CVE-2025-22654 10.0 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 9 months, 3 weeks ago by @fpletz Activity log Created automatic suggestion 9 months, 4 weeks ago @fpletz dismissed 9 months, 3 weeks ago WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6. Affected products simplified =<1.0.6 Matching in nixpkgs pkgs.gnomeExtensions.net-speed-simplified A Net Speed extension With Loads of Customization. Fork of simplenetspeed nixos-unstable 43 nixos-unstable-small 43 nixpkgs-unstable 43 pkgs.haskellPackages.phonetic-languages-simplified-base A basics of the phonetic-languages functionality that can be groupped nixos-unstable 0.9.0.0 nixos-unstable-small 0.9.0.0 nixpkgs-unstable 0.9.0.0 pkgs.haskellPackages.phonetic-languages-simplified-properties-array-common Common functionality for 'with-tuples' and old version of properties nixos-unstable 0.4.1.0 nixos-unstable-small 0.4.1.0 nixpkgs-unstable 0.4.1.0 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.net-speed-simplified A Net Speed extension With Loads of Customization. Fork of simplenetspeed nixos-unstable 43 nixos-unstable-small 43 nixpkgs-unstable 43
pkgs.haskellPackages.phonetic-languages-simplified-base A basics of the phonetic-languages functionality that can be groupped nixos-unstable 0.9.0.0 nixos-unstable-small 0.9.0.0 nixpkgs-unstable 0.9.0.0
pkgs.haskellPackages.phonetic-languages-simplified-properties-array-common Common functionality for 'with-tuples' and old version of properties nixos-unstable 0.4.1.0 nixos-unstable-small 0.4.1.0 nixpkgs-unstable 0.4.1.0
CVE-2024-9979 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 1 year ago @fricklerhandwerk dismissed 10 months, 1 week ago Pyo3: risk of use-after-free in `borrowed` reads from python weak references A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. Affected products pyo3 <0.22.4 python-rpds-py python3.11-nh3 python3.11-rpds-py python3.11-cryptography python3.12-cryptography Matching in nixpkgs
CVE-2024-9902 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): LOW updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 1 year ago @fricklerhandwerk dismissed 10 months, 1 week ago Ansible-core: ansible-core user may read/write unauthorized content A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. Affected products core ansible-core <2.16.13rc1 <2.17.6rc1 <2.18.0rc2 <2.14.18rc1 * <2.15.13rc1 ee-29-container * ee-minimal-container * openstack-ansible-core * ansible-builder-container * ansible-automation-platform/ee-29-rhel8 * ansible-automation-platform/ee-minimal-rhel8 * ansible-automation-platform/ee-minimal-rhel9 * ansible-automation-platform/ansible-builder-rhel8 * ansible-automation-platform/ansible-builder-rhel9 * Matching in nixpkgs
CVE-2025-23987 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0. Affected products designer =<1.6.0 Matching in nixpkgs pkgs.libsForQt5.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.libsForQt5.kdesignerplugin.x86_64-linux nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.aarch64-linux nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.x86_64-darwin nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.aarch64-darwin nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.plasma5Packages.kdesignerplugin.x86_64-linux nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.aarch64-linux nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.x86_64-darwin nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.aarch64-darwin nixos-unstable ??? nixpkgs-unstable 5.116.0 Package maintainers: 2 @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @nyanloutre Paul Trehiou <paul@nyanlout.re>
pkgs.libsForQt5.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0
pkgs.plasma5Packages.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0
CVE-2023-1786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago sensitive data exposure in cloud-init logs Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. Affected products cloud-init <23.1.2 Matching in nixpkgs pkgs.cloud-init Provides configuration and customization of cloud instance nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2 Package maintainers: 2 @illustris Harikrishnan R <me@illustris.tech> @jfroche Jean-François Roche <jfroche@pyxel.be>
pkgs.cloud-init Provides configuration and customization of cloud instance nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2
CVE-2020-11936 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago gdbus setgid privilege escalation gdbus setgid privilege escalation Affected products apport <2.20.11-0ubuntu27.6 Matching in nixpkgs pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2023-0092 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago An authenticated user who has read access to the juju … An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Affected products juju <3.0.3 <2.9.38 Matching in nixpkgs pkgs.juju Open source modelling tool for operating software in the cloud nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4 pkgs.juju.x86_64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.aarch64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.x86_64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.aarch64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 Package maintainers: 1 @RealityAnomaly Alex Zero <alex@arctarus.co.uk>
pkgs.juju Open source modelling tool for operating software in the cloud nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4
pkgs.juju.x86_64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
pkgs.juju.aarch64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
pkgs.juju.x86_64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
pkgs.juju.aarch64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
CVE-2022-28653 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 10 months, 1 week ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 2 weeks ago @fricklerhandwerk dismissed 10 months, 1 week ago Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash Affected products apport <2.21.0 Matching in nixpkgs pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2025-23684 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 10 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 10 months, 3 weeks ago @fricklerhandwerk dismissed 10 months, 3 weeks ago WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. Affected products debug-tool =<2.2 Matching in nixpkgs pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 Package maintainers: 2 @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @yuuyins Yuu Yin <yuunix@grrlz.net>
pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
CVE-2025-23886 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 3 weeks ago by @Erethon Activity log Created automatic suggestion 11 months ago @Erethon accepted as draft 10 months, 3 weeks ago @Erethon dismissed 10 months, 3 weeks ago WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. Affected products annie =<2.1.1 Matching in nixpkgs pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0 Package maintainers: 1 @sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0