diff --git a/reports/ghaf-23.06/data.csv b/reports/ghaf-23.06/data.csv index de33212..1d76db9 100644 --- a/reports/ghaf-23.06/data.csv +++ b/reports/ghaf-23.06/data.csv @@ -1,16 +1,16 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-j7hp-h8jx-5ppr","https://osv.dev/GHSA-j7hp-h8jx-5ppr","electron","","25.1.1","28.1.3","28.2.0","electron","2024A1704672000","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.0","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-j7hp-h8jx-5ppr","https://osv.dev/GHSA-j7hp-h8jx-5ppr","electron","","25.1.1","28.1.4","28.2.0","electron","2024A1704672000","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.0","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.0","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.0","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","BIT-sqlite-2024-0232","https://osv.dev/BIT-sqlite-2024-0232","sqlite","","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2024-0232","https://nvd.nist.gov/vuln/detail/CVE-2024-0232","sqlite","5.5","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/264927 https://github.com/NixOS/nixpkgs/pull/281315" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-7m48-wc93-9g85","https://osv.dev/GHSA-7m48-wc93-9g85","electron","","25.1.1","28.1.3","28.2.0","electron","2023A1701907200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-qqvq-6xgj-jw8g","https://osv.dev/GHSA-qqvq-6xgj-jw8g","electron","","25.1.1","28.1.3","28.2.0","electron","2023A1696464000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/268612" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-7m48-wc93-9g85","https://osv.dev/GHSA-7m48-wc93-9g85","electron","","25.1.1","28.1.4","28.2.0","electron","2023A1701907200","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-qqvq-6xgj-jw8g","https://osv.dev/GHSA-qqvq-6xgj-jw8g","electron","","25.1.1","28.1.4","28.2.0","electron","2023A1696464000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/268612" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.2","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-7x97-j373-85x5","https://osv.dev/GHSA-7x97-j373-85x5","electron","","25.1.1","28.1.3","28.2.0","electron","2023A1693958400","False","Nixpkgs fix PR: https://github.com/NixOS/nixpkgs/pull/251189.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-7x97-j373-85x5","https://osv.dev/GHSA-7x97-j373-85x5","electron","","25.1.1","28.1.4","28.2.0","electron","2023A1693958400","False","Nixpkgs fix PR: https://github.com/NixOS/nixpkgs/pull/251189.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-51767","https://nvd.nist.gov/vuln/detail/CVE-2023-51767","openssh","7.0","9.3p1","9.6p1","9.6p1","openssh","2023A0000051767","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275249 @@ -23,8 +23,8 @@ https://github.com/NixOS/nixpkgs/pull/275587" https://github.com/NixOS/nixpkgs/pull/275399 https://github.com/NixOS/nixpkgs/pull/275587" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.4","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.4","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48795","https://nvd.nist.gov/vuln/detail/CVE-2023-48795","openssh","5.9","9.3p1","9.6p1","9.6p1","openssh","2023A0000048795","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275250 https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 @@ -40,28 +40,14 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -72,31 +58,22 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.4","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.4","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.4","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.4","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.4","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.4","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-44488","https://nvd.nist.gov/vuln/detail/CVE-2023-44488","libvpx","7.5","1.13.0","1.13.1","1.14.0","libvpx","2023A0000044488","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/258295 https://github.com/NixOS/nixpkgs/pull/258350 https://github.com/NixOS/nixpkgs/pull/259881 @@ -107,17 +84,17 @@ https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.4","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.4","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-44402","https://nvd.nist.gov/vuln/detail/CVE-2023-44402","electron","7.0","25.1.1","28.1.3","28.2.0","electron","2023A0000044402","False","","fix_update_to_version_nixpkgs","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-44402","https://nvd.nist.gov/vuln/detail/CVE-2023-44402","electron","7.0","25.1.1","28.1.4","28.2.0","electron","2023A0000044402","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-43789","https://nvd.nist.gov/vuln/detail/CVE-2023-43789","libXpm","5.5","3.5.15","3.5.17","3.5.17","libxpm","2023A0000043789","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/258841 https://github.com/NixOS/nixpkgs/pull/258996" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-43788","https://nvd.nist.gov/vuln/detail/CVE-2023-43788","libXpm","5.5","3.5.15","3.5.17","3.5.17","libxpm","2023A0000043788","False","","err_not_vulnerable_based_on_repology","" @@ -145,36 +122,18 @@ https://github.com/NixOS/nixpkgs/pull/267666" https://github.com/NixOS/nixpkgs/pull/254541 https://github.com/NixOS/nixpkgs/pull/258619 https://github.com/NixOS/nixpkgs/pull/278267" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39956","https://nvd.nist.gov/vuln/detail/CVE-2023-39956","electron","6.6","25.1.1","28.1.3","28.2.0","electron","2023A0000039956","False","","fix_update_to_version_nixpkgs","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39956","https://nvd.nist.gov/vuln/detail/CVE-2023-39956","electron","6.6","25.1.1","28.1.4","28.2.0","electron","2023A0000039956","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.4","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.4","1.21.5","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.4","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.20.4","1.21.5","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.20.4","1.21.5","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.4","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.4","1.21.6","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.4","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.20.4","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.20.4","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38633","https://nvd.nist.gov/vuln/detail/CVE-2023-38633","librsvg","5.5","2.55.1","2.57.1","2.57.1","librsvg","2023A0000038633","False","Nixpkgs fix PR: https://github.com/NixOS/nixpkgs/pull/246763.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/246763 @@ -185,11 +144,10 @@ https://github.com/NixOS/nixpkgs/pull/275021" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.4.0","8.5.0","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.5.0","8.5.0","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 https://github.com/NixOS/nixpkgs/pull/254963 -https://github.com/NixOS/nixpkgs/pull/260378 https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.59.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 https://github.com/NixOS/nixpkgs/pull/265047" @@ -217,13 +175,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-30571","https://nvd.nist.gov/vuln/detail/CVE-2023-30571","libarchive","5.3","3.6.2","3.7.2","3.7.2","libarchive","2023A0000030571","False","No upstream fix available, see: https://github.com/libarchive/libarchive/issues/1876.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244713 https://github.com/NixOS/nixpkgs/pull/256930" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-30402","https://nvd.nist.gov/vuln/detail/CVE-2023-30402","yasm","5.5","1.3.0","","","","2023A0000030402","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.20.4","1.21.5","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.20.4","1.21.6","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-29406","https://nvd.nist.gov/vuln/detail/CVE-2023-29406","go","6.5","1.20.4","","","","2023A0000029406","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-29406","https://nvd.nist.gov/vuln/detail/CVE-2023-29406","go","6.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000029406","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -277,20 +231,14 @@ https://github.com/NixOS/nixpkgs/pull/275604" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.3.1","23.3.2","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.9","3.2.0","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.9","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.9","3.2.0","3.2.0","openssl","2023A0000005363","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619 https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.9","3.2.0","3.2.0","ruby:openssl","2023A0000005363","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7.0","8.0.0","8.2.0","8.2.0","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4863","https://nvd.nist.gov/vuln/detail/CVE-2023-4863","libwebp","8.8","1.3.0","1.3.2","1.3.2","libwebp","2023A0000004863","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255786 @@ -307,37 +255,21 @@ https://github.com/NixOS/nixpkgs/pull/269450" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.0","2.4.2","2.4.7","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256378 @@ -394,15 +326,9 @@ https://github.com/NixOS/nixpkgs/pull/267666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2828","https://nvd.nist.gov/vuln/detail/CVE-2023-2828","bind","7.5","9.18.14","9.18.21","9.18.21","bind","2023A0000002828","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/239161 https://github.com/NixOS/nixpkgs/pull/275800" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.0","8.2.0","8.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-1999","https://nvd.nist.gov/vuln/detail/CVE-2023-1999","libwebp","7.5","1.3.0","1.3.2","1.3.2","libwebp","2023A0000001999","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255102 https://github.com/NixOS/nixpkgs/pull/255169" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-1916","https://nvd.nist.gov/vuln/detail/CVE-2023-1916","libtiff","6.1","4.5.0","4.6.0","4.6.0","tiff","2023A0000001916","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/239544 @@ -455,9 +381,9 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-1168","https://osv.dev/OSV-2022-1168","gstreamer","","1.22.3","1.22.8","1.22.9","gstreamer","2022A0000001168","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.71","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.6","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.71","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","","","","2022A0000000842","False","Unclear if this is still valid.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.1","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -563,9 +489,9 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2014-9157","https://nvd.nist.gov/vuln/detail/CVE-2014-9157","graphviz","","7.1.0","","","","2014A0000009157","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.2.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","BIT-sqlite-2024-0232","https://osv.dev/BIT-sqlite-2024-0232","sqlite","","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2024-0232","https://nvd.nist.gov/vuln/detail/CVE-2024-0232","sqlite","5.5","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/264927 @@ -583,30 +509,16 @@ https://github.com/NixOS/nixpkgs/pull/276799" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-49465","https://nvd.nist.gov/vuln/detail/CVE-2023-49465","libde265","8.8","1.0.14","1.0.15","1.0.15","libde265","2023A0000049465","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 https://github.com/NixOS/nixpkgs/pull/276798 https://github.com/NixOS/nixpkgs/pull/276799" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -617,42 +529,33 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","nghttp2","7.5","1.51.0","1.57.0","1.59.0","nghttp2","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 @@ -664,28 +567,14 @@ https://github.com/NixOS/nixpkgs/pull/278073" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.8","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.8","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.8","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.8","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -693,7 +582,7 @@ https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.59.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 https://github.com/NixOS/nixpkgs/pull/265047" @@ -710,9 +599,7 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-30571","https://nvd.nist.gov/vuln/detail/CVE-2023-30571","libarchive","5.3","3.6.2","3.7.2","3.7.2","libarchive","2023A0000030571","False","No upstream fix available, see: https://github.com/libarchive/libarchive/issues/1876.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244713 https://github.com/NixOS/nixpkgs/pull/256930" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-30402","https://nvd.nist.gov/vuln/detail/CVE-2023-30402","yasm","5.5","1.3.0","","","","2023A0000030402","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-29406","https://nvd.nist.gov/vuln/detail/CVE-2023-29406","go","6.