Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2024-2496 5.0 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 2 weeks ago Libvirt: null pointer dereference in udevconnectlistallinterfaces() A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. libvirt <9.7.0 * virt:av/libvirt virt:rhel/libvirt pkgs.libvirt Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.libvirt-glib Library for working with virtual machines nixos-unstable 5.0.0 nixos-unstable-small 5.0.0 nixpkgs-unstable 5.0.0 pkgs.libvirt.x86_64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.x86_64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt-glib.x86_64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.python311Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.python312Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.rubyPackages.ruby-libvirt nixos-unstable ??? nixos-unstable-small 0.8.2 pkgs.libvirt-glib.aarch64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.x86_64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.aarch64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.prometheus-libvirt-exporter Prometheus metrics exporter for libvirt nixos-unstable 2.3.3 nixos-unstable-small 2.3.3 nixpkgs-unstable 2.3.3 pkgs.terraform-providers.libvirt nixos-unstable 0.8.1 nixos-unstable-small 0.8.1 nixpkgs-unstable 0.8.1 pkgs.rubyPackages_3_1.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.python312Packages.libvirt.x86_64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.x86_64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 Package maintainers: 4 @farcaller Vladimir Pouzanov <farcaller@gmail.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @lovesegfault Bernardo Meurer <meurerbernardo@gmail.com> @globin Robin Gloster <mail@glob.in> CVE-2025-31375 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 months, 2 weeks ago WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0. scheduled =<1.0 pkgs.azure-cli-extensions.scheduled-query Microsoft Azure Command-Line Tools Scheduled_query Extension nixos-unstable 1.0.0b1 nixos-unstable-small 1.0.0b1 nixpkgs-unstable 1.0.0b1 Package maintainers: 2 @katexochen Paul Meyer <katexochen0@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com> CVE-2023-23457 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 months, 2 weeks ago Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. upx * pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4 CVE-2025-3359 6.2 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 2 weeks ago Gnuplot: segmentation fault via io_str_init_static_internal function A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. gnuplot <6.1 pkgs.gnuplot Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.gnuplot_qt Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.feedgnuplot General purpose pipe-oriented plotting tool nixos-unstable 1.61 nixos-unstable-small 1.61 nixpkgs-unstable 1.61 pkgs.gnuplot_aquaterm Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.emacsPackages.gnuplot nixos-unstable 20240914.1522 nixos-unstable-small 20240914.1522 nixpkgs-unstable 20240914.1522 pkgs.haskellPackages.gnuplot 2D and 3D plots using gnuplot nixos-unstable 0.5.7 nixos-unstable-small 0.5.7 nixpkgs-unstable 0.5.7 pkgs.emacsPackages.gnuplot-mode nixos-unstable 20171013.1616 nixos-unstable-small 20171013.1616 nixpkgs-unstable 20171013.1616 pkgs.haskellPackages.gnuplot.x86_64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.x86_64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe A simple interface to Gnuplot nixos-unstable 0.4.2 nixos-unstable-small 0.4.2 nixpkgs-unstable 0.4.2 pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot nixos-unstable ??? nixos-unstable-small nixpkgs-unstable Package maintainers: 3 @lovek323 Jason O'Conal <jason@oconal.id.au> @mnacamura Mitsuhiro Nakamura <m.nacamura@gmail.com> @thielema Henning Thielemann <nix@henning-thielemann.de> CVE-2025-3360 3.7 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 6 months, 2 weeks ago Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. glib <2.82.5 bootc glib2 loupe librsvg2 mingw-glib2 glycin-loaders pkgs.bootc Boot and upgrade via container images nixos-unstable 1.1.2 nixos-unstable-small 1.1.2 nixpkgs-unstable 1.1.2 pkgs.mlxbf-bootctl Control BlueField boot partitions nixos-unstable 1.1-6 nixos-unstable-small 1.1-6 nixpkgs-unstable 1.1-6 pkgs.rubyPackages.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 pkgs.rubyPackages_3_1.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 Package maintainers: 2 @Thesola10 Karim Vergnes <me@thesola.io> @nikstur nikstur <nikstur@outlook.com> CVE-2025-30195 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 2 weeks ago A crafted zone can lead to an illegal memory access in the PowerDNS Recursor An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention. pdns-recursor ==5.2.0 pkgs.pdns-recursor Recursive DNS server nixos-unstable 5.1.2 nixos-unstable-small 5.1.2 nixpkgs-unstable 5.1.2 Package maintainers: 1 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org> CVE-2025-2784 7.0 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): HIGH created 6 months, 3 weeks ago Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. libsoup <3.6.5 * libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> CVE-2025-32050 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 3 weeks ago Libsoup: integer overflow in append_param_quoted A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. libsoup * <3.6.1 libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> CVE-2025-32049 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 3 weeks ago Libsoup: denial of service attack to websocket server A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). libsoup * =<3.6.4 libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> CVE-2025-32052 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): LOW created 6 months, 3 weeks ago Libsoup: heap buffer overflow in sniff_unknown() A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. libsoup * <3.6.1 libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
