Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-26601 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 8 months ago Xorg: xwayland: use-after-free in syncinittrigger() A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2023-28331 6.1 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 8 months ago Moodle: xss risk when outputting database activity filter data Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. moodle <4.0.7 <4.1.2 <3.9.20 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2025-26598 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 8 months ago Xorg: xwayland: out-of-bounds write in createpointerbarrierclient() An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 CVE-2025-0838 created 8 months ago Heap Buffer overflow in Abseil There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 abseil-cpp <5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 pkgs.abseil-cpp_202103 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20210324.2 nixos-unstable-small 20210324.2 nixpkgs-unstable 20210324.2 pkgs.abseil-cpp_202301 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20230125.4 nixos-unstable-small 20230125.4 nixpkgs-unstable 20230125.4 pkgs.abseil-cpp_202401 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20240116.2 nixos-unstable-small 20240116.2 nixpkgs-unstable 20240116.2 pkgs.abseil-cpp_202407 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20240722.0 nixos-unstable-small 20240722.0 nixpkgs-unstable 20240722.0 Package maintainers: 2 @GaetanLepage Gaetan Lepage <gaetan@glepage.com> @andersk Anders Kaseorg <andersk@mit.edu> CVE-2022-46848 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 8 months ago WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS) Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions. visualizer =<3.9.1 pkgs.cli-visualizer CLI based audio visualizer nixos-unstable 1.8 nixos-unstable-small 1.8 nixpkgs-unstable 1.8 pkgs.midivisualizer Small MIDI visualizer tool, using OpenGL nixos-unstable 7.0 nixos-unstable-small 7.0 nixpkgs-unstable 7.0 pkgs.massif-visualizer Tool that visualizes massif data generated by valgrind nixos-unstable 0.7.0 nixos-unstable-small 0.7.0 nixpkgs-unstable 0.7.0 pkgs.mpvScripts.visualizer various audio visualization nixos-unstable 0-unstable-2024-09-26 nixos-unstable-small 0-unstable-2024-09-26 nixpkgs-unstable 0-unstable-2024-09-26 pkgs.precice-config-visualizer Small python tool for visualizing the preCICE xml configuration nixos-unstable 2022-02-23 nixos-unstable-small 2022-02-23 nixpkgs-unstable 2022-02-23 pkgs.kdePackages.massif-visualizer Visualizer for Valgrind Massif data files nixos-unstable 24.08.3 nixos-unstable-small 24.08.3 nixpkgs-unstable 24.08.3 pkgs.gnomeExtensions.sound-visualizer A Real Time Sound Visualizer Based On Gstreamer nixos-unstable 8 nixos-unstable-small 8 nixpkgs-unstable 8 Package maintainers: 13 @zraexy David Mell <zraexy@gmail.com> @honnip Jung seungwoo <me@honnip.page> @kmein Kierán Meinhardt <kmein@posteo.de> @NickCao Nick Cao <nickcao@nichi.co> @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @mjm Matt Moriarity <matt@mattmoriarity.com> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @K900 Ilya K. <me@0upti.me> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @matthiasbeyer Matthias Beyer <mail@beyermatthias.de> @ericdallo Eric Dallo <ercdll1337@gmail.com> @Scriptkiddi Fritz Otlinghaus <nixos@scriptkiddi.de> CVE-2023-23708 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 8 months ago WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS) Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions. visualizer =<3.9.4 pkgs.cli-visualizer CLI based audio visualizer nixos-unstable 1.8 nixos-unstable-small 1.8 nixpkgs-unstable 1.8 pkgs.midivisualizer Small MIDI visualizer tool, using OpenGL nixos-unstable 7.0 nixos-unstable-small 7.0 nixpkgs-unstable 7.0 pkgs.massif-visualizer Tool that visualizes massif data generated by valgrind nixos-unstable 0.7.0 nixos-unstable-small 0.7.0 nixpkgs-unstable 0.7.0 pkgs.mpvScripts.visualizer various audio visualization nixos-unstable 0-unstable-2024-09-26 nixos-unstable-small 0-unstable-2024-09-26 nixpkgs-unstable 0-unstable-2024-09-26 