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000029406","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-29405","https://nvd.nist.gov/vuln/detail/CVE-2023-29405","go","9.8","1.17.13-linux-amd64-bootstrap","","","","2023A0000029405","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -755,15 +642,9 @@ https://github.com/NixOS/nixpkgs/pull/281315" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.3.1","23.3.2","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.14.0","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/258448 https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 @@ -771,37 +652,21 @@ https://github.com/NixOS/nixpkgs/pull/261404 https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7.0","8.0.5","8.2.0","8.2.0","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.5","8.2.0","8.2.0","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267666" @@ -815,15 +680,9 @@ https://github.com/NixOS/nixpkgs/pull/267666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2861","https://nvd.nist.gov/vuln/detail/CVE-2023-2861","qemu","7.1","8.0.5","8.2.0","8.2.0","qemu","2023A0000002861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244827 https://github.com/NixOS/nixpkgs/pull/267666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.2.0","8.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.2.0","8.2.0","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2023-889","https://osv.dev/OSV-2023-889","file","","5.44","5.45","5.45","file","2023A0000000889","False","","err_not_vulnerable_based_on_repology","" @@ -880,9 +739,9 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-2880","https://nvd.nist.gov/vuln/detail/CVE-2022-2880","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002880","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.71","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.6","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.71","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","","","","2022A0000000842","False","Unclear if this is still valid.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" diff --git a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md index ed9cb59..e85812a 100644 --- a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md @@ -28,80 +28,80 @@ Following table lists vulnerabilities that have been fixed in the nixpkgs channe Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/flake.lock) file to mitigate the following issues: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|------------------|----------------|------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [CVE-2023-40359](https://nvd.nist.gov/vuln/detail/CVE-2023-40359) | xterm | 9.8 | 379 | 388 | 389 | Backport to 23.05 ongoing in PR: [link](https://github.com/NixOS/nixpkgs/pull/254541). *[[PR](https://github.com/NixOS/nixpkgs/pull/244141), [PR](https://github.com/NixOS/nixpkgs/pull/254541), [PR](https://github.com/NixOS/nixpkgs/pull/258619), [PR](https://github.com/NixOS/nixpkgs/pull/278267)]* | -| [CVE-2023-35784](https://nvd.nist.gov/vuln/detail/CVE-2023-35784) | libressl | 9.8 | 3.7.2 | 3.7.3 | 3.7.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/238831), [PR](https://github.com/NixOS/nixpkgs/pull/240264), [PR](https://github.com/NixOS/nixpkgs/pull/265633)]* | -| [CVE-2023-25434](https://nvd.nist.gov/vuln/detail/CVE-2023-25434) | libtiff | 8.8 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) | libwebp | 8.8 | 1.3.0 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255786), [PR](https://github.com/NixOS/nixpkgs/pull/255959), [PR](https://github.com/NixOS/nixpkgs/pull/258217), [PR](https://github.com/NixOS/nixpkgs/pull/258430), [PR](https://github.com/NixOS/nixpkgs/pull/261876)]* | -| [CVE-2023-3724](https://nvd.nist.gov/vuln/detail/CVE-2023-3724) | wolfssl | 8.8 | 5.5.4 | | | Issue is fixed in 5.6.2: [link](https://www.wolfssl.com/docs/security-vulnerabilities/). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/239027). *[[PR](https://github.com/NixOS/nixpkgs/pull/239027), [PR](https://github.com/NixOS/nixpkgs/pull/246451)]* | -| [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | -| [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | -| [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/283362)]* | -| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-35790](https://nvd.nist.gov/vuln/detail/CVE-2023-35790) | libjxl | 7.5 | 0.8.1 | 0.8.2 | 0.9.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/237913), [PR](https://github.com/NixOS/nixpkgs/pull/238274), [PR](https://github.com/NixOS/nixpkgs/pull/282472)]* | -| [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | -| [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | -| [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | -| [CVE-2023-3138](https://nvd.nist.gov/vuln/detail/CVE-2023-3138) | libX11 | 7.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/238116), [PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-2911](https://nvd.nist.gov/vuln/detail/CVE-2023-2911) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239161), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | -| [CVE-2023-2829](https://nvd.nist.gov/vuln/detail/CVE-2023-2829) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | -| [CVE-2023-2828](https://nvd.nist.gov/vuln/detail/CVE-2023-2828) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239161), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | -| [CVE-2023-1999](https://nvd.nist.gov/vuln/detail/CVE-2023-1999) | libwebp | 7.5 | 1.3.0 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255102), [PR](https://github.com/NixOS/nixpkgs/pull/255169)]* | -| [CVE-2023-34241](https://nvd.nist.gov/vuln/detail/CVE-2023-34241) | cups | 7.1 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/240840), [PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.1.1 | 28.1.3 | 28.2.0 | | -| [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-39956](https://nvd.nist.gov/vuln/detail/CVE-2023-39956) | electron | 6.6 | 25.1.1 | 28.1.3 | 28.2.0 | | -| [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | -| [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | -| [CVE-2023-34969](https://nvd.nist.gov/vuln/detail/CVE-2023-34969) | dbus | 6.5 | 1.14.6 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236937), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2023-3618](https://nvd.nist.gov/vuln/detail/CVE-2023-3618) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-3316](https://nvd.nist.gov/vuln/detail/CVE-2023-3316) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-3255](https://nvd.nist.gov/vuln/detail/CVE-2023-3255) | qemu | 6.5 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-1916](https://nvd.nist.gov/vuln/detail/CVE-2023-1916) | libtiff | 6.1 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330) | qemu | 6.0 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | -| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | -| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | -| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | -| [CVE-2023-3301](https://nvd.nist.gov/vuln/detail/CVE-2023-3301) | qemu | 5.6 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/244827), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | -| [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | -| [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-43785](https://nvd.nist.gov/vuln/detail/CVE-2023-43785) | libX11 | 5.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-42467](https://nvd.nist.gov/vuln/detail/CVE-2023-42467) | qemu | 5.5 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | -| [CVE-2023-40360](https://nvd.nist.gov/vuln/detail/CVE-2023-40360) | qemu | 5.5 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/251154), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | -| [CVE-2023-38633](https://nvd.nist.gov/vuln/detail/CVE-2023-38633) | librsvg | 5.5 | 2.55.1 | 2.57.1 | 2.57.1 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/246763). *[[PR](https://github.com/NixOS/nixpkgs/pull/246763), [PR](https://github.com/NixOS/nixpkgs/pull/246860), [PR](https://github.com/NixOS/nixpkgs/pull/275021)]* | -| [CVE-2023-26966](https://nvd.nist.gov/vuln/detail/CVE-2023-26966) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-26965](https://nvd.nist.gov/vuln/detail/CVE-2023-26965) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-25435](https://nvd.nist.gov/vuln/detail/CVE-2023-25435) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-3576](https://nvd.nist.gov/vuln/detail/CVE-2023-3576) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.1 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/258729)]* | -| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.20.4 | 1.21.5 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | -| [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/246579). *[[PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | -| [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/246579). *[[PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715)]* | -| [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | -| [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715)]* | -| [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | -| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | | -| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | | -| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | -| [GHSA-7x97-j373-85x5](https://osv.dev/GHSA-7x97-j373-85x5) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/251189). | -| [OSV-2023-101](https://osv.dev/OSV-2023-101) | qemu | | 8.0.0 | 8.2.0 | 8.2.0 | Fixed in qemu 8.0.4: [link](https://github.com/NixOS/nixpkgs/pull/248659). | -| [OSV-2022-1168](https://osv.dev/OSV-2022-1168) | gstreamer | | 1.22.3 | 1.22.8 | 1.22.9 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|------------------|----------------|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [CVE-2023-40359](https://nvd.nist.gov/vuln/detail/CVE-2023-40359) | xterm | 9.8 | 379 | 388 | 389 | Backport to 23.05 ongoing in PR: [link](https://github.com/NixOS/nixpkgs/pull/254541). *[[PR](https://github.com/NixOS/nixpkgs/pull/244141), [PR](https://github.com/NixOS/nixpkgs/pull/254541), [PR](https://github.com/NixOS/nixpkgs/pull/258619), [PR](https://github.com/NixOS/nixpkgs/pull/278267)]* | +| [CVE-2023-35784](https://nvd.nist.gov/vuln/detail/CVE-2023-35784) | libressl | 9.8 | 3.7.2 | 3.7.3 | 3.7.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/238831), [PR](https://github.com/NixOS/nixpkgs/pull/240264), [PR](https://github.com/NixOS/nixpkgs/pull/265633)]* | +| [CVE-2023-25434](https://nvd.nist.gov/vuln/detail/CVE-2023-25434) | libtiff | 8.8 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) | libwebp | 8.8 | 1.3.0 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255786), [PR](https://github.com/NixOS/nixpkgs/pull/255959), [PR](https://github.com/NixOS/nixpkgs/pull/258217), [PR](https://github.com/NixOS/nixpkgs/pull/258430), [PR](https://github.com/NixOS/nixpkgs/pull/261876)]* | +| [CVE-2023-3724](https://nvd.nist.gov/vuln/detail/CVE-2023-3724) | wolfssl | 8.8 | 5.5.4 | | | Issue is fixed in 5.6.2: [link](https://www.wolfssl.com/docs/security-vulnerabilities/). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/239027). *[[PR](https://github.com/NixOS/nixpkgs/pull/239027), [PR](https://github.com/NixOS/nixpkgs/pull/246451)]* | +| [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | +| [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | +| [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | +| [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/283362)]* | +| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-35790](https://nvd.nist.gov/vuln/detail/CVE-2023-35790) | libjxl | 7.5 | 0.8.1 | 0.8.2 | 0.9.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/237913), [PR](https://github.com/NixOS/nixpkgs/pull/238274), [PR](https://github.com/NixOS/nixpkgs/pull/282472)]* | +| [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | +| [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | +| [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | +| [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | +| [CVE-2023-3138](https://nvd.nist.gov/vuln/detail/CVE-2023-3138) | libX11 | 7.