⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2022-45083
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 1 week ago
WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.

wp-user-avatar
=<4.3.2
CVE-2025-49254
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
WordPress Nika <= 1.2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika allows PHP Local File Inclusion. This issue affects Nika: from n/a through 1.2.8.

nika
=<1.2.8

pkgs.python311Packages.minikanren

Relational programming in Python

pkgs.python312Packages.minikanren.x86_64-linux

Relational programming in Python

pkgs.python312Packages.minikanren.aarch64-linux

Relational programming in Python

pkgs.python312Packages.minikanren.x86_64-darwin

Relational programming in Python

pkgs.python312Packages.minikanren.aarch64-darwin

Relational programming in Python
Package maintainers: 1
CVE-2025-49180
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2025-49253
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1.

lasa
=<1.1

pkgs.gnomeExtensions.glasa

This extension puts adds an indicator to the top panel whose icon continuously renders two comic-like eyes that follow the mouse cursor.
  • nixos-unstable 14
    • nixos-unstable-small 14
    • nixpkgs-unstable 14

pkgs.typstPackages.lasagna_0_1_0

Add layers, toggle them using tags easily

pkgs.typstPackages.lasaveur_0_1_3

Porting vim-latex's math shorthands to Typst. An accommendating vim syntax file is provided in the repo

pkgs.typstPackages.lasaveur_0_1_4

Porting vim-latex's math shorthands to Typst. An accommendating vim syntax file is provided in the repo
Package maintainers: 2
CVE-2025-31919
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
WordPress Spare <= 1.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.

spare
=<1.7

pkgs.asciiquarium-transparent

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.gnomeExtensions.transparent-top-bar

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.
  • nixos-25.05 24
    • nixpkgs-25.05-darwin 24
    • nixos-25.05-small 24
  • nixos-unstable 23
    • nixos-unstable-small 23
    • nixpkgs-unstable 24

pkgs.vimPlugins.transparent-nvim.x86_64-linux

pkgs.gnomeExtensions.transparent-window-moving

Makes the window semi-transparent when moving or resizing
  • nixos-25.05 19
    • nixpkgs-25.05-darwin 19
    • nixos-25.05-small 19
  • nixos-unstable 18
    • nixos-unstable-small 18
    • nixpkgs-unstable 18

pkgs.vimPlugins.transparent-nvim.aarch64-linux

pkgs.vimPlugins.transparent-nvim.x86_64-darwin

pkgs.vimPlugins.transparent-nvim.aarch64-darwin

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar
  • nixos-25.05 24
    • nixpkgs-25.05-darwin 24
    • nixos-25.05-small 24
  • nixos-unstable 21
    • nixos-unstable-small 21
    • nixpkgs-unstable 24
Package maintainers: 4
CVE-2024-0408
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Xorg-x11-server: selinux unlabeled glx pbuffer

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

tigervnc
xorg-server
<21.1.11
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2025-49175
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2024-0553
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 1 week ago
Gnutls: incomplete fix for cve-2023-5981

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

gnutls
*
<3.8.3
odf4/cephcsi-rhel9
*
odf4/odf-cli-rhel9
*
odf4/mcg-core-rhel9
*
odf4/odf-console-rhel9
*
odf4/mcg-rhel9-operator
*
odf4/ocs-rhel9-operator
*
odf4/odf-rhel9-operator
*
odf4/odr-rhel9-operator
*
odf4/mcg-operator-bundle
*
odf4/ocs-operator-bundle
*
odf4/odf-operator-bundle
*
odf4/odf-must-gather-rhel9
*
odf4/odf-cosi-sidecar-rhel9
*
odf4/odr-hub-operator-bundle
*
odf4/ocs-client-console-rhel9
*
odf4/rook-ceph-rhel9-operator
*
odf4/ocs-client-rhel9-operator
*
openshift-logging/vector-rhel9
*
odf4/ocs-client-operator-bundle
*
odf4/ocs-metrics-exporter-rhel9
*
openshift-logging/fluentd-rhel9
*
odf4/odr-cluster-operator-bundle
*
odf4/odf-csi-addons-sidecar-rhel9
*
odf4/odf-csi-addons-rhel9-operator
*
odf4/odf-csi-addons-operator-bundle
*
odf4/odf-multicluster-console-rhel9
*
openshift-logging/eventrouter-rhel9
*
odf4/odf-multicluster-rhel9-operator
*
openshift-logging/logging-loki-rhel9
*
odf4/odf-multicluster-operator-bundle
*
openshift-logging/loki-rhel9-operator
*
openshift-logging/opa-openshift-rhel9
*
openshift-logging/elasticsearch6-rhel9
*
openshift-logging/loki-operator-bundle
*
openshift-logging/logging-curator5-rhel9
*
openshift-logging/lokistack-gateway-rhel9
*
openshift-logging/elasticsearch-proxy-rhel9
*
openshift-logging/logging-view-plugin-rhel9
*
openshift-logging/elasticsearch-rhel9-operator
*
openshift-logging/elasticsearch-operator-bundle
*
openshift-logging/cluster-logging-rhel9-operator
*
openshift-logging/log-file-metric-exporter-rhel9
*
openshift-logging/cluster-logging-operator-bundle
*

pkgs.python312Packages.python3-gnutls.x86_64-linux

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.aarch64-linux

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.x86_64-darwin

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.aarch64-darwin

Python wrapper for the GnuTLS library
Package maintainers: 3
CVE-2025-49176
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*
CVE-2023-6816
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*