pkgs.precice-config-visualizer Small python tool for visualizing the preCICE xml configuration nixos-unstable 2022-02-23 nixos-unstable-small 2022-02-23 nixpkgs-unstable 2022-02-23 pkgs.kdePackages.massif-visualizer Visualizer for Valgrind Massif data files nixos-unstable 24.08.3 nixos-unstable-small 24.08.3 nixpkgs-unstable 24.08.3 pkgs.gnomeExtensions.sound-visualizer A Real Time Sound Visualizer Based On Gstreamer nixos-unstable 8 nixos-unstable-small 8 nixpkgs-unstable 8 Package maintainers: 13 @zraexy David Mell <zraexy@gmail.com> @honnip Jung seungwoo <me@honnip.page> @kmein Kierán Meinhardt <kmein@posteo.de> @NickCao Nick Cao <nickcao@nichi.co> @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @mjm Matt Moriarity <matt@mattmoriarity.com> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @K900 Ilya K. <me@0upti.me> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @matthiasbeyer Matthias Beyer <mail@beyermatthias.de> @ericdallo Eric Dallo <ercdll1337@gmail.com> @Scriptkiddi Fritz Otlinghaus <nixos@scriptkiddi.de> CVE-2023-47238 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 8 months ago WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. top-10 =<3.3.2 pkgs.budgie-desktop Feature-rich, modern desktop designed to keep out the way of the user nixos-unstable 10.9.2 nixos-unstable-small 10.9.2 nixpkgs-unstable 10.9.2 pkgs.gnomeExtensions.pip-on-top Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too. nixos-unstable 10 nixos-unstable-small 10 nixpkgs-unstable 10 pkgs.gnomeExtensions.show-apps-at-top Put show apps icon at top in Gnome default dash nixos-unstable 10 nixpkgs-unstable 10 Package maintainers: 3 @honnip Jung seungwoo <me@honnip.page> @bobby285271 Bobby Rong <rjl931189261@126.com> @getchoo Seth Flynn <getchoo@tuta.io> CVE-2023-26008 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 8 months ago WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions. top-10 =<3.2.4 pkgs.budgie-desktop Feature-rich, modern desktop designed to keep out the way of the user nixos-unstable 10.9.2 nixos-unstable-small 10.9.2 nixpkgs-unstable 10.9.2 pkgs.gnomeExtensions.pip-on-top Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too. nixos-unstable 10 nixos-unstable-small 10 nixpkgs-unstable 10 pkgs.gnomeExtensions.show-apps-at-top Put show apps icon at top in Gnome default dash nixos-unstable 10 nixpkgs-unstable 10 Package maintainers: 3 @honnip Jung seungwoo <me@honnip.page> @bobby285271 Bobby Rong <rjl931189261@126.com> @getchoo Seth Flynn <getchoo@tuta.io> CVE-2025-26465 6.8 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 8 months, 1 week ago Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. rhcos OpenSSH =<9.9p1 openssh * registry.redhat.io/discovery/discovery-server-rhel9 * pkgs.openssh Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.opensshTest Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_hpn Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_gssapi Implementation of the SSH protocol with GSSAPI support nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.opensshWithKerberos Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_hpnWithKerberos Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.lxqt.lxqt-openssh-askpass GUI to query passwords on behalf of SSH agents nixos-unstable 2.1.0 nixos-unstable-small 2.1.0 nixpkgs-unstable 2.1.0 Package maintainers: 6 @Conni2461 Simon Hauser <simon-hauser@outlook.com> @helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de> @dasJ Janne Heß <janne@hess.ooo> @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @wahjava Ashish SHUKLA <ashish.is@lostca.se> @romildo José Romildo Malaquias <malaquias@gmail.com> CVE-2024-1062 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 8 months, 1 week ago 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. 389-ds:1.4 * 389-ds-base <2.2.* * =<2.2.* redhat-ds:11 * redhat-ds:12 * 389-ds:1.4/389-ds-base redhat-ds:11/389-ds-base redhat-ds:12/389-ds-base pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable 3.1.1 nixos-unstable-small 3.1.1 nixpkgs-unstable 3.1.1 Package maintainers: 1 @ners ners <ners@gmx.ch>