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/238116), [PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | +| [CVE-2023-2911](https://nvd.nist.gov/vuln/detail/CVE-2023-2911) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239161), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | +| [CVE-2023-2829](https://nvd.nist.gov/vuln/detail/CVE-2023-2829) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | +| [CVE-2023-2828](https://nvd.nist.gov/vuln/detail/CVE-2023-2828) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239161), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | +| [CVE-2023-1999](https://nvd.nist.gov/vuln/detail/CVE-2023-1999) | libwebp | 7.5 | 1.3.0 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255102), [PR](https://github.com/NixOS/nixpkgs/pull/255169)]* | +| [CVE-2023-34241](https://nvd.nist.gov/vuln/detail/CVE-2023-34241) | cups | 7.1 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/240840), [PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | +| [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | +| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.1.1 | 28.1.4 | 28.2.0 | | +| [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | +| [CVE-2023-39956](https://nvd.nist.gov/vuln/detail/CVE-2023-39956) | electron | 6.6 | 25.1.1 | 28.1.4 | 28.2.0 | | +| [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | +| [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | +| [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | +| [CVE-2023-34969](https://nvd.nist.gov/vuln/detail/CVE-2023-34969) | dbus | 6.5 | 1.14.6 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236937), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | +| [CVE-2023-3618](https://nvd.nist.gov/vuln/detail/CVE-2023-3618) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-3316](https://nvd.nist.gov/vuln/detail/CVE-2023-3316) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-3255](https://nvd.nist.gov/vuln/detail/CVE-2023-3255) | qemu | 6.5 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-1916](https://nvd.nist.gov/vuln/detail/CVE-2023-1916) | libtiff | 6.1 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330) | qemu | 6.0 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | +| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | +| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | +| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | +| [CVE-2023-3301](https://nvd.nist.gov/vuln/detail/CVE-2023-3301) | qemu | 5.6 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/244827), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | +| [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | +| [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | +| [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | +| [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | +| [CVE-2023-43785](https://nvd.nist.gov/vuln/detail/CVE-2023-43785) | libX11 | 5.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | +| [CVE-2023-42467](https://nvd.nist.gov/vuln/detail/CVE-2023-42467) | qemu | 5.5 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | +| [CVE-2023-40360](https://nvd.nist.gov/vuln/detail/CVE-2023-40360) | qemu | 5.5 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/251154), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | +| [CVE-2023-38633](https://nvd.nist.gov/vuln/detail/CVE-2023-38633) | librsvg | 5.5 | 2.55.1 | 2.57.1 | 2.57.1 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/246763). *[[PR](https://github.com/NixOS/nixpkgs/pull/246763), [PR](https://github.com/NixOS/nixpkgs/pull/246860), [PR](https://github.com/NixOS/nixpkgs/pull/275021)]* | +| [CVE-2023-26966](https://nvd.nist.gov/vuln/detail/CVE-2023-26966) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-26965](https://nvd.nist.gov/vuln/detail/CVE-2023-26965) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-25435](https://nvd.nist.gov/vuln/detail/CVE-2023-25435) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-3576](https://nvd.nist.gov/vuln/detail/CVE-2023-3576) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | +| [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.1 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/258729)]* | +| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.20.4 | 1.21.6 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | +| [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/246579). *[[PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | +| [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/246579). *[[PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715)]* | +| [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | +| [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715)]* | +| [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | +| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | +| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | | +| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | | +| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | +| [GHSA-7x97-j373-85x5](https://osv.dev/GHSA-7x97-j373-85x5) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/251189). | +| [OSV-2023-101](https://osv.dev/OSV-2023-101) | qemu | | 8.0.0 | 8.2.0 | 8.2.0 | Fixed in qemu 8.0.4: [link](https://github.com/NixOS/nixpkgs/pull/248659). | +| [OSV-2022-1168](https://osv.dev/OSV-2022-1168) | gstreamer | | 1.22.3 | 1.22.8 | 1.22.9 | | ## Vulnerabilities Fixed in nix-unstable @@ -122,15 +122,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0232](https://nvd.nist.gov/vuln/detail/CVE-2024-0232) | sqlite | 5.5 | 3.41.2 | 3.44.2 | 3.45.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264927), [PR](https://github.com/NixOS/nixpkgs/pull/281315)]* | -| [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | -| [BIT-sqlite-2024-0232](https://osv.dev/BIT-sqlite-2024-0232) | sqlite | | 3.41.2 | 3.44.2 | 3.45.0 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -151,44 +143,44 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) | libwebp | 8.8 | 1.3.0 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255786), [PR](https://github.com/NixOS/nixpkgs/pull/255959), [PR](https://github.com/NixOS/nixpkgs/pull/258217), [PR](https://github.com/NixOS/nixpkgs/pull/258430), [PR](https://github.com/NixOS/nixpkgs/pull/261876)]* | | [CVE-2023-3724](https://nvd.nist.gov/vuln/detail/CVE-2023-3724) | wolfssl | 8.8 | 5.5.4 | | | Issue is fixed in 5.6.2: [link](https://www.wolfssl.com/docs/security-vulnerabilities/). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/239027). *[[PR](https://github.com/NixOS/nixpkgs/pull/239027), [PR](https://github.com/NixOS/nixpkgs/pull/246451)]* | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.0 | 8.2.0 | 8.2.0 | | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.0 | 8.2.0 | 8.2.0 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.4 | 1.21.5 | 1.21.6 | | -| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | | +| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.0 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.0 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.4 | 1.21.6 | 1.21.6 | | +| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | | [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/283362)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.59.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | -| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | +| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.59.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-35790](https://nvd.nist.gov/vuln/detail/CVE-2023-35790) | libjxl | 7.5 | 0.8.1 | 0.8.2 | 0.9.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/237913), [PR](https://github.com/NixOS/nixpkgs/pull/238274), [PR](https://github.com/NixOS/nixpkgs/pull/282472)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.14 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.0 | 8.2.0 | 8.2.0 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | @@ -205,18 +197,18 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861) | qemu | 7.1 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/244827), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.1.1 | 28.1.3 | 28.2.0 | | +| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.1.1 | 28.1.4 | 28.2.0 | | | [CVE-2023-42465](https://nvd.nist.gov/vuln/detail/CVE-2023-42465) | sudo | 7.0 | 1.9.13p3 | 1.9.15p5 | 1.9.15p5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277844)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.0.0 | 8.2.0 | 8.2.0 | | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-39956](https://nvd.nist.gov/vuln/detail/CVE-2023-39956) | electron | 6.6 | 25.1.1 | 28.1.3 | 28.2.0 | | +| [CVE-2023-39956](https://nvd.nist.gov/vuln/detail/CVE-2023-39956) | electron | 6.6 | 25.1.1 | 28.1.4 | 28.2.0 | | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/280837), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | | [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | -| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.42.2 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | +| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.0 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-34969](https://nvd.nist.gov/vuln/detail/CVE-2023-34969) | dbus | 6.5 | 1.14.6 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236937), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.0.0 | 8.2.0 | 8.2.0 | | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | | @@ -231,10 +223,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | | [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | | [CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-1916](https://nvd.nist.gov/vuln/detail/CVE-2023-1916) | libtiff | 6.1 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330) | qemu | 6.0 | 8.0.0 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.3p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -247,7 +239,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.1 | 6.1.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1 | 6.1.1 | | | [CVE-2023-46316](https://nvd.nist.gov/vuln/detail/CVE-2023-46316) | traceroute | 5.5 | 2.1.2 | | | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | @@ -275,22 +267,22 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.2.13 | 1.3 | 1.3.1 | | | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-3576](https://nvd.nist.gov/vuln/detail/CVE-2023-3576) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.1 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/258729)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.4 | 1.21.5 | 1.21.6 | | -| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.4 | 1.21.6 | 1.21.6 | | +| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | -| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.20.4 | 1.21.5 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.20.4 | 1.21.6 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.0.0 | 8.2.0 | 8.2.0 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | @@ -299,26 +291,26 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/246579). *[[PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715)]* | | [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715)]* | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.4 | 1.21.5 | 1.21.6 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.4 | 1.21.6 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 13.2.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2116 | 9.1.0050 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.2 | 4.14.3 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/264349), [PR](https://github.com/NixOS/nixpkgs/pull/276559), [PR](https://github.com/NixOS/nixpkgs/pull/281318)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.3.1 | 23.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | | +| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | | | [BIT-sqlite-2024-0232](https://osv.dev/BIT-sqlite-2024-0232) | sqlite | | 3.41.2 | 3.44.2 | 3.45.0 | | -| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | | -| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | -| [GHSA-7x97-j373-85x5](https://osv.dev/GHSA-7x97-j373-85x5) | electron | | 25.1.1 | 28.1.3 | 28.2.0 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/251189). | +| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | | +| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | +| [GHSA-7x97-j373-85x5](https://osv.dev/GHSA-7x97-j373-85x5) | electron | | 25.1.1 | 28.1.4 | 28.2.0 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/251189). | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [BIT-sqlite-2023-7104](https://osv.dev/BIT-sqlite-2023-7104) | sqlite | | 3.41.2 | 3.44.2 | 3.45.0 | | | [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.0 | 1.3.0 | 1.3.0 | | @@ -328,9 +320,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.0.0 | 8.2.0 | 8.2.0 | Unclear if this is still valid. | | [OSV-2023-101](https://osv.dev/OSV-2023-101) | qemu | | 8.0.0 | 8.2.0 | 8.2.0 | Fixed in qemu 8.0.4: [link](https://github.com/NixOS/nixpkgs/pull/248659). | | [OSV-2022-1168](https://osv.dev/OSV-2022-1168) | gstreamer | | 1.22.3 | 1.22.8 | 1.22.9 | | -| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.70 | 5.72 | Unclear if this is still valid. | +| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.71 | 5.72 | Unclear if this is still valid. | | [OSV-2022-896](https://osv.dev/OSV-2022-896) | libsass | | 3.6.5 | 3.6.5 | 3.6.6 | Unclear if this is still valid. | -| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.70 | 5.72 | Unclear if this is still valid. | +| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.71 | 5.72 | Unclear if this is still valid. | | [OSV-2022-842](https://osv.dev/OSV-2022-842) | wolfssl | | 5.5.4 | | | Unclear if this is still valid. | | [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.1 | 0.8.2 | 0.9.1 | Unclear if this is still valid. | | [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.1 | 0.8.2 | 0.9.1 | Unclear if this is still valid. | diff --git a/reports/ghaf-23.09/data.csv b/reports/ghaf-23.09/data.csv index 787295d..34de30a 100644 --- a/reports/ghaf-23.09/data.csv +++ b/reports/ghaf-23.09/data.csv @@ -1,14 +1,14 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-j7hp-h8jx-5ppr","https://osv.dev/GHSA-j7hp-h8jx-5ppr","electron","","25.7.0","28.1.3","28.2.0","electron","2024A1704672000","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.0","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-j7hp-h8jx-5ppr","https://osv.dev/GHSA-j7hp-h8jx-5ppr","electron","","25.7.0","28.1.4","28.2.0","electron","2024A1704672000","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.0","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.0","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.0","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","BIT-sqlite-2024-0232","https://osv.dev/BIT-sqlite-2024-0232","sqlite","","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2024-0232","https://nvd.nist.gov/vuln/detail/CVE-2024-0232","sqlite","5.5","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/264927 https://github.com/NixOS/nixpkgs/pull/281315" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-7m48-wc93-9g85","https://osv.dev/GHSA-7m48-wc93-9g85","electron","","25.7.0","28.1.3","28.2.0","electron","2023A1701907200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-qqvq-6xgj-jw8g","https://osv.dev/GHSA-qqvq-6xgj-jw8g","electron","","25.7.0","28.1.3","28.2.0","electron","2023A1696464000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/268612" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-7m48-wc93-9g85","https://osv.dev/GHSA-7m48-wc93-9g85","electron","","25.7.0","28.1.4","28.2.0","electron","2023A1701907200","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-qqvq-6xgj-jw8g","https://osv.dev/GHSA-qqvq-6xgj-jw8g","electron","","25.7.0","28.1.4","28.2.0","electron","2023A1696464000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/268612" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.2","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" @@ -22,8 +22,8 @@ https://github.com/NixOS/nixpkgs/pull/275587" https://github.com/NixOS/nixpkgs/pull/275399 https://github.com/NixOS/nixpkgs/pull/275587" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.7","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.7","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48795","https://nvd.nist.gov/vuln/detail/CVE-2023-48795","openssh","5.9","9.3p2","9.6p1","9.6p1","openssh","2023A0000048795","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275250 https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 @@ -39,28 +39,14 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.15","1.0.15","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 https://github.com/NixOS/nixpkgs/pull/276798 @@ -73,31 +59,22 @@ https://github.com/NixOS/nixpkgs/pull/271223" https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.7","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.7","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.7","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.7","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202211","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45236","https://nvd.nist.gov/vuln/detail/CVE-2023-45236","edk2","7.5","202211","202311","202311","edk2","2023A0000045236","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45235","https://nvd.nist.gov/vuln/detail/CVE-2023-45235","edk2","8.8","202211","202311","202311","edk2","2023A0000045235","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" @@ -117,17 +94,17 @@ https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.7","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44402","https://nvd.nist.gov/vuln/detail/CVE-2023-44402","electron","7.0","25.7.0","28.1.3","28.2.0","electron","2023A0000044402","False","","fix_update_to_version_nixpkgs","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44402","https://nvd.nist.gov/vuln/detail/CVE-2023-44402","electron","7.0","25.7.0","28.1.4","28.2.0","electron","2023A0000044402","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.15","1.0.15","libde265","2023A0000043887","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268884 https://github.com/NixOS/nixpkgs/pull/271642 https://github.com/NixOS/nixpkgs/pull/271643 @@ -159,34 +136,16 @@ https://github.com/NixOS/nixpkgs/pull/254541 https://github.com/NixOS/nixpkgs/pull/258619 https://github.com/NixOS/nixpkgs/pull/278267" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.7","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.7","1.21.5","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.7","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.20.7","1.21.5","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.20.7","1.21.5","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.7","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.7","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.20.7","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.20.7","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -194,11 +153,10 @@ https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.4.0","8.5.0","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.5.0","8.5.0","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 https://github.com/NixOS/nixpkgs/pull/254963 -https://github.com/NixOS/nixpkgs/pull/260378 https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.59.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 https://github.com/NixOS/nixpkgs/pull/265047" @@ -219,9 +177,7 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-30571","https://nvd.nist.gov/vuln/detail/CVE-2023-30571","libarchive","5.3","3.6.2","3.7.2","3.7.2","libarchive","2023A0000030571","False","No upstream fix available, see: https://github.com/libarchive/libarchive/issues/1876.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244713 https://github.com/NixOS/nixpkgs/pull/256930" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-30402","https://nvd.nist.gov/vuln/detail/CVE-2023-30402","yasm","5.5","1.3.0","","","","2023A0000030402","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29406","https://nvd.nist.gov/vuln/detail/CVE-2023-29406","go","6.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000029406","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29405","https://nvd.nist.gov/vuln/detail/CVE-2023-29405","go","9.8","1.17.13-linux-amd64-bootstrap","","","","2023A0000029405","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -263,20 +219,14 @@ https://github.com/NixOS/nixpkgs/pull/275604" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.3.1","23.3.2","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.10","3.2.0","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.10","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.10","3.2.0","3.2.0","openssl","2023A0000005363","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619 https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.10","3.2.0","3.2.0","ruby:openssl","2023A0000005363","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7.0","8.0.4","8.2.0","8.2.0","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4863","https://nvd.nist.gov/vuln/detail/CVE-2023-4863","libwebp","8.8","1.3.1","1.3.2","1.3.2","libwebp","2023A0000004863","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255786 @@ -293,37 +243,21 @@ https://github.com/NixOS/nixpkgs/pull/269450" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.0","2.4.6","2.4.7","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256378 @@ -348,15 +282,9 @@ https://github.com/NixOS/nixpkgs/pull/267666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2861","https://nvd.nist.gov/vuln/detail/CVE-2023-2861","qemu","7.1","8.0.4","8.2.0","8.2.0","qemu","2023A0000002861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244827 https://github.com/NixOS/nixpkgs/pull/267666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.4","8.2.0","8.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.4","8.2.0","8.2.0","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2023-889","https://osv.dev/OSV-2023-889","file","","5.44","5.45","5.45","file","2023A0000000889","False","","err_not_vulnerable_based_on_repology","" @@ -405,9 +333,9 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-2880","https://nvd.nist.gov/vuln/detail/CVE-2022-2880","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002880","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.71","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.6","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.71","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","","","","2022A0000000842","False","Unclear if this is still valid.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -532,9 +460,9 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202211","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.2.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","BIT-sqlite-2024-0232","https://osv.dev/BIT-sqlite-2024-0232","sqlite","","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2024-0232","https://nvd.nist.gov/vuln/detail/CVE-2024-0232","sqlite","5.5","3.41.2","3.44.2","3.45.0","sqlite","2024A0000000232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/264927 @@ -552,30 +480,16 @@ https://github.com/NixOS/nixpkgs/pull/276799" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49465","https://nvd.nist.gov/vuln/detail/CVE-2023-49465","libde265","8.8","1.0.14","1.0.15","1.0.15","libde265","2023A0000049465","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 https://github.com/NixOS/nixpkgs/pull/276798 https://github.com/NixOS/nixpkgs/pull/276799" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -585,31 +499,22 @@ https://github.com/NixOS/nixpkgs/pull/271223" https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202211","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45236","https://nvd.nist.gov/vuln/detail/CVE-2023-45236","edk2","7.5","202211","202311","202311","edk2","2023A0000045236","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45235","https://nvd.nist.gov/vuln/detail/CVE-2023-45235","edk2","8.8","202211","202311","202311","edk2","2023A0000045235","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" @@ -624,12 +529,12 @@ https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 @@ -641,28 +546,14 @@ https://github.com/NixOS/nixpkgs/pull/278073" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.8","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.8","1.21.5","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.8","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.8","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.8","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -670,7 +561,7 @@ https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.59.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 https://github.com/NixOS/nixpkgs/pull/265047" @@ -691,9 +582,7 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-30571","https://nvd.nist.gov/vuln/detail/CVE-2023-30571","libarchive","5.3","3.6.2","3.7.2","3.7.2","libarchive","2023A0000030571","False","No upstream fix available, see: https://github.com/libarchive/libarchive/issues/1876.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244713 https://github.com/NixOS/nixpkgs/pull/256930" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-30402","https://nvd.nist.gov/vuln/detail/CVE-2023-30402","yasm","5.5","1.3.0","","","","2023A0000030402","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 -https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29406","https://nvd.nist.gov/vuln/detail/CVE-2023-29406","go","6.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000029406","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29405","https://nvd.nist.gov/vuln/detail/CVE-2023-29405","go","9.8","1.17.13-linux-amd64-bootstrap","","","","2023A0000029405","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -736,15 +625,9 @@ https://github.com/NixOS/nixpkgs/pull/281315" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.3.1","23.3.2","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.14.0","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/258448 https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 @@ -752,37 +635,21 @@ https://github.com/NixOS/nixpkgs/pull/261404 https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7.0","8.0.5","8.2.0","8.2.0","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 -https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.5","8.2.0","8.2.0","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267666" @@ -796,15 +663,9 @@ https://github.com/NixOS/nixpkgs/pull/267666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2861","https://nvd.nist.gov/vuln/detail/CVE-2023-2861","qemu","7.1","8.0.5","8.2.0","8.2.0","qemu","2023A0000002861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244827 https://github.com/NixOS/nixpkgs/pull/267666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.2.0","8.