⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-6384 created 2 months, 1 week ago
Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Studio
<4.3.0

pkgs.rstudio.x86_64-linux

Set of integrated tools for the R language

pkgs.rstudio-server.x86_64-linux

Set of integrated tools for the R language

pkgs.vscode-extensions.visualstudiotoolsforunity.vstuc

Integrates Visual Studio Code for Unity

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.x86_64-linux

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.aarch64-linux

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.x86_64-darwin

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.aarch64-darwin

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.x86_64-linux

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.aarch64-linux

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.x86_64-darwin

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.aarch64-darwin

See relevant code examples from GitHub for over 100K different APIs right in your editor
Package maintainers: 5
CVE-2025-49178
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2023-6258
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths

A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.

pkcs11-provider

pkgs.pkcs11-provider

OpenSSL 3.x provider to access hardware or software tokens using the PKCS#11 Cryptographic Token Interface

pkgs.pkcs11-provider.x86_64-linux

OpenSSL 3.x provider to access hardware or software tokens using the PKCS#11 Cryptographic Token Interface

pkgs.pkcs11-provider.aarch64-linux

OpenSSL 3.x provider to access hardware or software tokens using the PKCS#11 Cryptographic Token Interface

pkgs.pkcs11-provider.x86_64-darwin

OpenSSL 3.x provider to access hardware or software tokens using the PKCS#11 Cryptographic Token Interface

pkgs.pkcs11-provider.aarch64-darwin

OpenSSL 3.x provider to access hardware or software tokens using the PKCS#11 Cryptographic Token Interface
Package maintainers: 1
CVE-2023-6476
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Cri-o: pods are able to break out of resource confinement on cgroupv2

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

cri-o
*
cri-o:1.21/cri-o

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
Package maintainers: 2
CVE-2025-6196
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Libgepub: integer overflow in libgepub's epub archive handling

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

libgepub

pkgs.libgepub

GObject based library for handling and rendering epub documents
Package maintainers: 4
CVE-2025-49258
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
WordPress Maia <= 1.1.15 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia allows PHP Local File Inclusion. This issue affects Maia: from n/a through 1.1.15.

maia
=<1.1.15
Package maintainers: 2
CVE-2024-0409
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Xorg-x11-server: selinux context corruption

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

tigervnc
xorg-server
<21.1.11
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2025-49177
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 1 week ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

tigervnc
xorg-x11-server
xorg-x11-server-Xwayland
*
CVE-2023-6004
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 1 week ago
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

libssh
*

pkgs.libssh.x86_64-linux

SSH client library

pkgs.libssh.aarch64-linux

SSH client library

pkgs.libssh.x86_64-darwin

SSH client library

pkgs.libssh2.x86_64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh.aarch64-darwin

SSH client library

pkgs.libssh2.aarch64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.x86_64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.aarch64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.haskellPackages.libssh2

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.python311Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.haskellPackages.libssh.x86_64-linux

libssh bindings

pkgs.haskellPackages.libssh.aarch64-linux

libssh bindings

pkgs.haskellPackages.libssh.x86_64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.x86_64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh.aarch64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.aarch64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.x86_64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.aarch64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit.x86_64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.x86_64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
Package maintainers: 3
CVE-2025-24761
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
WordPress DSK <= 2.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK allows PHP Local File Inclusion. This issue affects DSK: from n/a through 2.2.

dsk
=<2.2

pkgs.idsk

Manipulating CPC dsk images and files

pkgs.robotfindskitten.x86_64-linux

Yet another zen simulation; A simple find-the-kitten game

pkgs.robotfindskitten.aarch64-linux

Yet another zen simulation; A simple find-the-kitten game

pkgs.robotfindskitten.x86_64-darwin

Yet another zen simulation; A simple find-the-kitten game

pkgs.robotfindskitten.aarch64-darwin

Yet another zen simulation; A simple find-the-kitten game

pkgs.python311Packages.pmdsky-debug-py

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python312Packages.pmdsky-debug-py

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python313Packages.pmdsky-debug-py

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python312Packages.pmdsky-debug-py.x86_64-linux

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python312Packages.pmdsky-debug-py.aarch64-linux

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python312Packages.pmdsky-debug-py.x86_64-darwin

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python312Packages.pmdsky-debug-py.aarch64-darwin

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python
Package maintainers: 3