CVE-2025-26601 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 8 months ago Xorg: xwayland: use-after-free in syncinittrigger() A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2023-28331 6.1 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 8 months ago Moodle: xss risk when outputting database activity filter data Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. moodle <4.0.7 <4.1.2 <3.9.20 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
CVE-2025-26598 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 8 months ago Xorg: xwayland: out-of-bounds write in createpointerbarrierclient() An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-0838 created 8 months ago Heap Buffer overflow in Abseil There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 abseil-cpp <5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 pkgs.abseil-cpp_202103 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20210324.2 nixos-unstable-small 20210324.2 nixpkgs-unstable 20210324.2 pkgs.abseil-cpp_202301 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20230125.4 nixos-unstable-small 20230125.4 nixpkgs-unstable 20230125.4 pkgs.abseil-cpp_202401 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20240116.2 nixos-unstable-small 20240116.2 nixpkgs-unstable 20240116.2 pkgs.abseil-cpp_202407 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20240722.0 nixos-unstable-small 20240722.0 nixpkgs-unstable 20240722.0 Package maintainers: 2 @GaetanLepage Gaetan Lepage <gaetan@glepage.com> @andersk Anders Kaseorg <andersk@mit.edu>
pkgs.abseil-cpp_202103 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20210324.2 nixos-unstable-small 20210324.2 nixpkgs-unstable 20210324.2
pkgs.abseil-cpp_202301 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20230125.4 nixos-unstable-small 20230125.4 nixpkgs-unstable 20230125.4
pkgs.abseil-cpp_202401 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20240116.2 nixos-unstable-small 20240116.2 nixpkgs-unstable 20240116.2
pkgs.abseil-cpp_202407 Open-source collection of C++ code designed to augment the C++ standard library nixos-unstable 20240722.0 nixos-unstable-small 20240722.0 nixpkgs-unstable 20240722.0
CVE-2022-46848 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 8 months ago WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS) Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions. visualizer =<3.9.1 pkgs.cli-visualizer CLI based audio visualizer nixos-unstable 1.8 nixos-unstable-small 1.8 nixpkgs-unstable 1.8 pkgs.midivisualizer Small MIDI visualizer tool, using OpenGL nixos-unstable 7.0 nixos-unstable-small 7.0 nixpkgs-unstable 7.0 pkgs.massif-visualizer Tool that visualizes massif data generated by valgrind nixos-unstable 0.7.0 nixos-unstable-small 0.7.0 nixpkgs-unstable 0.7.0 pkgs.mpvScripts.visualizer various audio visualization nixos-unstable 0-unstable-2024-09-26 nixos-unstable-small 0-unstable-2024-09-26 nixpkgs-unstable 0-unstable-2024-09-26 pkgs.precice-config-visualizer Small python tool for visualizing the preCICE xml configuration nixos-unstable 2022-02-23 nixos-unstable-small 2022-02-23 nixpkgs-unstable 2022-02-23 pkgs.kdePackages.massif-visualizer Visualizer for Valgrind Massif data files nixos-unstable 24.08.3 nixos-unstable-small 24.08.3 nixpkgs-unstable 24.08.3 pkgs.gnomeExtensions.sound-visualizer A Real Time Sound Visualizer Based On Gstreamer nixos-unstable 8 nixos-unstable-small 8 nixpkgs-unstable 8 Package maintainers: 13 @zraexy David Mell <zraexy@gmail.com> @honnip Jung seungwoo <me@honnip.page> @kmein Kierán Meinhardt <kmein@posteo.de> @NickCao Nick Cao <nickcao@nichi.co> @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @mjm Matt Moriarity <matt@mattmoriarity.com> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @K900 Ilya K. <me@0upti.me> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @matthiasbeyer Matthias Beyer <mail@beyermatthias.de> @ericdallo Eric Dallo <ercdll1337@gmail.com> @Scriptkiddi Fritz Otlinghaus <nixos@scriptkiddi.de>
pkgs.cli-visualizer CLI based audio visualizer nixos-unstable 1.8 nixos-unstable-small 1.8 nixpkgs-unstable 1.8
pkgs.midivisualizer Small MIDI visualizer tool, using OpenGL nixos-unstable 7.0 nixos-unstable-small 7.0 nixpkgs-unstable 7.0