CVE-2024-2496 5.0 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 2 weeks ago Libvirt: null pointer dereference in udevconnectlistallinterfaces() A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. libvirt <9.7.0 * virt:av/libvirt virt:rhel/libvirt pkgs.libvirt Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.libvirt-glib Library for working with virtual machines nixos-unstable 5.0.0 nixos-unstable-small 5.0.0 nixpkgs-unstable 5.0.0 pkgs.libvirt.x86_64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.x86_64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt.aarch64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0 pkgs.libvirt-glib.x86_64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.python311Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.python312Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0 pkgs.rubyPackages.ruby-libvirt nixos-unstable ??? nixos-unstable-small 0.8.2 pkgs.libvirt-glib.aarch64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.x86_64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.libvirt-glib.aarch64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0 pkgs.prometheus-libvirt-exporter Prometheus metrics exporter for libvirt nixos-unstable 2.3.3 nixos-unstable-small 2.3.3 nixpkgs-unstable 2.3.3 pkgs.terraform-providers.libvirt nixos-unstable 0.8.1 nixos-unstable-small 0.8.1 nixpkgs-unstable 0.8.1 pkgs.rubyPackages_3_1.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2 pkgs.python312Packages.libvirt.x86_64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-linux libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.x86_64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.python312Packages.libvirt.aarch64-darwin libvirt Python bindings nixos-unstable 10.10.0 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-linux nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-darwin nixos-unstable 0.8.2 Package maintainers: 4 @farcaller Vladimir Pouzanov <farcaller@gmail.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @lovesegfault Bernardo Meurer <meurerbernardo@gmail.com> @globin Robin Gloster <mail@glob.in>
pkgs.libvirt Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0
pkgs.libvirt-glib Library for working with virtual machines nixos-unstable 5.0.0 nixos-unstable-small 5.0.0 nixpkgs-unstable 5.0.0
pkgs.libvirt.x86_64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt.aarch64-linux Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt.x86_64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt.aarch64-darwin Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes nixos-unstable ??? nixos-unstable-small 10.10.0
pkgs.libvirt-glib.x86_64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.python311Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0
pkgs.python312Packages.libvirt libvirt Python bindings nixos-unstable 10.10.0 nixos-unstable-small 10.10.0 nixpkgs-unstable 10.10.0
pkgs.libvirt-glib.aarch64-linux Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.libvirt-glib.x86_64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.libvirt-glib.aarch64-darwin Library for working with virtual machines nixos-unstable ??? nixos-unstable-small 5.0.0
pkgs.prometheus-libvirt-exporter Prometheus metrics exporter for libvirt nixos-unstable 2.3.3 nixos-unstable-small 2.3.3 nixpkgs-unstable 2.3.3
pkgs.terraform-providers.libvirt nixos-unstable 0.8.1 nixos-unstable-small 0.8.1 nixpkgs-unstable 0.8.1
pkgs.rubyPackages_3_1.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
pkgs.rubyPackages_3_2.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
pkgs.rubyPackages_3_3.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
pkgs.rubyPackages_3_4.ruby-libvirt nixos-unstable 0.8.2 nixos-unstable-small 0.8.2 nixpkgs-unstable 0.8.2
CVE-2025-31375 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 months, 2 weeks ago WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0. scheduled =<1.0 pkgs.azure-cli-extensions.scheduled-query Microsoft Azure Command-Line Tools Scheduled_query Extension nixos-unstable 1.0.0b1 nixos-unstable-small 1.0.0b1 nixpkgs-unstable 1.0.0b1 Package maintainers: 2 @katexochen Paul Meyer <katexochen0@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
pkgs.azure-cli-extensions.scheduled-query Microsoft Azure Command-Line Tools Scheduled_query Extension nixos-unstable 1.0.0b1 nixos-unstable-small 1.0.0b1 nixpkgs-unstable 1.0.0b1
CVE-2023-23457 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 6 months, 2 weeks ago Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. upx * pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
pkgs.upx Ultimate Packer for eXecutables nixos-unstable 4.2.4 nixos-unstable-small 4.2.4 nixpkgs-unstable 4.2.4
