Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-5154
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 month, 1 week ago
Cri-o: malicious container can create symlink on host

A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

cri-o
<1.28.7
*
<1.30.1
<1.29.5
rhcos
*
conman
conmon
kernel
*
openshift
*
container-tools:rhel8/podman

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
Package maintainers: 2
CVE-2024-34768
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.

fastly
=<1.2.25

pkgs.fastly

Command line tool for interacting with the Fastly API

pkgs.prometheus-fastly-exporter

Prometheus exporter for the Fastly Real-time Analytics API

pkgs.terraform-providers.fastly

Package maintainers: 4
CVE-2023-25799
8.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.

tutor
=<2.1.8

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack
Package maintainers: 1
CVE-2024-32779
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 1 week ago
WordPress Vision – Image Map Builder plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Avirtum Vision Interactive.This issue affects Vision Interactive: from n/a through 1.7.1.

vision
=<1.7.1

pkgs.envision

UI for building, configuring and running Monado, the open source OpenXR runtime (with build environment)

pkgs.television

Blazingly fast general purpose fuzzy finder TUI

pkgs.autorevision

Extracts revision metadata from your VCS repository

pkgs.photonvision

Free, fast, and easy-to-use computer vision solution for the FIRST Robotics Competition

pkgs.kanidm-provision

Small utility to help with kanidm provisioning

pkgs.envision-unwrapped

UI for building, configuring and running Monado, the open source OpenXR runtime

pkgs.influxdb2-provision

Small utility to help provisioning influxdb2

pkgs.rocmPackages.mivisionx

Set of comprehensive computer vision and machine intelligence libraries, utilities, and applications

pkgs.thin-provisioning-tools

Suite of tools for manipulating the metadata of the dm-thin device-mapper target

pkgs.rocmPackages_6.mivisionx

Set of comprehensive computer vision and machine intelligence libraries, utilities, and applications

pkgs.python312Packages.visions

Type system for data analysis in Python

pkgs.python313Packages.visions

Type system for data analysis in Python

pkgs.rocmPackages.mivisionx-cpu

Set of comprehensive computer vision and machine intelligence libraries, utilities, and applications

pkgs.rocmPackages.mivisionx-hip

Set of comprehensive computer vision and machine intelligence libraries, utilities, and applications

pkgs.python312Packages.hikvision

Python module for interacting with Hikvision IP Cameras

pkgs.python313Packages.hikvision

Python module for interacting with Hikvision IP Cameras

pkgs.haskellPackages.gogol-vision

Google Cloud Vision SDK

pkgs.haskellPackages.vcs-revision

Facilities for accessing the version control revision of the current directory

pkgs.rocmPackages_6.mivisionx-cpu

Set of comprehensive computer vision and machine intelligence libraries, utilities, and applications

pkgs.rocmPackages_6.mivisionx-hip

Set of comprehensive computer vision and machine intelligence libraries, utilities, and applications

pkgs.python312Packages.cleanvision

Automatically find issues in image datasets and practice data-centric computer vision

pkgs.python312Packages.torchvision

PyTorch vision library

pkgs.python313Packages.cleanvision

Automatically find issues in image datasets and practice data-centric computer vision

pkgs.python313Packages.torchvision

PyTorch vision library

pkgs.kanidmWithSecretProvisioning_1_5

Simple, secure and fast identity management platform

pkgs.kanidmWithSecretProvisioning_1_6

Simple, secure and fast identity management platform

pkgs.kanidmWithSecretProvisioning_1_7

Simple, secure and fast identity management platform

pkgs.python312Packages.torchvision-bin

PyTorch vision library

pkgs.python313Packages.torchvision-bin

PyTorch vision library

pkgs.python312Packages.google-cloud-vision

Cloud Vision API API client library

pkgs.python313Packages.google-cloud-vision

Cloud Vision API API client library

pkgs.haskellPackages.amazonka-lookoutvision

Amazon Lookout for Vision SDK

pkgs.haskellPackages.gogol-androiddeviceprovisioning

Google Android Device Provisioning Partner SDK

pkgs.python312Packages.azure-ai-vision-imageanalysis

Azure Image Analysis client library for Python

pkgs.python313Packages.azure-ai-vision-imageanalysis

Azure Image Analysis client library for Python

pkgs.python312Packages.types-aiobotocore-lookoutvision

Type annotations for aiobotocore lookoutvision

pkgs.python313Packages.types-aiobotocore-lookoutvision

Type annotations for aiobotocore lookoutvision

pkgs.python312Packages.azure-mgmt-iothubprovisioningservices

This is the Microsoft Azure IoTHub Provisioning Services Client Library

pkgs.python313Packages.azure-mgmt-iothubprovisioningservices

This is the Microsoft Azure IoTHub Provisioning Services Client Library

pkgs.python312Packages.mkdocs-git-revision-date-localized-plugin

MkDocs plugin that enables displaying the date of the last git modification of a page

