Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-23987 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0. designer =<1.6.0 pkgs.libsForQt5.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.libsForQt5.kdesignerplugin.x86_64-linux nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.aarch64-linux nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.x86_64-darwin nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.aarch64-darwin nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.plasma5Packages.kdesignerplugin.x86_64-linux nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.aarch64-linux nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.x86_64-darwin nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.aarch64-darwin nixos-unstable ??? nixpkgs-unstable 5.116.0 Package maintainers: 2 @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @nyanloutre Paul Trehiou <paul@nyanlout.re> CVE-2023-1786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago sensitive data exposure in cloud-init logs Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. cloud-init <23.1.2 pkgs.cloud-init Provides configuration and customization of cloud instance nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2 Package maintainers: 2 @illustris Harikrishnan R <me@illustris.tech> @jfroche Jean-François Roche <jfroche@pyxel.be> CVE-2020-11936 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago gdbus setgid privilege escalation gdbus setgid privilege escalation apport <2.20.11-0ubuntu27.6 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2023-0092 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago An authenticated user who has read access to the juju … An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. juju <2.9.38 <3.0.3 pkgs.juju Open source modelling tool for operating software in the cloud nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4 pkgs.juju.x86_64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.aarch64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.x86_64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.aarch64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 Package maintainers: 1 @RealityAnomaly Alex Zero <alex@arctarus.co.uk> CVE-2022-28653 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash apport <2.21.0 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2025-23684 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 9 months ago by @fricklerhandwerk Activity log Created automatic suggestion 9 months ago @fricklerhandwerk dismissed 9 months ago WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. debug-tool =<2.2 pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 Package maintainers: 2 @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @yuuyins Yuu Yin <yuunix@grrlz.net> CVE-2025-23886 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 9 months ago by @Erethon Activity log Created automatic suggestion 9 months, 1 week ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. annie =<2.1.1 pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0 Package maintainers: 1 @sheepforce Phillip Seeber <phillip.seeber@googlemail.com> CVE-2025-23892 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 9 months ago by @Erethon Activity log Created automatic suggestion 9 months, 1 week ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. progress-tracker =<0.9.3 pkgs.progress-tracker Simple kanban-style task organiser nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6 Package maintainers: 1 @Guanran928 Guanran Wang <guanran928@outlook.com> CVE-2022-45836 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 9 months ago by @Erethon Activity log Created automatic suggestion 9 months, 2 weeks ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. download-manager =<3.2.59 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3 pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com> CVE-2014-125026 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 9 months, 3 weeks ago by @arianvp Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago @arianvp accepted as draft 9 months, 3 weeks ago @arianvp dismissed 9 months, 3 weeks ago Out-of-bounds write in github.com/cloudflare/golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. github.com/cloudflare/golz4 <0.0.0-20140711154735-199f5f787806
CVE-2025-23987 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0. designer =<1.6.0 pkgs.libsForQt5.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0 pkgs.libsForQt5.kdesignerplugin.x86_64-linux nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.aarch64-linux nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.x86_64-darwin nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.libsForQt5.kdesignerplugin.aarch64-darwin nixos-unstable ??? nixos-unstable-small 5.116.0 pkgs.plasma5Packages.kdesignerplugin.x86_64-linux nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.aarch64-linux nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.x86_64-darwin nixos-unstable ??? nixpkgs-unstable 5.116.0 pkgs.plasma5Packages.kdesignerplugin.aarch64-darwin nixos-unstable ??? nixpkgs-unstable 5.116.0 Package maintainers: 2 @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @nyanloutre Paul Trehiou <paul@nyanlout.re>
pkgs.libsForQt5.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0
pkgs.plasma5Packages.kdesignerplugin nixos-unstable 5.116.0 nixos-unstable-small 5.116.0 nixpkgs-unstable 5.116.0
