Dismissed

(not in Nixpkgs)

Permalink CVE-2025-14551

updated 2 hours ago by @jopejoe1 Activity log

• Created automatic suggestion 6 days, 21 hours ago
• @jopejoe1 ignored
  11 packages

  • gnomeExtensions.ubuntu-net-speed
  • plymouth-vortex-ubuntu-theme
  • nerd-fonts.ubuntu-sans
  • nerd-fonts.ubuntu-mono
  • kmod-blacklist-ubuntu
  • nerd-fonts.ubuntu
  • ubuntu-sans-mono
  • ubuntu-classic
  • ubuntu-themes
  • ubuntu-sans
  • banana-vera
  2 hours ago
• @jopejoe1 dismissed (not in Nixpkgs) 2 hours ago

Senstive information disclosure was affecting subiquity

• noble backport - stop logging network config and identity data issue-trackingpatch
• Stop logging identity data and network secrets issue-trackingpatch

---

subiquity

• =<25.04
• =<24.04.4
• =<25.10

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-15480

updated 2 hours ago by @jopejoe1 Activity log

• Created automatic suggestion 6 days, 21 hours ago
• @jopejoe1 ignored
  11 packages

  • banana-vera
  • ubuntu-sans
  • ubuntu-themes
  • ubuntu-classic
  • ubuntu-sans-mono
  • nerd-fonts.ubuntu
  • kmod-blacklist-ubuntu
  • nerd-fonts.ubuntu-mono
  • nerd-fonts.ubuntu-sans
  • plymouth-vortex-ubuntu-theme
  • gnomeExtensions.ubuntu-net-speed
  2 hours ago
• @jopejoe1 dismissed (not in Nixpkgs) 2 hours ago

Senstive information disclosure was affecting ubuntu-desktop-provision

• feat: don't log identity data (noble backport) issue-trackingpatch
• feat: don't log identity data issue-trackingpatch

---

ubuntu-desktop-provision

• =<25.04
• =<24.04.4
• =<25.10

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-35569

8.7 HIGH

• CVSS version: 3.1
• Attack vector (AV): NETWORK
• Attack complexity (AC): LOW
• Privileges required (PR): LOW
• User interaction (UI): REQUIRED
• Scope (S): CHANGED
• Confidentiality impact (C): HIGH
• Integrity impact (I): HIGH
• Availability impact (A): NONE

updated 16 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 16 hours ago

ApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

• https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-855c-r2vq-c292 x_refsource_CONFIRM
• https://github.com/apostrophecms/apostrophe/commit/0e57dd07a56ae1ba1e3af646ba026db4d0ab5bb3 x_refsource_MISC

---

apostrophe

• ==< 4.29.0

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-39857

5.3 MEDIUM

• CVSS version: 3.1
• Attack vector (AV): NETWORK
• Attack complexity (AC): LOW
• Privileges required (PR): NONE
• User interaction (UI): NONE
• Scope (S): UNCHANGED
• Confidentiality impact (C): LOW
• Integrity impact (I): NONE
• Availability impact (A): NONE

updated 16 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 16 hours ago

Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions

• https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-c276-fj82-f2pq x_refsource_CONFIRM
• https://github.com/apostrophecms/apostrophe/commit/6c2b548dec2e3f7a82e8e16736603f4cd17525aa x_refsource_MISC

---

apostrophe

• ==< 4.29.0

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40740

updated 17 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 17 hours ago

WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

• https://patchstack.com/database/Wordpress/Plugin/tutor/vulnerability/wordpress-… vdb-entry

---

tutor

• =<3.9.7

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-52641

2.9 LOW

• CVSS version: 3.1
• Attack vector (AV): LOCAL
• Attack complexity (AC): HIGH
• Privileges required (PR): HIGH
• User interaction (UI): REQUIRED
• Scope (S): UNCHANGED
• Confidentiality impact (C): LOW
• Integrity impact (I): LOW
• Availability impact (A): NONE

updated 17 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 17 hours ago

Internal Filesystem Exploration vulnerability

• https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130007

---

AION

• ==2.0

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-33877

3.7 LOW

• CVSS version: 3.1
• Attack vector (AV): NETWORK
• Attack complexity (AC): HIGH
• Privileges required (PR): NONE
• User interaction (UI): NONE
• Scope (S): UNCHANGED
• Confidentiality impact (C): LOW
• Integrity impact (I): NONE
• Availability impact (A): NONE

updated 17 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 17 hours ago

ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

• https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mj7r-x3h3-7rmr x_refsource_CONFIRM
• https://github.com/apostrophecms/apostrophe/commit/e266cffd8c0d331a9b05c92bf11616556efcdc77 x_refsource_MISC
• https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mj7r-x3h3-… exploit

---

apostrophe

• ==< 4.29.0

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40947

2.9 LOW

• CVSS version: 3.1
• Attack vector (AV): LOCAL
• Attack complexity (AC): HIGH
• Privileges required (PR): NONE
• User interaction (UI): NONE
• Scope (S): UNCHANGED
• Confidentiality impact (C): NONE
• Integrity impact (I): LOW
• Availability impact (A): NONE

updated 17 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse ignored package yubikey-manager 17 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 17 hours ago

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before …

• https://www.yubico.com/support/security-advisories/ysa-2026-01/

---

libfido2

• <1.17.0

python-fido2

• <2.2.0

yubikey-manager

• <5.9.1

Windows only

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-33889

5.4 MEDIUM

• CVSS version: 3.1
• Attack vector (AV): NETWORK
• Attack complexity (AC): LOW
• Privileges required (PR): LOW
• User interaction (UI): REQUIRED
• Scope (S): CHANGED
• Confidentiality impact (C): LOW
• Integrity impact (I): LOW
• Availability impact (A): NONE

updated 17 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 17 hours ago

ApostropheCMS: Stored XSS via CSS Custom Property Injection in `@apostrophecms/color-field` Escaping Style Tag Context

• https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-97v6-998m-fp4g x_refsource_CONFIRM
• https://github.com/apostrophecms/apostrophe/commit/6a89bdb7acdb2e1e9bf1429961a6ba7f99410481 x_refsource_MISC

---

apostrophe

• ==< 4.29.0

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40316

8.8 HIGH

• CVSS version: 3.1
• Attack vector (AV): NETWORK
• Attack complexity (AC): LOW
• Privileges required (PR): NONE
• User interaction (UI): REQUIRED
• Scope (S): UNCHANGED
• Confidentiality impact (C): HIGH
• Integrity impact (I): HIGH
• Availability impact (A): HIGH

updated 17 hours ago by @LeSuisse Activity log

• Created automatic suggestion 21 hours ago
• @LeSuisse dismissed (not in Nixpkgs) 17 hours ago

OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow

• https://github.com/OWASP-BLT/BLT/security/advisories/GHSA-wxm3-64fx-cmx9 x_refsource_CONFIRM

---

BLT

• ==<= 2.1