pkgs.python313Packages.mkdocs-git-revision-date-localized-plugin

MkDocs plugin that enables displaying the date of the last git modification of a page
Package maintainers: 22
CVE-2024-35711
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Event theme <= 1.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.This issue affects Event: from n/a through 1.2.2.

event
=<1.2.2

pkgs.tevent

Event system based on the talloc memory management library

pkgs.direvent

Directory event monitoring daemon

pkgs.eventlog

Syslog event logger library

pkgs.libevent

Event notification library

pkgs.lvm2_vdo

Tools to support Logical Volume Management (LVM) on Linux

pkgs.netevent

Share linux event devices with other machines

pkgs.eventstat

Simple monitoring of system events

pkgs.libtraceevent

Linux kernel trace event library

pkgs.lvm2_dmeventd

Tools to support Logical Volume Management (LVM) on Linux

pkgs.seventeenlands

Client for passing relevant events from MTG Arena logs to the 17Lands REST endpoint, also known as mtga-log-client

pkgs.aws-c-event-stream

C99 implementation of the vnd.amazon.eventstream content-type

pkgs.luaPackages.luaevent

pkgs.php81Extensions.event

Efficiently schedule I/O, time and signal based events using the best I/O notification mechanism available

pkgs.php82Extensions.event

Efficiently schedule I/O, time and signal based events using the best I/O notification mechanism available

pkgs.php83Extensions.event

Efficiently schedule I/O, time and signal based events using the best I/O notification mechanism available

pkgs.php84Extensions.event

Efficiently schedule I/O, time and signal based events using the best I/O notification mechanism available

