⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-28835
5.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Gnutls: potential crash during chain building/verification

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

gnutls
*
==3.8.3

pkgs.gnutls.aarch64-linux

GNU Transport Layer Security Library

pkgs.gnutls.x86_64-darwin

GNU Transport Layer Security Library

pkgs.gnutls.aarch64-darwin

GNU Transport Layer Security Library

pkgs.guile-gnutls.x86_64-linux

Guile bindings for GnuTLS library

pkgs.guile-gnutls.aarch64-linux

Guile bindings for GnuTLS library

pkgs.guile-gnutls.x86_64-darwin

Guile bindings for GnuTLS library

pkgs.guile-gnutls.aarch64-darwin

Guile bindings for GnuTLS library

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library
Package maintainers: 3
CVE-2025-30193
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Denial of service via crafted TCP exchange

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention.

dnsdist
==1.9.10
Package maintainers: 1
CVE-2025-26867
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Bulk theme <= 1.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.

bulk
=<1.0.11

pkgs.bulky

Bulk rename app

pkgs.cinnamon.bulky

Bulk rename app

pkgs.bulky.x86_64-linux

Bulk rename app

pkgs.bulky.aarch64-linux

Bulk rename app

pkgs.python313Packages.rebulk

Advanced string matching from simple patterns

pkgs.bulk_extractor.x86_64-linux

Digital forensics tool for extracting information from file systems

pkgs.cinnamon.bulky.x86_64-linux

Bulk rename app

pkgs.bulk_extractor.aarch64-linux

Digital forensics tool for extracting information from file systems

pkgs.bulk_extractor.x86_64-darwin

Digital forensics tool for extracting information from file systems

pkgs.cinnamon.bulky.aarch64-linux

Bulk rename app

pkgs.bulk_extractor.aarch64-darwin

Digital forensics tool for extracting information from file systems

pkgs.python311Packages.rebulk.x86_64-linux

Advanced string matching from simple patterns

pkgs.python312Packages.rebulk.x86_64-linux

Advanced string matching from simple patterns

pkgs.python311Packages.rebulk.aarch64-linux

Advanced string matching from simple patterns

pkgs.python311Packages.rebulk.x86_64-darwin

Advanced string matching from simple patterns

pkgs.python312Packages.rebulk.aarch64-linux

Advanced string matching from simple patterns

pkgs.python312Packages.rebulk.x86_64-darwin

Advanced string matching from simple patterns

pkgs.python311Packages.rebulk.aarch64-darwin

Advanced string matching from simple patterns

pkgs.python312Packages.rebulk.aarch64-darwin

Advanced string matching from simple patterns
Package maintainers: 3
CVE-2025-31027
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.

tiger
=<2.0

pkgs.tigerjython

Simple development environment for programming in Python

pkgs.libtiger.x86_64-linux

A rendering library for Kate streams using Pango and Cairo

pkgs.libtiger.aarch64-linux

A rendering library for Kate streams using Pango and Cairo

pkgs.libtiger.x86_64-darwin

A rendering library for Kate streams using Pango and Cairo

pkgs.libtiger.aarch64-darwin

A rendering library for Kate streams using Pango and Cairo

pkgs.tigerjython.x86_64-linux

Simple development environment for programming in Python

pkgs.tigerbeetle.x86_64-darwin

Financial accounting database designed to be distributed and fast

pkgs.tigerjython.aarch64-linux

Simple development environment for programming in Python

pkgs.tigerjython.x86_64-darwin

Simple development environment for programming in Python

pkgs.tigerbeetle.aarch64-darwin

Financial accounting database designed to be distributed and fast

pkgs.tigerjython.aarch64-darwin

Simple development environment for programming in Python

pkgs.vimPlugins.nvim-treesitter-parsers.tiger

  • nixos-24.05 ???
    • nixpkgs-24.05-darwin
  • nixos-24.11 ???
    • nixpkgs-24.11-darwin
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.tree-sitter-grammars.tree-sitter-tiger.aarch64-linux

pkgs.tree-sitter-grammars.tree-sitter-tiger.x86_64-darwin

pkgs.chickenPackages_5.chickenEggs.tiger-hash.x86_64-linux

Tiger/192 Message Digest

pkgs.tree-sitter-grammars.tree-sitter-tiger.aarch64-darwin

pkgs.vimPlugins.nvim-treesitter-parsers.tiger.x86_64-linux

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.chickenPackages_5.chickenEggs.tiger-hash.aarch64-linux

Tiger/192 Message Digest

pkgs.chickenPackages_5.chickenEggs.tiger-hash.x86_64-darwin

Tiger/192 Message Digest

pkgs.vimPlugins.nvim-treesitter-parsers.tiger.aarch64-linux

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.vimPlugins.nvim-treesitter-parsers.tiger.x86_64-darwin

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.chickenPackages_5.chickenEggs.tiger-hash.aarch64-darwin

Tiger/192 Message Digest

pkgs.vimPlugins.nvim-treesitter-parsers.tiger.aarch64-darwin

  • nixos-24.05 ???
    • nixos-24.05-small
  • nixos-24.11 ???
    • nixos-24.11-small
  • nixos-unstable ???