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.1.0050","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0059","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.2.0","8.2.0","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2023-889","https://osv.dev/OSV-2023-889","file","","5.44","5.45","5.45","file","2023A0000000889","False","","err_not_vulnerable_based_on_repology","" @@ -864,9 +725,9 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-2880","https://nvd.nist.gov/vuln/detail/CVE-2022-2880","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002880","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.71","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.6","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.71","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","","","","2022A0000000842","False","Unclear if this is still valid.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" diff --git a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md index 5daa119..c2b2c32 100644 --- a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md @@ -37,22 +37,22 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | | [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/283362)]* | -| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | | [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.16 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.7.0 | 28.1.3 | 28.2.0 | | +| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.7.0 | 28.1.4 | 28.2.0 | | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.6 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -65,9 +65,9 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.7.0 | 28.1.3 | 28.2.0 | | -| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 28.1.3 | 28.2.0 | | -| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.7.0 | 28.1.3 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | +| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.7.0 | 28.1.4 | 28.2.0 | | +| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 28.1.4 | 28.2.0 | | +| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.7.0 | 28.1.4 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | ## Vulnerabilities Fixed in nix-unstable @@ -88,15 +88,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0232](https://nvd.nist.gov/vuln/detail/CVE-2024-0232) | sqlite | 5.5 | 3.41.2 | 3.44.2 | 3.45.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264927), [PR](https://github.com/NixOS/nixpkgs/pull/281315)]* | -| [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | -| [BIT-sqlite-2024-0232](https://osv.dev/BIT-sqlite-2024-0232) | sqlite | | 3.41.2 | 3.44.2 | 3.45.0 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -118,50 +110,50 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) | libwebp | 8.8 | 1.3.1 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255786), [PR](https://github.com/NixOS/nixpkgs/pull/255959), [PR](https://github.com/NixOS/nixpkgs/pull/258217), [PR](https://github.com/NixOS/nixpkgs/pull/258430), [PR](https://github.com/NixOS/nixpkgs/pull/261876)]* | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.4 | 8.2.0 | 8.2.0 | | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.4 | 8.2.0 | 8.2.0 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2022-36765](https://nvd.nist.gov/vuln/detail/CVE-2022-36765) | edk2 | 7.8 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2022-36764](https://nvd.nist.gov/vuln/detail/CVE-2022-36764) | edk2 | 7.8 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2022-36763](https://nvd.nist.gov/vuln/detail/CVE-2022-36763) | edk2 | 7.8 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.0 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.7 | 1.21.5 | 1.21.6 | | -| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | | +| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.0 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.0 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | | +| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | | [CVE-2023-45237](https://nvd.nist.gov/vuln/detail/CVE-2023-45237) | edk2 | 7.5 | 202211 | 202311 | 202311 | | | [CVE-2023-45236](https://nvd.nist.gov/vuln/detail/CVE-2023-45236) | edk2 | 7.5 | 202211 | 202311 | 202311 | | | [CVE-2023-45233](https://nvd.nist.gov/vuln/detail/CVE-2023-45233) | edk2 | 7.5 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45232](https://nvd.nist.gov/vuln/detail/CVE-2023-45232) | edk2 | 7.5 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/283362)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.59.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | -| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | +| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.59.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619), [PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.4 | 8.2.0 | 8.2.0 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | @@ -172,20 +164,20 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861) | qemu | 7.1 | 8.0.4 | 8.2.0 | 8.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/244827), [PR](https://github.com/NixOS/nixpkgs/pull/267666)]* | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.7.0 | 28.1.3 | 28.2.0 | | +| [CVE-2023-44402](https://nvd.nist.gov/vuln/detail/CVE-2023-44402) | electron | 7.0 | 25.7.0 | 28.1.4 | 28.2.0 | | | [CVE-2023-42465](https://nvd.nist.gov/vuln/detail/CVE-2023-42465) | sudo | 7.0 | 1.9.13p3 | 1.9.15p5 | 1.9.15p5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277844)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.0.4 | 8.2.0 | 8.2.0 | | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.6 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/280837), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | -| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.42.2 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | +| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.0 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.0.4 | 8.2.0 | 8.2.0 | | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | | | [CVE-2023-6129](https://nvd.nist.gov/vuln/detail/CVE-2023-6129) | openssl | 6.5 | 3.0.10 | 3.2.0 | 3.2.0 | | @@ -198,10 +190,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | | [CVE-2021-46312](https://nvd.nist.gov/vuln/detail/CVE-2021-46312) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | | [CVE-2021-46310](https://nvd.nist.gov/vuln/detail/CVE-2021-46310) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -210,7 +202,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.1 | 6.1.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1 | 6.1.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | @@ -233,41 +225,41 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.2.13 | 1.3 | 1.3.1 | | | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.5.1 | 4.6.0 | 4.6.0 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.1.0050 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0059 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.7 | 1.21.5 | 1.21.6 | | -| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.7 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.7 | 1.21.6 | 1.21.6 | | +| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | -| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.0.4 | 8.2.0 | 8.2.0 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.10 | 3.2.0 | 3.2.0 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.7 | 1.21.5 | 1.21.6 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.21.5 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.7 | 1.21.6 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 13.2.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2116 | 9.1.0050 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.2 | 4.14.3 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/264349), [PR](https://github.com/NixOS/nixpkgs/pull/276559), [PR](https://github.com/NixOS/nixpkgs/pull/281318)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.3.1 | 23.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.7.0 | 28.1.3 | 28.2.0 | | +| [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.7.0 | 28.1.4 | 28.2.0 | | | [BIT-sqlite-2024-0232](https://osv.dev/BIT-sqlite-2024-0232) | sqlite | | 3.41.2 | 3.44.2 | 3.45.0 | | -| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 28.1.3 | 28.2.0 | | -| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.7.0 | 28.1.3 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | +| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 28.1.4 | 28.2.0 | | +| [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.7.0 | 28.1.4 | 28.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [BIT-sqlite-2023-7104](https://osv.dev/BIT-sqlite-2023-7104) | sqlite | | 3.41.2 | 3.44.2 | 3.45.0 | | | [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.0 | 1.3.0 | 1.3.0 | | @@ -275,9 +267,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.2.0 | 1.3.0 | 1.3.0 | | | [OSV-2023-505](https://osv.dev/OSV-2023-505) | file | | 5.44 | 5.45 | 5.45 | Unclear if this is still valid. | | [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.0.4 | 8.2.0 | 8.2.0 | Unclear if this is still valid. | -| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.70 | 5.72 | Unclear if this is still valid. | +| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.71 | 5.72 | Unclear if this is still valid. | | [OSV-2022-896](https://osv.dev/OSV-2022-896) | libsass | | 3.6.5 | 3.6.5 | 3.6.6 | Unclear if this is still valid. | -| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.70 | 5.72 | Unclear if this is still valid. | +| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.71 | 5.72 | Unclear if this is still valid. | | [OSV-2022-842](https://osv.dev/OSV-2022-842) | wolfssl | | 5.5.4 | | | Unclear if this is still valid. | | [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.8.2 | 0.9.1 | Unclear if this is still valid. | | [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.2 | 0.8.2 | 0.9.1 | Unclear if this is still valid. | diff --git a/reports/main/data.csv b/reports/main/data.csv index b1b8ea0..e268a7e 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -1,7 +1,7 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" @@ -19,8 +19,8 @@ https://github.com/NixOS/nixpkgs/pull/275587" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-50268","https://nvd.nist.gov/vuln/detail/CVE-2023-50268","jq","5.5","1.7","1.7.1","1.7.1","jq","2023A0000050268","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-50246","https://nvd.nist.gov/vuln/detail/CVE-2023-50246","jq","5.5","1.7","1.7.1","1.7.1","jq","2023A0000050246","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48795","https://nvd.nist.gov/vuln/detail/CVE-2023-48795","openssh","5.9","9.5p1","9.6p1","9.6p1","openssh","2023A0000048795","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275250 https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 @@ -36,28 +36,14 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.15","1.0.15","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 https://github.com/NixOS/nixpkgs/pull/276798 @@ -71,21 +57,16 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.21.4","1.21.5","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.21.4","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202311","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45236","https://nvd.nist.gov/vuln/detail/CVE-2023-45236","edk2","7.5","202311","202311","202311","edk2","2023A0000045236","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45235","https://nvd.nist.gov/vuln/detail/CVE-2023-45235","edk2","8.8","202311","202311","202311","edk2","2023A0000045235","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" @@ -95,7 +76,7 @@ https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 @@ -111,16 +92,14 @@ https://github.com/NixOS/nixpkgs/pull/276799" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.21.4","1.21.5","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 -https://github.com/NixOS/nixpkgs/pull/272411 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.21.4","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -128,7 +107,7 @@ https://github.com/NixOS/nixpkgs/pull/279903" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -151,42 +130,42 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6918","https://nvd.nist.gov/vuln/detail/CVE-2023-6918","libssh","5.3","0.10.5","0.10.6","0.10.6","libssh","2023A0000006918","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275250 https://github.com/NixOS/nixpkgs/pull/275603 