pkgs.kdePackages.eventviews

Library for displaying and creating events and calendars

pkgs.lua51Packages.luaevent

pkgs.lua52Packages.luaevent

pkgs.lua53Packages.luaevent

pkgs.luajitPackages.luaevent

pkgs.rubyPackages.rb-fsevent

pkgs.haskellPackages.hinotify

File/folder watching for OS X

pkgs.python312Packages.events

Bringing the elegance of C# EventHanlder to Python

pkgs.python312Packages.gevent

Coroutine-based networking library

pkgs.python313Packages.events

Bringing the elegance of C# EventHanlder to Python

pkgs.python313Packages.gevent

Coroutine-based networking library

pkgs.haskellPackages.hfsevents

File/folder watching for OS X

pkgs.rubyPackages.eventmachine

pkgs.haskellPackages.event-list

Event lists with relative or absolute time stamps

pkgs.haskellPackages.ghc-events

Library and tool for parsing .eventlog files from GHC

pkgs.python312Packages.eventkit

Event-driven data pipelines

pkgs.python312Packages.eventlet

Concurrent networking library for Python

pkgs.python313Packages.eventkit

Event-driven data pipelines

pkgs.python313Packages.eventlet

Concurrent networking library for Python

pkgs.rubyPackages_3_1.rb-fsevent

pkgs.rubyPackages_3_2.rb-fsevent

pkgs.rubyPackages_3_3.rb-fsevent

pkgs.rubyPackages_3_4.rb-fsevent

pkgs.python312Packages.icalevents

Python module for iCal URL/file parsing and querying

pkgs.python312Packages.zope-event

Event publishing system

pkgs.python313Packages.icalevents

Python module for iCal URL/file parsing and querying

pkgs.python313Packages.zope-event

Event publishing system

pkgs.haskellPackages.control-event

Event scheduling system

pkgs.haskellPackages.eventlog2html

Visualise an eventlog

pkgs.haskellPackages.eventsourcing

CQRS/ES library

pkgs.python312Packages.cloudevents

Python SDK for CloudEvents

pkgs.python312Packages.macfsevents

Thread-based interface to file system observation primitives

pkgs.python313Packages.cloudevents

Python SDK for CloudEvents

pkgs.python313Packages.macfsevents

Thread-based interface to file system observation primitives

pkgs.rubyPackages_3_1.eventmachine

pkgs.rubyPackages_3_2.eventmachine

pkgs.rubyPackages_3_3.eventmachine

pkgs.rubyPackages_3_4.eventmachine

pkgs.azure-cli-extensions.eventgrid

Microsoft Azure Command-Line Tools EventGrid Command Module

pkgs.haskellPackages.event-handlers

Event handlers

pkgs.python312Packages.pyinputevent

Python interface to the Input Subsystem's input_event and uinput

pkgs.python313Packages.pyinputevent

Python interface to the Input Subsystem's input_event and uinput

pkgs.haskellPackages.crdt-event-fold

Garbage collected event folding CRDT

pkgs.haskellPackages.eventlog-socket

Stream GHC eventlog events to external processes

pkgs.haskellPackages.wai-eventsource

WAI support for server-sent events (deprecated)

pkgs.python312Packages.notify-events

Python client for Notify.Events

pkgs.python313Packages.notify-events

Python client for Notify.Events

pkgs.haskellPackages.ghc-trace-events

Faster traceEvent and traceMarker, and binary object logging for eventlog

pkgs.python312Packages.azure-eventhub

Microsoft Azure Event Hubs Client Library for Python

pkgs.python312Packages.jupyter-events

Configurable event system for Jupyter applications and extensions

pkgs.python312Packages.seventeentrack

Python library to track package info from 17track.com

pkgs.python313Packages.azure-eventhub

Microsoft Azure Event Hubs Client Library for Python

pkgs.python313Packages.jupyter-events

Configurable event system for Jupyter applications and extensions

pkgs.python313Packages.seventeentrack

Python library to track package info from 17track.com

pkgs.haskellPackages.event-transformer

Initial project template from stack

pkgs.haskellPackages.funbot-ext-events

Interact with FunBot's external events

pkgs.haskellPackages.yesod-eventsource

Server-sent events support for Yesod apps

pkgs.python312Packages.azure-eventgrid

Fully-managed intelligent event routing service that allows for uniform event consumption using a publish-subscribe model

pkgs.python312Packages.gevent-socketio

SocketIO server based on the Gevent pywsgi server

pkgs.python312Packages.watchdog-gevent

Gevent-based observer for watchdog

pkgs.python313Packages.azure-eventgrid

Fully-managed intelligent event routing service that allows for uniform event consumption using a publish-subscribe model