CVE-2023-1786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago sensitive data exposure in cloud-init logs Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. cloud-init <23.1.2 pkgs.cloud-init Provides configuration and customization of cloud instance nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2 Package maintainers: 2 @illustris Harikrishnan R <me@illustris.tech> @jfroche Jean-François Roche <jfroche@pyxel.be>
pkgs.cloud-init Provides configuration and customization of cloud instance nixos-unstable 24.2 nixos-unstable-small 24.2 nixpkgs-unstable 24.2
CVE-2020-11936 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago gdbus setgid privilege escalation gdbus setgid privilege escalation apport <2.20.11-0ubuntu27.6 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2023-0092 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago An authenticated user who has read access to the juju … An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. juju <2.9.38 <3.0.3 pkgs.juju Open source modelling tool for operating software in the cloud nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4 pkgs.juju.x86_64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.aarch64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.x86_64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 pkgs.juju.aarch64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4 Package maintainers: 1 @RealityAnomaly Alex Zero <alex@arctarus.co.uk>
pkgs.juju Open source modelling tool for operating software in the cloud nixos-unstable 3.5.4 nixos-unstable-small 3.5.4 nixpkgs-unstable 3.5.4
pkgs.juju.x86_64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
pkgs.juju.aarch64-linux Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
pkgs.juju.x86_64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
pkgs.juju.aarch64-darwin Open source modelling tool for operating software in the cloud nixos-unstable ??? nixpkgs-unstable 3.5.4
CVE-2022-28653 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 8 months, 3 weeks ago by @fricklerhandwerk Activity log Created automatic suggestion 8 months, 3 weeks ago @fricklerhandwerk dismissed 8 months, 3 weeks ago Users can consume unlimited disk space in /var/crash Users can consume unlimited disk space in /var/crash apport <2.21.0 pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4 Package maintainers: 1 @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.haskellPackages.apportionment Round a set of numbers while maintaining its sum nixos-unstable 0.0.0.4 nixos-unstable-small 0.0.0.4 nixpkgs-unstable 0.0.0.4
CVE-2025-23684 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE updated 9 months ago by @fricklerhandwerk Activity log Created automatic suggestion 9 months ago @fricklerhandwerk dismissed 9 months ago WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. debug-tool =<2.2 pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6 pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0 Package maintainers: 2 @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @yuuyins Yuu Yin <yuunix@grrlz.net>
pkgs.python311Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python312Packages.django-debug-toolbar Configurable set of panels that display debug information about the current request/response nixos-unstable 4.4.6 nixos-unstable-small 4.4.6 nixpkgs-unstable 4.4.6
pkgs.python311Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
pkgs.python312Packages.django-graphiql-debug-toolbar Django Debug Toolbar for GraphiQL IDE nixos-unstable 0.2.0 nixos-unstable-small 0.2.0 nixpkgs-unstable 0.2.0
CVE-2025-23886 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 9 months ago by @Erethon Activity log Created automatic suggestion 9 months, 1 week ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. annie =<2.1.1 pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0 Package maintainers: 1 @sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
pkgs.wannier90 Calculation of maximally localised Wannier functions nixos-unstable 3.1.0 nixos-unstable-small 3.1.0 nixpkgs-unstable 3.1.0
CVE-2025-23892 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 9 months ago by @Erethon Activity log Created automatic suggestion 9 months, 1 week ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. progress-tracker =<0.9.3 pkgs.progress-tracker Simple kanban-style task organiser nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6 Package maintainers: 1 @Guanran928 Guanran Wang <guanran928@outlook.com>
pkgs.progress-tracker Simple kanban-style task organiser nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6
CVE-2022-45836 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 9 months ago by @Erethon Activity log Created automatic suggestion 9 months, 2 weeks ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago @Erethon accepted as draft 9 months ago @Erethon dismissed 9 months ago WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. download-manager =<3.2.59 pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3 pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3
pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
CVE-2014-125026 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 9 months, 3 weeks ago by @arianvp Activity log Created automatic suggestion 10 months, 2 weeks ago @LeSuisse dismissed 10 months, 1 week ago @arianvp accepted as draft 9 months, 3 weeks ago @arianvp dismissed 9 months, 3 weeks ago Out-of-bounds write in github.com/cloudflare/golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. github.com/cloudflare/golz4 <0.0.0-20140711154735-199f5f787806