Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-37055
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

mlflow
=<*

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker
Package maintainers: 2
CVE-2024-37056
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

mlflow
=<*

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker
Package maintainers: 2
CVE-2024-37116
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3.

sinatra
=<1.3

pkgs.rubyPackages.sinatra

pkgs.rubyPackages_3_1.sinatra

pkgs.rubyPackages_3_2.sinatra

pkgs.rubyPackages_3_3.sinatra

pkgs.rubyPackages_3_4.sinatra

CVE-2024-37492
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Gutenberg plugin <= 18.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutenberg Team Gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through 18.6.0.

gutenberg
=<18.6.0

pkgs.wordpressPackages.plugins.gutenberg

pkgs.haskellPackages.gutenberg-fibonaccis

The first 1001 Fibonacci numbers, retrieved from the Gutenberg Project
Package maintainers: 2
CVE-2024-37521
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress zBench theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zwwooooo zBench allows Stored XSS.This issue affects zBench: from n/a through 1.4.2.

zbench
=<1.4.2

pkgs.lzbench

In-memory benchmark of open-source LZ77/LZSS/LZMA compressors
Package maintainers: 1
CVE-2024-37947
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.

tutor
=<2.7.2

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2024-37057
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.

mlflow
=<*

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker
Package maintainers: 2
CVE-2024-39877
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.

apache-airflow
<2.9.3

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines
Package maintainers: 3
CVE-2024-39863
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 1 week ago
Apache Airflow: Potential XSS Vulnerability

Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.

apache-airflow
<2.9.3

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines
Package maintainers: 3
CVE-2024-6655
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Gtk3: gtk2: library injection from cwd

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

gtk
<3.24.43
gtk2
gtk3
*
gtk4
gimp:flatpak/gtk2
inkscape:flatpak/gtk2

pkgs.lazarus

Graphical IDE for the FreePascal language

pkgs.adw-gtk3

Unofficial GTK 3 port of libadwaita

pkgs.pcmanx-gtk2

Telnet BBS browser with GTK interface

pkgs.emacs30-gtk3

Extensible, customizable GNU text editor

pkgs.pinentry-gtk2

GnuPG’s interface to passphrase input

pkgs.libportal-gtk3

Flatpak portal library

pkgs.ventoy-full-gtk

New Bootable USB Solution with GUI support

pkgs.libdbusmenu-gtk2

Library for passing menu structures across DBus

pkgs.libdbusmenu-gtk3

Library for passing menu structures across DBus

pkgs.libindicator-gtk2

Set of symbols and convenience functions for Ayatana indicators

pkgs.libindicator-gtk3

Set of symbols and convenience functions for Ayatana indicators

pkgs.kdePackages.qt6gtk2

GTK+2.0 integration plugins for Qt6

pkgs.qt6Packages.qt6gtk2

GTK+2.0 integration plugins for Qt6

pkgs.haskellPackages.gtk3

Binding to the Gtk+ 3 graphical user interface library

pkgs.haskellPackages.gi-gtk3

Gtk 3.x bindings

pkgs.haskellPackages.Chart-gtk3

Utility functions for using the chart library with GTK

pkgs.indicator-application-gtk2

Indicator to take menus from applications and place them in the panel (GTK 2 library for Xfce/LXDE)

pkgs.indicator-application-gtk3

Indicator to take menus from applications and place them in the panel

pkgs.haskellPackages.gtk2hs-cast-glib

A type class for cast functions of Gtk2hs: glib package

pkgs.haskellPackages.gtk2hs-buildtools

Tools to build the Gtk2Hs suite of User Interface libraries

pkgs.gnomeExtensions.adw-gtk3-colorizer

Colorize adw-gtk3 straight from your system color accents.

pkgs.haskellPackages.gtk3-mac-integration

Bindings for the Gtk/OS X integration library

pkgs.haskellPackages.webkit2gtk3-javascriptcore

JavaScriptCore FFI from webkitgtk

pkgs.gnomeExtensions.legacy-gtk3-theme-scheme-auto-switcher

Change the GTK3 theme to light/dark variant based on the system color scheme

pkgs.tests.pkg-config.defaultPkgConfigPackages."appindicator-0.1"

Test whether libappindicator-gtk2-12.10.1+20.10.20200706.1 exposes pkg-config modules appindicator-0.1

pkgs.tests.pkg-config.defaultPkgConfigPackages."appindicator3-0.1"

Test whether libappindicator-gtk3-12.10.1+20.10.20200706.1 exposes pkg-config modules appindicator3-0.1

pkgs.tests.pkg-config.defaultPkgConfigPackages."dbusmenu-gtk3-0.4"

Test whether libdbusmenu-gtk3-16.04.0 exposes pkg-config modules dbusmenu-gtk3-0.4
Package maintainers: 23