pkgs.massif-visualizer Tool that visualizes massif data generated by valgrind nixos-unstable 0.7.0 nixos-unstable-small 0.7.0 nixpkgs-unstable 0.7.0
pkgs.mpvScripts.visualizer various audio visualization nixos-unstable 0-unstable-2024-09-26 nixos-unstable-small 0-unstable-2024-09-26 nixpkgs-unstable 0-unstable-2024-09-26
pkgs.precice-config-visualizer Small python tool for visualizing the preCICE xml configuration nixos-unstable 2022-02-23 nixos-unstable-small 2022-02-23 nixpkgs-unstable 2022-02-23
pkgs.kdePackages.massif-visualizer Visualizer for Valgrind Massif data files nixos-unstable 24.08.3 nixos-unstable-small 24.08.3 nixpkgs-unstable 24.08.3
pkgs.gnomeExtensions.sound-visualizer A Real Time Sound Visualizer Based On Gstreamer nixos-unstable 8 nixos-unstable-small 8 nixpkgs-unstable 8
CVE-2023-23708 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 8 months ago WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS) Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions. visualizer =<3.9.4 pkgs.cli-visualizer CLI based audio visualizer nixos-unstable 1.8 nixos-unstable-small 1.8 nixpkgs-unstable 1.8 pkgs.midivisualizer Small MIDI visualizer tool, using OpenGL nixos-unstable 7.0 nixos-unstable-small 7.0 nixpkgs-unstable 7.0 pkgs.massif-visualizer Tool that visualizes massif data generated by valgrind nixos-unstable 0.7.0 nixos-unstable-small 0.7.0 nixpkgs-unstable 0.7.0 pkgs.mpvScripts.visualizer various audio visualization nixos-unstable 0-unstable-2024-09-26 nixos-unstable-small 0-unstable-2024-09-26 nixpkgs-unstable 0-unstable-2024-09-26 pkgs.precice-config-visualizer Small python tool for visualizing the preCICE xml configuration nixos-unstable 2022-02-23 nixos-unstable-small 2022-02-23 nixpkgs-unstable 2022-02-23 pkgs.kdePackages.massif-visualizer Visualizer for Valgrind Massif data files nixos-unstable 24.08.3 nixos-unstable-small 24.08.3 nixpkgs-unstable 24.08.3 pkgs.gnomeExtensions.sound-visualizer A Real Time Sound Visualizer Based On Gstreamer nixos-unstable 8 nixos-unstable-small 8 nixpkgs-unstable 8 Package maintainers: 13 @zraexy David Mell <zraexy@gmail.com> @honnip Jung seungwoo <me@honnip.page> @kmein Kierán Meinhardt <kmein@posteo.de> @NickCao Nick Cao <nickcao@nichi.co> @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @mjm Matt Moriarity <matt@mattmoriarity.com> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @K900 Ilya K. <me@0upti.me> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @matthiasbeyer Matthias Beyer <mail@beyermatthias.de> @ericdallo Eric Dallo <ercdll1337@gmail.com> @Scriptkiddi Fritz Otlinghaus <nixos@scriptkiddi.de>
pkgs.cli-visualizer CLI based audio visualizer nixos-unstable 1.8 nixos-unstable-small 1.8 nixpkgs-unstable 1.8
pkgs.midivisualizer Small MIDI visualizer tool, using OpenGL nixos-unstable 7.0 nixos-unstable-small 7.0 nixpkgs-unstable 7.0
pkgs.massif-visualizer Tool that visualizes massif data generated by valgrind nixos-unstable 0.7.0 nixos-unstable-small 0.7.0 nixpkgs-unstable 0.7.0
pkgs.mpvScripts.visualizer various audio visualization nixos-unstable 0-unstable-2024-09-26 nixos-unstable-small 0-unstable-2024-09-26 nixpkgs-unstable 0-unstable-2024-09-26
pkgs.precice-config-visualizer Small python tool for visualizing the preCICE xml configuration nixos-unstable 2022-02-23 nixos-unstable-small 2022-02-23 nixpkgs-unstable 2022-02-23
pkgs.kdePackages.massif-visualizer Visualizer for Valgrind Massif data files nixos-unstable 24.08.3 nixos-unstable-small 24.08.3 nixpkgs-unstable 24.08.3
pkgs.gnomeExtensions.sound-visualizer A Real Time Sound Visualizer Based On Gstreamer nixos-unstable 8 nixos-unstable-small 8 nixpkgs-unstable 8
CVE-2023-47238 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 8 months ago WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. top-10 =<3.3.2 pkgs.budgie-desktop Feature-rich, modern desktop designed to keep out the way of the user nixos-unstable 10.9.2 nixos-unstable-small 10.9.2 nixpkgs-unstable 10.9.2 pkgs.gnomeExtensions.pip-on-top Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too. nixos-unstable 10 nixos-unstable-small 10 nixpkgs-unstable 10 pkgs.gnomeExtensions.show-apps-at-top Put show apps icon at top in Gnome default dash nixos-unstable 10 nixpkgs-unstable 10 Package maintainers: 3 @honnip Jung seungwoo <me@honnip.page> @bobby285271 Bobby Rong <rjl931189261@126.com> @getchoo Seth Flynn <getchoo@tuta.io>