https://github.com/NixOS/nixpkgs/pull/275604" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6873","https://nvd.nist.gov/vuln/detail/CVE-2023-6873","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006873","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6873","https://nvd.nist.gov/vuln/detail/CVE-2023-6873","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006873","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6872","https://nvd.nist.gov/vuln/detail/CVE-2023-6872","firefox","6.5","120.0.1","121.0b9","122.0","firefox","2023A0000006872","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6872","https://nvd.nist.gov/vuln/detail/CVE-2023-6872","firefox","6.5","120.0.1","122.0","122.0","firefox","2023A0000006872","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6871","https://nvd.nist.gov/vuln/detail/CVE-2023-6871","firefox","4.3","120.0.1","121.0b9","122.0","firefox","2023A0000006871","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6871","https://nvd.nist.gov/vuln/detail/CVE-2023-6871","firefox","4.3","120.0.1","122.0","122.0","firefox","2023A0000006871","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6870","https://nvd.nist.gov/vuln/detail/CVE-2023-6870","firefox","4.3","120.0.1","121.0b9","122.0","firefox","2023A0000006870","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6869","https://nvd.nist.gov/vuln/detail/CVE-2023-6869","firefox","6.5","120.0.1","121.0b9","122.0","firefox","2023A0000006869","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6870","https://nvd.nist.gov/vuln/detail/CVE-2023-6870","firefox","4.3","120.0.1","122.0","122.0","firefox","2023A0000006870","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6869","https://nvd.nist.gov/vuln/detail/CVE-2023-6869","firefox","6.5","120.0.1","122.0","122.0","firefox","2023A0000006869","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6868","https://nvd.nist.gov/vuln/detail/CVE-2023-6868","firefox","4.3","120.0.1","121.0b9","122.0","firefox","2023A0000006868","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6867","https://nvd.nist.gov/vuln/detail/CVE-2023-6867","firefox","6.1","120.0.1","121.0b9","122.0","firefox","2023A0000006867","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6868","https://nvd.nist.gov/vuln/detail/CVE-2023-6868","firefox","4.3","120.0.1","122.0","122.0","firefox","2023A0000006868","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6867","https://nvd.nist.gov/vuln/detail/CVE-2023-6867","firefox","6.1","120.0.1","122.0","122.0","firefox","2023A0000006867","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6866","https://nvd.nist.gov/vuln/detail/CVE-2023-6866","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006866","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6866","https://nvd.nist.gov/vuln/detail/CVE-2023-6866","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006866","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6865","https://nvd.nist.gov/vuln/detail/CVE-2023-6865","firefox","6.5","120.0.1","121.0b9","122.0","firefox","2023A0000006865","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6865","https://nvd.nist.gov/vuln/detail/CVE-2023-6865","firefox","6.5","120.0.1","122.0","122.0","firefox","2023A0000006865","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6864","https://nvd.nist.gov/vuln/detail/CVE-2023-6864","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006864","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6864","https://nvd.nist.gov/vuln/detail/CVE-2023-6864","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006864","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6863","https://nvd.nist.gov/vuln/detail/CVE-2023-6863","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006863","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6863","https://nvd.nist.gov/vuln/detail/CVE-2023-6863","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006863","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6861","https://nvd.nist.gov/vuln/detail/CVE-2023-6861","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006861","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6861","https://nvd.nist.gov/vuln/detail/CVE-2023-6861","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6860","https://nvd.nist.gov/vuln/detail/CVE-2023-6860","firefox","6.5","120.0.1","121.0b9","122.0","firefox","2023A0000006860","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6860","https://nvd.nist.gov/vuln/detail/CVE-2023-6860","firefox","6.5","120.0.1","122.0","122.0","firefox","2023A0000006860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6859","https://nvd.nist.gov/vuln/detail/CVE-2023-6859","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006859","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6859","https://nvd.nist.gov/vuln/detail/CVE-2023-6859","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006859","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6858","https://nvd.nist.gov/vuln/detail/CVE-2023-6858","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6858","https://nvd.nist.gov/vuln/detail/CVE-2023-6858","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6857","https://nvd.nist.gov/vuln/detail/CVE-2023-6857","firefox","5.3","120.0.1","121.0b9","122.0","firefox","2023A0000006857","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6856","https://nvd.nist.gov/vuln/detail/CVE-2023-6856","firefox","8.8","120.0.1","121.0b9","122.0","firefox","2023A0000006856","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/283010 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6857","https://nvd.nist.gov/vuln/detail/CVE-2023-6857","firefox","5.3","120.0.1","122.0","122.0","firefox","2023A0000006857","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6856","https://nvd.nist.gov/vuln/detail/CVE-2023-6856","firefox","8.8","120.0.1","122.0","122.0","firefox","2023A0000006856","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6693","https://nvd.nist.gov/vuln/detail/CVE-2023-6693","qemu","5.3","8.1.3","8.2.0","8.2.0","qemu","2023A0000006693","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6683","https://nvd.nist.gov/vuln/detail/CVE-2023-6683","qemu","6.5","8.1.3","8.2.0","8.2.0","qemu","2023A0000006683","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6228","https://nvd.nist.gov/vuln/detail/CVE-2023-6228","libtiff","5.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000006228","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6135","https://nvd.nist.gov/vuln/detail/CVE-2023-6135","firefox","4.3","120.0.1","121.0b9","122.0","firefox","2023A0000006135","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275441 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6135","https://nvd.nist.gov/vuln/detail/CVE-2023-6135","firefox","4.3","120.0.1","122.0","122.0","firefox","2023A0000006135","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275441 https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.0","openssl","2023A0000006129","False","","fix_not_available","" @@ -196,7 +175,7 @@ https://github.com/NixOS/nixpkgs/pull/275603 https://github.com/NixOS/nixpkgs/pull/275604" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.14.0","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/258448 https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 @@ -213,7 +192,7 @@ https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.1.3","8.2.0","8.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.1.3","8.2.0","8.2.0","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.2","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.2","0.21.2","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-889","https://osv.dev/OSV-2023-889","file","","5.45","5.45","5.45","file","2023A0000000889","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.2","1.3.0","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" @@ -221,9 +200,9 @@ https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-390","https://osv.dev/OSV-2023-390","qemu","","8.1.3","8.2.0","8.2.0","qemu","2023A0000000390","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-298","https://osv.dev/OSV-2023-298","cairo","","1.18.0","1.17.13","1.17.13","ruby:cairo","2023A0000000298","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-197","https://osv.dev/OSV-2023-197","p11-kit","","0.25.0","0.25.3","0.25.3","p11-kit","2023A0000000197","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-184","https://osv.dev/OSV-2023-184","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000000184","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-184","https://osv.dev/OSV-2023-184","libraw","","0.21.1","0.21.2","0.21.2","libraw","2023A0000000184","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","7.3.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-90","https://osv.dev/OSV-2023-90","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000000090","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-90","https://osv.dev/OSV-2023-90","libraw","","0.21.1","0.21.2","0.21.2","libraw","2023A0000000090","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-48434","https://nvd.nist.gov/vuln/detail/CVE-2022-48434","ffmpeg","8.1","4.4.4","","","","2022A0000048434","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 @@ -262,14 +241,14 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-26691","https://nvd.nist.gov/vuln/detail/CVE-2022-26691","cups","6.7","2.4.7","","","","2022A0000026691","True","Fixed in nixpkgs with PR: https://github.com/NixOS/nixpkgs/pull/174898.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-26592","https://nvd.nist.gov/vuln/detail/CVE-2022-26592","libsass","8.8","3.6.5","","","","2022A0000026592","True","Pending upstream fix: https://github.com/sass/libsass/issues/3174.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","MAL-2022-4301","https://osv.dev/MAL-2022-4301","libidn2","","2.3.4","","","","2022A0000004301","True","Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 https://gitlab.com/libidn/libidn2.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","120.0.1","121.0b9","122.0","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","120.0.1","122.0","122.0","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-3341","https://nvd.nist.gov/vuln/detail/CVE-2022-3341","ffmpeg","5.3","4.4.4","","","","2022A0000003341","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/c513bd48039a718dabf6d7a829efb6732693c04b.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-3219","https://nvd.nist.gov/vuln/detail/CVE-2022-3219","gnupg","3.3","2.4.1","","","","2022A0000003219","True","Fix patch is not accepted upstream: https://dev.gnupg.org/D556.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-3109","https://nvd.nist.gov/vuln/detail/CVE-2022-3109","ffmpeg","7.5","4.4.4","","","","2022A0000003109","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.70","5.70","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.70","5.71","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.6","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.70","5.70","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.1","0.21.1","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.70","5.71","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.1","0.21.2","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-785","https://osv.dev/OSV-2022-785","dnsmasq","","2.89","2.89","2.89","dnsmasq","2022A0000000785","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-608","https://osv.dev/OSV-2022-608","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000608","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -330,7 +309,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.5","3.6.5","3.6.6","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.11","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-24490","https://nvd.nist.gov/vuln/detail/CVE-2020-24490","bluez","6.5","5.70","","","","2020A0000024490","True","Fixed in linux kernel (5.8) with: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-22628","https://nvd.nist.gov/vuln/detail/CVE-2020-22628","libraw","6.5","0.21.1","0.21.1","0.21.2","libraw","2020A0000022628","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-22628","https://nvd.nist.gov/vuln/detail/CVE-2020-22628","libraw","6.5","0.21.1","0.21.2","0.21.2","libraw","2020A0000022628","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-18781","https://nvd.nist.gov/vuln/detail/CVE-2020-18781","audiofile","5.5","0.3.6","0.3.6","0.3.6","audiofile","2020A0000018781","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.33","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.44","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" @@ -367,25 +346,25 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-5443","https://nvd.nist.gov/vuln/detail/CVE-2019-5443","curl","7.8","0.4.44","","","","2019A0000005443","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-18438","https://nvd.nist.gov/vuln/detail/CVE-2018-18438","qemu","5.5","8.1.3","","","","2018A0000018438","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-13162","https://nvd.nist.gov/vuln/detail/CVE-2018-13162","alex","7.5","3.3.0.0","3.3.0.0","3.5.0.0","alex","2018A0000013162","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","120.0.1","121.0b9","122.0","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","120.0.1","121.0b9","122.0","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","120.0.1","122.0","122.0","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","120.0.1","122.0","122.0","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.3","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.3","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5436","https://nvd.nist.gov/vuln/detail/CVE-2017-5436","graphite2","8.8","1.3.14","","","","2017A0000005436","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10141","https://nvd.nist.gov/vuln/detail/CVE-2016-10141","mujs","9.8","1.3.3","","","","2016A0000010141","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10133","https://nvd.nist.gov/vuln/detail/CVE-2016-10133","mujs","9.8","1.3.3","","","","2016A0000010133","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10132","https://nvd.nist.gov/vuln/detail/CVE-2016-10132","mujs","7.5","1.3.3","","","","2016A0000010132","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9294","https://nvd.nist.gov/vuln/detail/CVE-2016-9294","mujs","7.5","1.3.3","","","","2016A0000009294","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9136","https://nvd.nist.gov/vuln/detail/CVE-2016-9136","mujs","7.5","1.3.3","","","","2016A0000009136","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9109","https://nvd.nist.gov/vuln/detail/CVE-2016-9109","mujs","7.5","1.3.3","","","","2016A0000009109","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -393,38 +372,38 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9017","https://nvd.nist.gov/vuln/detail/CVE-2016-9017","mujs","7.5","1.3.3","","","","2016A0000009017","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7564","https://nvd.nist.gov/vuln/detail/CVE-2016-7564","mujs","7.5","1.3.3","","","","2016A0000007564","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7563","https://nvd.nist.gov/vuln/detail/CVE-2016-7563","mujs","7.5","1.3.3","","","","2016A0000007563","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7506","https://nvd.nist.gov/vuln/detail/CVE-2016-7506","mujs","7.5","1.3.3","","","","2016A0000007506","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7504","https://nvd.nist.gov/vuln/detail/CVE-2016-7504","mujs","9.8","1.3.3","","","","2016A0000007504","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","120.0.1","121.0b9","122.0","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","120.0.1","121.0b9","122.0","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","120.0.1","122.0","122.0","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","120.0.1","122.0","122.0","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-6131","https://nvd.nist.gov/vuln/detail/CVE-2016-6131","libiberty","7.5","12.3.0","","","","2016A0000006131","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-4493","https://nvd.nist.gov/vuln/detail/CVE-2016-4493","libiberty","5.5","12.3.0","","","","2016A0000004493","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-4492","https://nvd.nist.gov/vuln/detail/CVE-2016-4492","libiberty","4.4","12.3.0","","","","2016A0000004492","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-4491","https://nvd.nist.gov/vuln/detail/CVE-2016-4491","libiberty","5.5","12.3.0","","","","2016A0000004491","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -435,90 +414,89 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-2781","https://nvd.nist.gov/vuln/detail/CVE-2016-2781","coreutils","6.5","9.3","","","","2016A0000002781","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-2226","https://nvd.nist.gov/vuln/detail/CVE-2016-2226","libiberty","7.8","12.3.0","","","","2016A0000002226","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2015-7313","https://nvd.nist.gov/vuln/detail/CVE-2015-7313","libtiff","5.5","4.6.0","","","","2015A0000007313","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9157","https://nvd.nist.gov/vuln/detail/CVE-2014-9157","graphviz","","9.0.0","","","","2014A0000009157","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","120.0.1","121.0b9","122.0","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","120.0.1","122.0","122.0","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202311","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202311","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","120.0.1","121.0b9","122.0","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","120.0.1","121.0b9","122.0","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","120.0.1","122.0","122.0","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","120.0.1","122.0","122.0","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.3.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","120.0.1","121.0b9","122.0","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","120.0.1","121.0b9","122.0","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","120.0.1","122.0","122.0","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","120.0.1","122.0","122.0","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","120.0.1","121.0b9","122.0","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","120.0.1","121.0b9","122.0","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","120.0.1","121.0b9","122.0","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","120.0.1","121.0b9","122.0","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-2409","https://nvd.nist.gov/vuln/detail/CVE-2009-2409","firefox","","120.0.1","121.0b9","122.0","firefox","2009A0000002409","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","120.0.1","121.0b9","122.0","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","120.0.1","121.0b9","122.0","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","120.0.1","121.0b9","122.0","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","120.0.1","121.0b9","122.0","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","120.0.1","121.0b9","122.0","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","120.0.1","121.0b9","122.0","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","120.0.1","121.0b9","122.0","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","120.0.1","121.0b9","122.0","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-21","7.1.1-25","7.1.1.27","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","120.0.1","121.0b9","122.0","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","120.0.1","121.0b9","122.0","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","120.0.1","122.0","122.0","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","120.0.1","122.0","122.0","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","120.0.1","122.0","122.0","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","120.0.1","122.0","122.0","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-2409","https://nvd.nist.gov/vuln/detail/CVE-2009-2409","firefox","","120.0.1","122.0","122.0","firefox","2009A0000002409","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","120.0.1","122.0","122.0","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","120.0.1","122.0","122.0","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","120.0.1","122.0","122.0","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","120.0.1","122.0","122.0","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","120.0.1","122.0","122.0","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","120.0.1","122.0","122.0","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","120.0.1","122.0","122.0","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","120.0.1","122.0","122.0","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-21","7.1.1-26","7.1.1.27","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","120.0.1","122.0","122.0","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","120.0.1","122.0","122.0","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.5","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","6.0","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202311","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" @@ -530,7 +508,7 @@ https://github.com/NixOS/nixpkgs/pull/283888" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 @@ -541,13 +519,13 @@ https://github.com/NixOS/nixpkgs/pull/278073" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -555,7 +533,7 @@ https://github.com/NixOS/nixpkgs/pull/278073" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -583,7 +561,7 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000006129","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.14.0","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/258448 https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 @@ -600,7 +578,7 @@ https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.1.3","8.2.0","8.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.1.3","8.2.0","8.2.0","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.2","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.2","0.21.2","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-889","https://osv.dev/OSV-2023-889","file","","5.45","5.45","5.45","file","2023A0000000889","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.2","1.3.0","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" @@ -608,9 +586,9 @@ https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-390","https://osv.dev/OSV-2023-390","qemu","","8.1.3","8.2.0","8.2.0","qemu","2023A0000000390","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-298","https://osv.dev/OSV-2023-298","cairo","","1.18.0","1.17.13","1.17.13","ruby:cairo","2023A0000000298","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-197","https://osv.dev/OSV-2023-197","p11-kit","","0.25.0","0.25.3","0.25.3","p11-kit","2023A0000000197","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-184","https://osv.dev/OSV-2023-184","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000000184","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-184","https://osv.dev/OSV-2023-184","libraw","","0.21.1","0.21.2","0.21.2","libraw","2023A0000000184","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","7.3.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-90","https://osv.dev/OSV-2023-90","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000000090","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-90","https://osv.dev/OSV-2023-90","libraw","","0.21.1","0.21.2","0.21.2","libraw","2023A0000000090","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-48434","https://nvd.nist.gov/vuln/detail/CVE-2022-48434","ffmpeg","8.1","4.4.4","","","","2022A0000048434","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 @@ -648,14 +626,14 @@ https://github.com/NixOS/nixpkgs/pull/180021" https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-26691","https://nvd.nist.gov/vuln/detail/CVE-2022-26691","cups","6.7","2.4.7","","","","2022A0000026691","True","Fixed in nixpkgs with PR: https://github.com/NixOS/nixpkgs/pull/174898.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","MAL-2022-4301","https://osv.dev/MAL-2022-4301","libidn2","","2.3.4","","","","2022A0000004301","True","Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 https://gitlab.com/libidn/libidn2.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","121.0.1","121.0b9","122.0","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","121.0.1","122.0","122.0","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-3341","https://nvd.nist.gov/vuln/detail/CVE-2022-3341","ffmpeg","5.3","4.4.4","","","","2022A0000003341","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/c513bd48039a718dabf6d7a829efb6732693c04b.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-3219","https://nvd.nist.gov/vuln/detail/CVE-2022-3219","gnupg","3.3","2.4.1","","","","2022A0000003219","True","Fix patch is not accepted upstream: https://dev.gnupg.org/D556.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-3109","https://nvd.nist.gov/vuln/detail/CVE-2022-3109","ffmpeg","7.5","4.4.4","","","","2022A0000003109","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.70","5.70","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.70","5.71","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.6","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.70","5.70","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.1","0.21.1","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.70","5.71","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.1","0.21.2","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-785","https://osv.dev/OSV-2022-785","dnsmasq","","2.89","2.89","2.89","dnsmasq","2022A0000000785","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-608","https://osv.dev/OSV-2022-608","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000608","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -716,7 +694,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.5","3.6.5","3.6.6","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.11","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-24490","https://nvd.nist.gov/vuln/detail/CVE-2020-24490","bluez","6.5","5.70","","","","2020A0000024490","True","Fixed in linux kernel (5.8) with: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-22628","https://nvd.nist.gov/vuln/detail/CVE-2020-22628","libraw","6.5","0.21.1","0.21.1","0.21.2","libraw","2020A0000022628","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-22628","https://nvd.nist.gov/vuln/detail/CVE-2020-22628","libraw","6.5","0.21.1","0.21.2","0.21.2","libraw","2020A0000022628","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-18781","https://nvd.nist.gov/vuln/detail/CVE-2020-18781","audiofile","5.5","0.3.6","0.3.6","0.3.6","audiofile","2020A0000018781","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.33","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.44","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" @@ -753,25 +731,25 