pkgs.python313Packages.gevent-socketio

SocketIO server based on the Gevent pywsgi server

pkgs.python313Packages.watchdog-gevent

Gevent-based observer for watchdog

pkgs.tmuxPlugins.vim-tmux-focus-events

Makes FocusGained and FocusLost autocommand events work in vim when using tmux

pkgs.haskellPackages.amazonka-iotevents

Amazon IoT Events SDK

pkgs.python312Packages.dissect-eventlog

Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats

pkgs.python312Packages.gevent-websocket

Websocket handler for the gevent pywsgi server

pkgs.python312Packages.geventhttpclient

High performance, concurrent HTTP client library using gevent

pkgs.python312Packages.pyseventeentrack

Simple Python API for 17track.net

pkgs.python313Packages.dissect-eventlog

Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats

pkgs.python313Packages.gevent-websocket

Websocket handler for the gevent pywsgi server

pkgs.python313Packages.geventhttpclient

High performance, concurrent HTTP client library using gevent

pkgs.python313Packages.pyseventeentrack

Simple Python API for 17track.net

pkgs.python312Packages.mypy-boto3-events

Type annotations for boto3 events

pkgs.python313Packages.mypy-boto3-events

Type annotations for boto3 events

pkgs.haskellPackages.moffy-samples-events

Events for sample codes of moffy

pkgs.home-assistant-component-tests.event

Open source home automation that puts local control and privacy first

pkgs.python312Packages.azure-mgmt-eventhub

This is the Microsoft Azure EventHub Management Client Library

pkgs.python312Packages.gevent-eventemitter

EventEmitter using gevent

pkgs.python312Packages.zope-lifecycleevent

Object life-cycle events

pkgs.python313Packages.azure-mgmt-eventhub

This is the Microsoft Azure EventHub Management Client Library

pkgs.python313Packages.gevent-eventemitter

EventEmitter using gevent

pkgs.python313Packages.zope-lifecycleevent

Object life-cycle events

pkgs.python312Packages.azure-mgmt-eventgrid

This is the Microsoft Azure EventGrid Management Client Library

pkgs.python313Packages.azure-mgmt-eventgrid

This is the Microsoft Azure EventGrid Management Client Library

pkgs.haskellPackages.amazonka-iotevents-data

Amazon IoT Events Data SDK

pkgs.python312Packages.recurring-ical-events

Repeat ICalendar events by RRULE, RDATE and EXDATE

pkgs.python312Packages.skytemple-eventserver

Websocket server that emits SkyTemple UI events

pkgs.python313Packages.recurring-ical-events

Repeat ICalendar events by RRULE, RDATE and EXDATE

pkgs.python313Packages.skytemple-eventserver

Websocket server that emits SkyTemple UI events

pkgs.haskellPackages.eventsourcing-postgresql

PostgreSQL adaptor for eventsourcing

pkgs.haskellPackages.amazonka-cloudwatch-events

Amazon EventBridge SDK

pkgs.python312Packages.types-aiobotocore-events

Type annotations for aiobotocore events

pkgs.python313Packages.types-aiobotocore-events

Type annotations for aiobotocore events

pkgs.haskellPackages.amazonka-personalize-events

Amazon Personalize Events SDK

pkgs.home-assistant-component-tests.notify_events

Open source home automation that puts local control and privacy first

pkgs.gnomeExtensions.dim-completed-calendar-events

Dim completed events in the top panel menu to easily distinguish between upcoming and past events. You can also highlight events that are ongoing.

pkgs.home-assistant-component-tests.geo_rss_events

Open source home automation that puts local control and privacy first

pkgs.home-assistant-component-tests.seventeentrack

Open source home automation that puts local control and privacy first

pkgs.python312Packages.types-aiobotocore-iotevents

Type annotations for aiobotocore iotevents

pkgs.python313Packages.types-aiobotocore-iotevents

Type annotations for aiobotocore iotevents

pkgs.home-assistant-component-tests.azure_event_hub

Open source home automation that puts local control and privacy first

pkgs.home-assistant-component-tests.geo_json_events

Open source home automation that puts local control and privacy first

pkgs.home-assistant-component-tests.mqtt_eventstream

Open source home automation that puts local control and privacy first

pkgs.python312Packages.types-aiobotocore-iotevents-data

Type annotations for aiobotocore iotevents-data

pkgs.python313Packages.types-aiobotocore-iotevents-data

Type annotations for aiobotocore iotevents-data

pkgs.python312Packages.types-aiobotocore-personalize-events

Type annotations for aiobotocore personalize-events

pkgs.python313Packages.types-aiobotocore-personalize-events

Type annotations for aiobotocore personalize-events
Package maintainers: 41
CVE-2024-35679
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0.

give
=<3.12.0

pkgs.filegive

Easy p2p file sending program
CVE-2024-35736
8.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 1 week ago
WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.

visualizer
=<3.11.1

pkgs.dbvisualizer

Universal database tool

pkgs.MIDIVisualizer

Small MIDI visualizer tool, using OpenGL

pkgs.midivisualizer

Small MIDI visualizer tool, using OpenGL

pkgs.massif-visualizer

Tool that visualizes massif data generated by valgrind

pkgs.precice-config-visualizer

Small python tool for visualizing the preCICE xml configuration

pkgs.kdePackages.massif-visualizer

Visualizer for Valgrind Massif data files

pkgs.gnomeExtensions.sound-visualizer

A Real Time Sound Visualizer Based On Gstreamer
Package maintainers: 13
CVE-2024-37065
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Deserialization of untrusted data can occur in versions 0.6 or …

Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.

skops
=<*

pkgs.python312Packages.skops

Library for saving/loading, sharing, and deploying scikit-learn based models

pkgs.python313Packages.skops

Library for saving/loading, sharing, and deploying scikit-learn based models
Package maintainers: 1
CVE-2024-37059
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
Deserialization of untrusted data can occur in versions of the …

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.

mlflow
=<*

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker
Package maintainers: 2
CVE-2024-37054
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 1 week ago
CISA ADP Vulnrichment

None

mlflow
=<*

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker
Package maintainers: 2