pkgs.budgie-desktop Feature-rich, modern desktop designed to keep out the way of the user nixos-unstable 10.9.2 nixos-unstable-small 10.9.2 nixpkgs-unstable 10.9.2
pkgs.gnomeExtensions.pip-on-top Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too. nixos-unstable 10 nixos-unstable-small 10 nixpkgs-unstable 10
pkgs.gnomeExtensions.show-apps-at-top Put show apps icon at top in Gnome default dash nixos-unstable 10 nixpkgs-unstable 10
CVE-2023-26008 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 8 months ago WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions. top-10 =<3.2.4 pkgs.budgie-desktop Feature-rich, modern desktop designed to keep out the way of the user nixos-unstable 10.9.2 nixos-unstable-small 10.9.2 nixpkgs-unstable 10.9.2 pkgs.gnomeExtensions.pip-on-top Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too. nixos-unstable 10 nixos-unstable-small 10 nixpkgs-unstable 10 pkgs.gnomeExtensions.show-apps-at-top Put show apps icon at top in Gnome default dash nixos-unstable 10 nixpkgs-unstable 10 Package maintainers: 3 @honnip Jung seungwoo <me@honnip.page> @bobby285271 Bobby Rong <rjl931189261@126.com> @getchoo Seth Flynn <getchoo@tuta.io>
pkgs.budgie-desktop Feature-rich, modern desktop designed to keep out the way of the user nixos-unstable 10.9.2 nixos-unstable-small 10.9.2 nixpkgs-unstable 10.9.2
pkgs.gnomeExtensions.pip-on-top Makes "Picture-in-Picture" windows stay on top (even on Wayland session). Compatible with Firefox, but may work with few other browsers too. nixos-unstable 10 nixos-unstable-small 10 nixpkgs-unstable 10
pkgs.gnomeExtensions.show-apps-at-top Put show apps icon at top in Gnome default dash nixos-unstable 10 nixpkgs-unstable 10
CVE-2025-26465 6.8 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 8 months, 1 week ago Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. rhcos OpenSSH =<9.9p1 openssh * registry.redhat.io/discovery/discovery-server-rhel9 * pkgs.openssh Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.opensshTest Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_hpn Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_gssapi Implementation of the SSH protocol with GSSAPI support nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.opensshWithKerberos Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_hpnWithKerberos Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.lxqt.lxqt-openssh-askpass GUI to query passwords on behalf of SSH agents nixos-unstable 2.1.0 nixos-unstable-small 2.1.0 nixpkgs-unstable 2.1.0 Package maintainers: 6 @Conni2461 Simon Hauser <simon-hauser@outlook.com> @helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de> @dasJ Janne Heß <janne@hess.ooo> @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @wahjava Ashish SHUKLA <ashish.is@lostca.se> @romildo José Romildo Malaquias <malaquias@gmail.com>
pkgs.openssh Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.opensshTest Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.openssh_hpn Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.openssh_gssapi Implementation of the SSH protocol with GSSAPI support nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.opensshWithKerberos Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.openssh_hpnWithKerberos Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.lxqt.lxqt-openssh-askpass GUI to query passwords on behalf of SSH agents nixos-unstable 2.1.0 nixos-unstable-small 2.1.0 nixpkgs-unstable 2.1.0
CVE-2024-1062 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 8 months, 1 week ago 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. 389-ds:1.4 * 389-ds-base <2.2.* * =<2.2.* redhat-ds:11 * redhat-ds:12 * 389-ds:1.4/389-ds-base redhat-ds:11/389-ds-base redhat-ds:12/389-ds-base pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable 3.1.1 nixos-unstable-small 3.1.1 nixpkgs-unstable 3.1.1 Package maintainers: 1 @ners ners <ners@gmx.ch>
pkgs._389-ds-base Enterprise-class Open Source LDAP server for Linux nixos-unstable 3.1.1 nixos-unstable-small 3.1.1 nixpkgs-unstable 3.1.1