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-tiger

Python bindings for tree-sitter-tiger

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-tiger

Python bindings for tree-sitter-tiger
Package maintainers: 8
CVE-2025-23988
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.

ghostwriter
=<1.4

pkgs.plasma5Packages.ghostwriter

Cross-platform, aesthetic, distraction-free Markdown editor

pkgs.libsForQt5.ghostwriter.x86_64-linux

A cross-platform, aesthetic, distraction-free Markdown editor

pkgs.libsForQt5.ghostwriter.aarch64-linux

A cross-platform, aesthetic, distraction-free Markdown editor
Package maintainers: 9
CVE-2025-26735
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.

grip
=<1.0.9

pkgs.go-grip

Preview Markdown files locally before committing them

pkgs.grip-grab

Fast, more lightweight ripgrep alternative for daily use cases

pkgs.grip-search

Fast, indexed regexp search over large file trees

pkgs.grip.x86_64-linux

GTK-based audio CD player/ripper

pkgs.grip.aarch64-linux

GTK-based audio CD player/ripper

pkgs.grip-grab.x86_64-linux

Fast, more lightweight ripgrep alternative for daily use cases

pkgs.python311Packages.grip

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python312Packages.grip

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python313Packages.grip

Preview GitHub Markdown files like Readme locally before committing them

pkgs.grip-grab.aarch64-linux

Fast, more lightweight ripgrep alternative for daily use cases

pkgs.grip-grab.x86_64-darwin

Fast, more lightweight ripgrep alternative for daily use cases

pkgs.grip-grab.aarch64-darwin

Fast, more lightweight ripgrep alternative for daily use cases

pkgs.grip-search.x86_64-linux

Fast, indexed regexp search over large file trees

pkgs.grip-search.aarch64-linux

Fast, indexed regexp search over large file trees

pkgs.grip-search.x86_64-darwin

Fast, indexed regexp search over large file trees

pkgs.grip-search.aarch64-darwin

Fast, indexed regexp search over large file trees

pkgs.jetbrains.datagrip.aarch64-linux

Database IDE from JetBrains

pkgs.jetbrains.datagrip.x86_64-darwin

Database IDE from JetBrains

pkgs.jetbrains.datagrip.aarch64-darwin

Database IDE from JetBrains

pkgs.python311Packages.grip.x86_64-linux

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python312Packages.grip.x86_64-linux

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python311Packages.grip.aarch64-linux

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python311Packages.grip.x86_64-darwin

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python312Packages.grip.aarch64-linux

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python312Packages.grip.x86_64-darwin

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python311Packages.grip.aarch64-darwin

Preview GitHub Markdown files like Readme locally before committing them

pkgs.python312Packages.grip.aarch64-darwin

Preview GitHub Markdown files like Readme locally before committing them
Package maintainers: 6
CVE-2025-4945
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Libsoup: integer overflow in cookie expiration date handling in libsoup

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

libsoup
libsoup3

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-4948
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup

A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.

libsoup
*
libsoup3
*

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-linux

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.x86_64-darwin

HTTP client/server library for GNOME

pkgs.gnome2.libsoup.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-linux

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".x86_64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4".aarch64-darwin

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
Package maintainers: 6
CVE-2025-31063
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 3 weeks ago
WordPress Wishlist <= 2.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.

wishlist
=<2.1.0

pkgs.wishlist.x86_64-linux

Single entrypoint for multiple SSH endpoints

pkgs.wishlist.aarch64-linux

Single entrypoint for multiple SSH endpoints

pkgs.wishlist.x86_64-darwin

Single entrypoint for multiple SSH endpoints

pkgs.wishlist.aarch64-darwin

Single entrypoint for multiple SSH endpoints
Package maintainers: 2
CVE-2025-31062
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 3 weeks ago
WordPress Wishlist <= 2.1.0 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.

wishlist
=<2.1.0

pkgs.wishlist.x86_64-linux

Single entrypoint for multiple SSH endpoints

pkgs.wishlist.aarch64-linux

Single entrypoint for multiple SSH endpoints

pkgs.wishlist.x86_64-darwin

Single entrypoint for multiple SSH endpoints

pkgs.wishlist.aarch64-darwin

Single entrypoint for multiple SSH endpoints
Package maintainers: 2