CVE-2025-23892 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 3 weeks ago by @Erethon Activity log Created automatic suggestion 11 months ago @Erethon accepted as draft 10 months, 3 weeks ago @Erethon dismissed 10 months, 3 weeks ago WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. Affected products progress-tracker =<0.9.3 Matching in nixpkgs pkgs.progress-tracker Simple kanban-style task organiser nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6 Package maintainers: 1 @Guanran928 Guanran Wang <guanran928@outlook.com>
pkgs.progress-tracker Simple kanban-style task organiser nixos-unstable 1.6 nixos-unstable-small 1.6 nixpkgs-unstable 1.6
CVE-2022-45836 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 10 months, 3 weeks ago by @Erethon Activity log Created automatic suggestion 11 months ago @Erethon accepted as draft 10 months, 3 weeks ago @Erethon dismissed 10 months, 3 weeks ago @Erethon accepted as draft 10 months, 3 weeks ago @Erethon dismissed 10 months, 3 weeks ago WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. Affected products download-manager =<3.2.59 Matching in nixpkgs pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3 pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-unstable 0.1.3 nixos-unstable-small 0.1.3 nixpkgs-unstable 0.1.3
pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
CVE-2014-125026 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 11 months, 2 weeks ago by @arianvp Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago @arianvp accepted as draft 11 months, 2 weeks ago @arianvp dismissed 11 months, 2 weeks ago Out-of-bounds write in github.com/cloudflare/golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. Affected products github.com/cloudflare/golz4 <0.0.0-20140711154735-199f5f787806 Matching in nixpkgs
CVE-2013-10005 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 1 year ago by @LeSuisse Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago Infinite loop in github.com/btcsuite/go-socks The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. Affected products github.com/btcsuite/go-socks <0.0.0-20130808000456-233bccbb1abe github.com/btcsuitereleases/go-socks <0.0.0-20130808000456-233bccbb1abe Matching in nixpkgs
CVE-2024-52337 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE updated 1 year ago by @LeSuisse Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago CVE Program Container None Affected products tuned <2.24.1 * Matching in nixpkgs
CVE-2024-49506 0.0 NONE CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): NONE updated 1 year ago by @LeSuisse Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago Fixed temporary file path in aeon-checks allows fixing of disk encryption key Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem Affected products tik <1.2.4 aeon-check <1.0.2 Matching in nixpkgs
CVE-2024-52336 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 year ago by @LeSuisse Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. Affected products tuned <2.24.1 * Matching in nixpkgs
CVE-2024-8553 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 year ago by @LeSuisse Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago Foreman: read-only access to entire db from templates A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. Affected products foreman * Matching in nixpkgs
CVE-2023-27456 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 1 year ago by @LeSuisse Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. Affected products total =<2.1.19 Matching in nixpkgs pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2 pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6 pkgs.emacsPackages.total-lines nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239 pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12 pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3 pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 Package maintainers: 6 @Gabriella439 Gabriella Gonzalez <GenuineGabriella@gmail.com> @dotlambda Robert Schütz <rschuetz17@gmail.com> @michalrus Michal Rus <m@michalrus.com> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @Mic92 Jörg Thalheim <joerg@thalheim.io> @fabaff Fabian Affolter <mail@fabian-affolter.ch>
pkgs.autotalent Real-time pitch correction LADSPA plugin (no MIDI control) nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2
pkgs.haskellPackages.total Exhaustive pattern matching using lenses, traversals, and prisms nixos-unstable 1.0.6 nixos-unstable-small 1.0.6 nixpkgs-unstable 1.0.6
pkgs.emacsPackages.total-lines nixos-unstable 20171227.1239 nixos-unstable-small 20171227.1239 nixpkgs-unstable 20171227.1239
pkgs.haskellPackages.total-alternative Alternative interface for total versions of partial function on the Prelude nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1
pkgs.python311Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12
pkgs.python312Packages.total-connect-client Interact with Total Connect 2 alarm systems nixos-unstable 2024.12 nixos-unstable-small 2024.12 nixpkgs-unstable 2024.12
pkgs.home-assistant-component-tests.totalconnect Open source home automation that puts local control and privacy first nixos-unstable 2024.11.3 nixos-unstable-small 2024.11.3 nixpkgs-unstable 2024.11.3
pkgs.python312Packages.total-connect-client.x86_64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.aarch64-linux Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.x86_64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
pkgs.python312Packages.total-connect-client.aarch64-darwin Interact with Total Connect 2 alarm systems nixos-unstable 2024.12
CVE-2024-54245 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 year ago by @LeSuisse Activity log Created automatic suggestion 1 year ago @LeSuisse dismissed 1 year ago WordPress Clients plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4. Affected products clients =<1.1.4 Matching in nixpkgs pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3 pkgs.xorg.xlsclients nixos-unstable 1.1.5 nixos-unstable-small 1.1.5 nixpkgs-unstable 1.1.5 pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0 Package maintainers: 1 @leenaars Michiel Leenaars <ml.software@leenaa.rs>
pkgs.argus-clients Clients for ARGUS nixos-unstable 3.0.8.3 nixos-unstable-small 3.0.8.3 nixpkgs-unstable 3.0.8.3
pkgs.haskellPackages.clientsession Securely store session data in a client-side cookie nixos-unstable 0.9.2.0 nixos-unstable-small 0.9.2.0 nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.wai-session-clientsession Session store based on clientsession nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
pkgs.haskellPackages.clientsession.x86_64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-linux Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.x86_64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.clientsession.aarch64-darwin Securely store session data in a client-side cookie nixos-unstable ??? nixpkgs-unstable 0.9.2.0