⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-0838 created 1 month, 2 weeks ago
Heap Buffer overflow in Abseil

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

abseil-cpp
<5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

pkgs.abseil-cpp_202206

An open-source collection of C++ code designed to augment the C++ standard library

pkgs.abseil-cpp_202308

An open-source collection of C++ code designed to augment the C++ standard library
Notify package maintainers: 2
CVE-2022-46848
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.

visualizer
=<3.9.1

pkgs.cli-visualizer

CLI based audio visualizer

pkgs.midivisualizer

Small MIDI visualizer tool, using OpenGL

pkgs.gnomeExtensions.sound-visualizer

A Real Time Sound Visualizer Based On Gstreamer
  • nixos-24.11 8
    • nixpkgs-24.11-darwin 8
    • nixos-24.11-small 8
  • nixos-unstable 8
    • nixos-unstable-small 8
    • nixpkgs-unstable 8
Notify package maintainers: 13
CVE-2023-23708
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.

visualizer
=<3.9.4

pkgs.cli-visualizer

CLI based audio visualizer

pkgs.midivisualizer

Small MIDI visualizer tool, using OpenGL

pkgs.gnomeExtensions.sound-visualizer

A Real Time Sound Visualizer Based On Gstreamer
  • nixos-24.11 8
    • nixpkgs-24.11-darwin 8
    • nixos-24.11-small 8
  • nixos-unstable 8
    • nixos-unstable-small 8
    • nixpkgs-unstable 8
Notify package maintainers: 13
CVE-2023-47238
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.

top-10
=<3.3.2

pkgs.darwin.top

pkgs.budgie.budgie-desktop

A feature-rich, modern desktop designed to keep out the way of the user

pkgs.gnomeExtensions.pip-on-top

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.
  • nixos-24.11 10
    • nixpkgs-24.11-darwin 10
    • nixos-24.11-small 10
  • nixos-unstable 10
    • nixos-unstable-small 10
    • nixpkgs-unstable 10

pkgs.gnomeExtensions.show-apps-at-top

Put show apps icon at top in Gnome default dash
Notify package maintainers: 4
CVE-2023-26008
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.

top-10
=<3.2.4

pkgs.darwin.top

pkgs.budgie.budgie-desktop

A feature-rich, modern desktop designed to keep out the way of the user

pkgs.gnomeExtensions.pip-on-top

Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too.
  • nixos-24.11 10
    • nixpkgs-24.11-darwin 10
    • nixos-24.11-small 10
  • nixos-unstable 10
    • nixos-unstable-small 10
    • nixpkgs-unstable 10

pkgs.gnomeExtensions.show-apps-at-top

Put show apps icon at top in Gnome default dash
Notify package maintainers: 4
CVE-2025-26465
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

rhcos
openssh

pkgs.openssh_hpnWithKerberos

Implementation of the SSH protocol with high performance networking patches
Notify package maintainers: 6
CVE-2024-1062
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

389-ds:1.4
*
389-ds-base
=<2.2.*
*
<2.2.*
redhat-ds:11
*
redhat-ds:12
*
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
Notify package maintainers: 1
CVE-2024-3657
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
389-ds-base: potential denial of service via specially crafted kerberos as-req request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

389-ds:1.4
*
389-ds-base
*
redhat-ds:11
*
redhat-ds:12
*
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
Notify package maintainers: 1
CVE-2024-5953
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

389-ds:1.4
*
389-ds-base
*
redhat-ds:11
*
redhat-ds:12
*
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
Notify package maintainers: 1
CVE-2025-26778
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Gallery Custom Links Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS. This issue affects Gallery: from n/a through 2.2.1.

gallery
=<2.2.1

pkgs.texlivePackages.dtxgallery

A small collection of minimal DTX examples
  • nixos-24.05 1
    • nixpkgs-24.05-darwin 1
    • nixos-24.05-small 1

pkgs.texlivePackages.image-gallery

Create an overview of pictures from a digital camera or from other sources

pkgs.azure-cli-extensions.gallery-service-artifact

Microsoft Azure Command-Line Tools GalleryServiceArtifact Extension
Notify package maintainers: 13