CVE-2025-3359 6.2 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 2 weeks ago Gnuplot: segmentation fault via io_str_init_static_internal function A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. gnuplot <6.1 pkgs.gnuplot Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.gnuplot_qt Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.feedgnuplot General purpose pipe-oriented plotting tool nixos-unstable 1.61 nixos-unstable-small 1.61 nixpkgs-unstable 1.61 pkgs.gnuplot_aquaterm Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1 pkgs.emacsPackages.gnuplot nixos-unstable 20240914.1522 nixos-unstable-small 20240914.1522 nixpkgs-unstable 20240914.1522 pkgs.haskellPackages.gnuplot 2D and 3D plots using gnuplot nixos-unstable 0.5.7 nixos-unstable-small 0.5.7 nixpkgs-unstable 0.5.7 pkgs.emacsPackages.gnuplot-mode nixos-unstable 20171013.1616 nixos-unstable-small 20171013.1616 nixpkgs-unstable 20171013.1616 pkgs.haskellPackages.gnuplot.x86_64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.x86_64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.haskellPackages.gnuplot.aarch64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7 pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe A simple interface to Gnuplot nixos-unstable 0.4.2 nixos-unstable-small 0.4.2 nixpkgs-unstable 0.4.2 pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot nixos-unstable ??? nixos-unstable-small nixpkgs-unstable Package maintainers: 3 @lovek323 Jason O'Conal <jason@oconal.id.au> @mnacamura Mitsuhiro Nakamura <m.nacamura@gmail.com> @thielema Henning Thielemann <nix@henning-thielemann.de>
pkgs.gnuplot Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1
pkgs.gnuplot_qt Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1
pkgs.feedgnuplot General purpose pipe-oriented plotting tool nixos-unstable 1.61 nixos-unstable-small 1.61 nixpkgs-unstable 1.61
pkgs.gnuplot_aquaterm Portable command-line driven graphing utility for many platforms nixos-unstable 6.0.1 nixos-unstable-small 6.0.1 nixpkgs-unstable 6.0.1
pkgs.emacsPackages.gnuplot nixos-unstable 20240914.1522 nixos-unstable-small 20240914.1522 nixpkgs-unstable 20240914.1522
pkgs.haskellPackages.gnuplot 2D and 3D plots using gnuplot nixos-unstable 0.5.7 nixos-unstable-small 0.5.7 nixpkgs-unstable 0.5.7
pkgs.emacsPackages.gnuplot-mode nixos-unstable 20171013.1616 nixos-unstable-small 20171013.1616 nixpkgs-unstable 20171013.1616
pkgs.haskellPackages.gnuplot.x86_64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.haskellPackages.gnuplot.aarch64-linux 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.haskellPackages.gnuplot.x86_64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.haskellPackages.gnuplot.aarch64-darwin 2D and 3D plots using gnuplot nixos-unstable ??? nixpkgs-unstable 0.5.7
pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe A simple interface to Gnuplot nixos-unstable 0.4.2 nixos-unstable-small 0.4.2 nixpkgs-unstable 0.4.2
pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot nixos-unstable ??? nixos-unstable-small nixpkgs-unstable
CVE-2025-3360 3.7 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 6 months, 2 weeks ago Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. glib <2.82.5 bootc glib2 loupe librsvg2 mingw-glib2 glycin-loaders pkgs.bootc Boot and upgrade via container images nixos-unstable 1.1.2 nixos-unstable-small 1.1.2 nixpkgs-unstable 1.1.2 pkgs.mlxbf-bootctl Control BlueField boot partitions nixos-unstable 1.1-6 nixos-unstable-small 1.1-6 nixpkgs-unstable 1.1-6 pkgs.rubyPackages.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 pkgs.rubyPackages_3_1.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-linux nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.x86_64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_1.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_2.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_3.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 pkgs.rubyPackages_3_4.glib2.aarch64-darwin nixos-unstable glib2-4.2.1 Package maintainers: 2 @Thesola10 Karim Vergnes <me@thesola.io> @nikstur nikstur <nikstur@outlook.com>
pkgs.bootc Boot and upgrade via container images nixos-unstable 1.1.2 nixos-unstable-small 1.1.2 nixpkgs-unstable 1.1.2
pkgs.mlxbf-bootctl Control BlueField boot partitions nixos-unstable 1.1-6 nixos-unstable-small 1.1-6 nixpkgs-unstable 1.1-6
pkgs.rubyPackages_3_1.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
pkgs.rubyPackages_3_2.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
pkgs.rubyPackages_3_3.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
pkgs.rubyPackages_3_4.glib2 nixos-unstable glib2-4.2.1 nixos-unstable-small glib2-4.2.1 nixpkgs-unstable glib2-4.2.1
CVE-2025-30195 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 2 weeks ago A crafted zone can lead to an illegal memory access in the PowerDNS Recursor An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention. pdns-recursor ==5.2.0 pkgs.pdns-recursor Recursive DNS server nixos-unstable 5.1.2 nixos-unstable-small 5.1.2 nixpkgs-unstable 5.1.2 Package maintainers: 1 @rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
pkgs.pdns-recursor Recursive DNS server nixos-unstable 5.1.2 nixos-unstable-small 5.1.2 nixpkgs-unstable 5.1.2
CVE-2025-2784 7.0 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): HIGH created 6 months, 3 weeks ago Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. libsoup <3.6.5 * libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32050 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 3 weeks ago Libsoup: integer overflow in append_param_quoted A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. libsoup * <3.6.1 libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32049 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 6 months, 3 weeks ago Libsoup: denial of service attack to websocket server A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). libsoup * =<3.6.4 libsoup3 * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-32052 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): LOW created 6 months, 3 weeks ago Libsoup: heap buffer overflow in sniff_unknown() A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. libsoup * <3.6.1 libsoup3 mingw-freetype * spice-client-win * pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4