindings for D-Bus lightweight IPC mechanism

pkgs.glibcInfo

GNU Info manual of the GNU C Library

pkgs.json-glib

Library providing (de)serialization support for the JavaScript Object Notation (JSON) format

pkgs.arrow-glib

GLib bindings for Apache Arrow

pkgs.i3ipc-glib

C interface library to i3wm

pkgs.poppler_gi

PDF rendering library

pkgs.glibmm_2_68

C++ interface to the GLib library

pkgs.libdbusmenu

Library for passing menu structures across DBus

pkgs.libglibutil

Library of glib utilities

pkgs.libzim-glib

Partial GObject/C bindings for libzim

pkgs.glib-testing

Test library providing test harnesses and mock classes complementing the classes provided by GLib

pkgs.glibcLocales

Locale information for the GNU C Library

pkgs.jsonrpc-glib

Library to communicate using the JSON-RPC 2.0 specification

pkgs.libgit2-glib

Glib wrapper library around the libgit2 git access library

pkgs.libqrtr-glib

Qualcomm IPC Router protocol helper library

pkgs.libvirt-glib

Wrapper library of libvirt for glib-based applications

pkgs.podman-bootc

Streamlining podman+bootc interactions

pkgs.taglib-sharp

Library for reading and writing metadata in media files

pkgs.mlxbf-bootctl

Control BlueField boot partitions

pkgs.safestringlib

Safer replacements for C library functions that prevent serious security vulnerabilities

pkgs.taglib_extras

Additional taglib plugins

pkgs.template-glib

Library for template expansion which supports calling into GObject Introspection from templates

pkgs.appstream-glib

Objects and helper methods to read and write AppStream metadata

pkgs.geocode-glib_2

Convenience library for the geocoding and reverse geocoding using Nominatim service

pkgs.glibc_memusage

GNU C Library

pkgs.glycin-loaders

Glycin loaders for several formats

pkgs.libsignon-glib

Library for managing single signon credentials which can be used from GLib applications

pkgs.glib-networking

Network-related giomodules for glib

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

pkgs.libaccounts-glib

Library for managing accounts which can be used from GLib applications

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

pkgs.kdePackages.taglib

Library for reading and editing audio file metadata

pkgs.haskellPackages.glib

Binding to the GLIB library for Gtk2Hs

pkgs.haskellPackages.taglib

Binding to TagLib (ID3 tag library)

pkgs.appmenu-glib-translator

Library for translating from DBusMenu to GMenuModel

pkgs.haskellPackages.gi-glib

GLib bindings

pkgs.haskellPackages.htaglib

Bindings to TagLib, audio meta-data library

pkgs.python312Packages.dbglib

pkgs.python312Packages.spglib

Python bindings for C library for finding and handling crystal symmetries

pkgs.python312Packages.svglib

Pure-Python library for reading and converting SVG

pkgs.python313Packages.dbglib

pkgs.python313Packages.spglib

Python bindings for C library for finding and handling crystal symmetries

pkgs.python313Packages.svglib

Pure-Python library for reading and converting SVG

pkgs.rubyPackages.taglib-ruby

pkgs.python312Packages.pytaglib

Python bindings for the Taglib audio metadata library

pkgs.python313Packages.pytaglib

Python bindings for the Taglib audio metadata library

pkgs.haskellPackages.glib-stopgap

Stopgap package of binding for GLib

pkgs.python312Packages.kconfiglib

Flexible Python 2/3 Kconfig implementation and library

pkgs.python313Packages.kconfiglib

Flexible Python 2/3 Kconfig implementation and library

pkgs.rubyPackages_3_1.taglib-ruby

pkgs.rubyPackages_3_2.taglib-ruby

pkgs.rubyPackages_3_3.taglib-ruby

pkgs.rubyPackages_3_4.taglib-ruby

pkgs.haskellPackages.bindings-glib

Low level bindings to GLib

pkgs.haskellPackages.uu-parsinglib

Fast, online, error-correcting, monadic, applicative, merging, permuting, interleaving, idiomatic parser combinators

pkgs.python312Packages.python-hglib

Library with a fast, convenient interface to Mercurial. It uses Mercurial’s command server for communication with hg

pkgs.python313Packages.python-hglib

Library with a fast, convenient interface to Mercurial. It uses Mercurial’s command server for communication with hg

pkgs.haskellPackages.gtk2hs-cast-glib

A type class for cast functions of Gtk2hs: glib package

pkgs.chickenPackages_5.chickenEggs.taglib

Bindings to taglib

pkgs.python312Packages.locationsharinglib

Python package to retrieve coordinates from a Google account

pkgs.python313Packages.locationsharinglib

Python package to retrieve coordinates from a Google account

pkgs.tests.pkg-config.defaultPkgConfigPackages.taglib

Test whether taglib-2.1.1 exposes pkg-config modules taglib
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.taglib_c

Test whether taglib-2.1.1 exposes pkg-config modules taglib_c
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."gio-2.0"

Test whether glib-2.84.4 exposes pkg-config modules gio-2.0
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitEnabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitDisabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.poppler-glib

Test whether poppler-glib-25.07.0 exposes pkg-config modules poppler-glib
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."gobject-2.0"

Test whether glib-2.84.4 exposes pkg-config modules gobject-2.0
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."gthread-2.0"

Test whether glib-2.84.4 exposes pkg-config modules gthread-2.0
  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages."dbusmenu-glib-0.4"

Test whether libdbusmenu-glib-16.04.0 exposes pkg-config modules dbusmenu-glib-0.4
  • nixos-unstable ???
    • nixpkgs-unstable
Package maintainers: 33