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2019-5443","https://nvd.nist.gov/vuln/detail/CVE-2019-5443","curl","7.8","0.4.44","","","","2019A0000005443","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-18438","https://nvd.nist.gov/vuln/detail/CVE-2018-18438","qemu","5.5","8.1.3","","","","2018A0000018438","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-13162","https://nvd.nist.gov/vuln/detail/CVE-2018-13162","alex","7.5","3.3.0.0","3.3.0.0","3.5.0.0","alex","2018A0000013162","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","121.0.1","121.0b9","122.0","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","121.0.1","121.0b9","122.0","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","121.0.1","122.0","122.0","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","121.0.1","122.0","122.0","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.3","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.3","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5436","https://nvd.nist.gov/vuln/detail/CVE-2017-5436","graphite2","8.8","1.3.14","","","","2017A0000005436","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10141","https://nvd.nist.gov/vuln/detail/CVE-2016-10141","mujs","9.8","1.3.3","","","","2016A0000010141","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10133","https://nvd.nist.gov/vuln/detail/CVE-2016-10133","mujs","9.8","1.3.3","","","","2016A0000010133","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10132","https://nvd.nist.gov/vuln/detail/CVE-2016-10132","mujs","7.5","1.3.3","","","","2016A0000010132","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9294","https://nvd.nist.gov/vuln/detail/CVE-2016-9294","mujs","7.5","1.3.3","","","","2016A0000009294","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9136","https://nvd.nist.gov/vuln/detail/CVE-2016-9136","mujs","7.5","1.3.3","","","","2016A0000009136","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9109","https://nvd.nist.gov/vuln/detail/CVE-2016-9109","mujs","7.5","1.3.3","","","","2016A0000009109","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -779,38 +757,38 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9017","https://nvd.nist.gov/vuln/detail/CVE-2016-9017","mujs","7.5","1.3.3","","","","2016A0000009017","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7564","https://nvd.nist.gov/vuln/detail/CVE-2016-7564","mujs","7.5","1.3.3","","","","2016A0000007564","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7563","https://nvd.nist.gov/vuln/detail/CVE-2016-7563","mujs","7.5","1.3.3","","","","2016A0000007563","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7506","https://nvd.nist.gov/vuln/detail/CVE-2016-7506","mujs","7.5","1.3.3","","","","2016A0000007506","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7504","https://nvd.nist.gov/vuln/detail/CVE-2016-7504","mujs","9.8","1.3.3","","","","2016A0000007504","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","121.0.1","121.0b9","122.0","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","121.0.1","121.0b9","122.0","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","121.0.1","122.0","122.0","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","121.0.1","122.0","122.0","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-6131","https://nvd.nist.gov/vuln/detail/CVE-2016-6131","libiberty","7.5","12.3.0","","","","2016A0000006131","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4493","https://nvd.nist.gov/vuln/detail/CVE-2016-4493","libiberty","5.5","12.3.0","","","","2016A0000004493","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4492","https://nvd.nist.gov/vuln/detail/CVE-2016-4492","libiberty","4.4","12.3.0","","","","2016A0000004492","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4491","https://nvd.nist.gov/vuln/detail/CVE-2016-4491","libiberty","5.5","12.3.0","","","","2016A0000004491","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -821,84 +799,77 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-2781","https://nvd.nist.gov/vuln/detail/CVE-2016-2781","coreutils","6.5","9.3","","","","2016A0000002781","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-2226","https://nvd.nist.gov/vuln/detail/CVE-2016-2226","libiberty","7.8","12.3.0","","","","2016A0000002226","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-7313","https://nvd.nist.gov/vuln/detail/CVE-2015-7313","libtiff","5.5","4.6.0","","","","2015A0000007313","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9157","https://nvd.nist.gov/vuln/detail/CVE-2014-9157","graphviz","","9.0.0","","","","2014A0000009157","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","121.0.1","121.0b9","122.0","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","121.0.1","122.0","122.0","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202311","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202311","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","121.0.1","121.0b9","122.0","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","121.0.1","121.0b9","122.0","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","121.0.1","122.0","122.0","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","121.0.1","122.0","122.0","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.3.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","121.0.1","121.0b9","122.0","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","121.0.1","121.0b9","122.0","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","121.0.1","122.0","122.0","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","121.0.1","122.0","122.0","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-2409","https://nvd.nist.gov/vuln/detail/CVE-2009-2409","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000002409","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","121.0.1","121.0b9","122.0","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","121.0.1","121.0b9","122.0","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 -https://github.com/NixOS/nixpkgs/pull/281775" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 -https://github.com/NixOS/nixpkgs/pull/281775" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","121.0.1","122.0","122.0","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","121.0.1","122.0","122.0","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","121.0.1","122.0","122.0","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","121.0.1","122.0","122.0","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-2409","https://nvd.nist.gov/vuln/detail/CVE-2009-2409","firefox","","121.0.1","122.0","122.0","firefox","2009A0000002409","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","121.0.1","122.0","122.0","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","121.0.1","122.0","122.0","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","121.0.1","122.0","122.0","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","121.0.1","122.0","122.0","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","121.0.1","122.0","122.0","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","121.0.1","122.0","122.0","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","121.0.1","122.0","122.0","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","121.0.1","122.0","122.0","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-25","7.1.1-26","7.1.1.27","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","121.0.1","122.0","122.0","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","121.0.1","122.0","122.0","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.6","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.1","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" @@ -911,7 +882,7 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 @@ -922,14 +893,14 @@ https://github.com/NixOS/nixpkgs/pull/278073" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.43.0","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -957,7 +928,7 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000006129","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269450" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.14.0","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/258448 https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 @@ -972,9 +943,10 @@ https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-3603","https://nvd.nist.gov/vuln/detail/CVE-2023-3603","libssh","6.5","0.10.6","","","","2023A0000003603","True","Based on https://security-tracker.debian.org/tracker/CVE-2023-3603 and https://bugzilla.redhat.com/show_bug.cgi?id=2221791, vulnerable code is not present in 0.10.5 or any currently released version.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.2.0","8.2.0","8.2.0","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.2.0","8.2.0","8.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-1729","https://nvd.nist.gov/vuln/detail/CVE-2023-1729","libraw","6.5","0.21.2","0.21.2","0.21.2","libraw","2023A0000001729","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/248729 +https://github.com/NixOS/nixpkgs/pull/250363" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.2.0","8.2.0","8.2.0","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.3.0","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-889","https://osv.dev/OSV-2023-889","file","","5.45","5.45","5.45","file","2023A0000000889","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.3.0","1.3.0","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" @@ -982,9 +954,7 @@ https://github.com/NixOS/nixpkgs/pull/262808" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-390","https://osv.dev/OSV-2023-390","qemu","","8.2.0","8.2.0","8.2.0","qemu","2023A0000000390","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-298","https://osv.dev/OSV-2023-298","cairo","","1.18.0","1.17.13","1.17.13","ruby:cairo","2023A0000000298","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-197","https://osv.dev/OSV-2023-197","p11-kit","","0.25.3","0.25.3","0.25.3","p11-kit","2023A0000000197","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-184","https://osv.dev/OSV-2023-184","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000000184","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","7.3.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-90","https://osv.dev/OSV-2023-90","libraw","","0.21.1","0.21.1","0.21.2","libraw","2023A0000000090","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-48434","https://nvd.nist.gov/vuln/detail/CVE-2022-48434","ffmpeg","8.1","4.4.4","","","","2022A0000048434","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 @@ -1008,28 +978,27 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-36765","https://nvd.nist.gov/vuln/detail/CVE-2022-36765","edk2","7.8","202311","202311","202311","edk2","2022A0000036765","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-36764","https://nvd.nist.gov/vuln/detail/CVE-2022-36764","edk2","7.8","202311","202311","202311","edk2","2022A0000036764","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-36763","https://nvd.nist.gov/vuln/detail/CVE-2022-36763","edk2","7.8","202311","202311","202311","edk2","2022A0000036763","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-36073","https://nvd.nist.gov/vuln/detail/CVE-2022-36073","rubygems","8.8","3.5.3","","","","2022A0000036073","True","Latest impacted version in 3.x is 3.0.4.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-36073","https://nvd.nist.gov/vuln/detail/CVE-2022-36073","rubygems","8.8","3.5.5","","","","2022A0000036073","True","Latest impacted version in 3.x is 3.0.4.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-35252","https://nvd.nist.gov/vuln/detail/CVE-2022-35252","curl","3.7","0.4.44","","","","2022A0000035252","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/189083 https://github.com/NixOS/nixpkgs/pull/198730" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-32221","https://nvd.nist.gov/vuln/detail/CVE-2022-32221","curl","9.8","0.4.44","","","","2022A0000032221","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/198730" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-32206","https://nvd.nist.gov/vuln/detail/CVE-2022-32206","curl","6.5","0.4.44","","","","2022A0000032206","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/179314 https://github.com/NixOS/nixpkgs/pull/180021" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-30947","https://nvd.nist.gov/vuln/detail/CVE-2022-30947","git","7.5","2.43.0","","","","2022A0000030947","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-28321","https://nvd.nist.gov/vuln/detail/CVE-2022-28321","linux-pam","9.8","1.5.2","","","","2022A0000028321","True","Only impacts SUSE-specific patch version. Notice: repology package name is pam: https://repology.org/project/pam/versions.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-27782","https://nvd.nist.gov/vuln/detail/CVE-2022-27782","curl","7.5","0.4.44","","","","2022A0000027782","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-27781","https://nvd.nist.gov/vuln/detail/CVE-2022-27781","curl","7.5","0.4.44","","","","2022A0000027781","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-27776","https://nvd.nist.gov/vuln/detail/CVE-2022-27776","curl","6.5","0.4.44","","","","2022A0000027776","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/170654 https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-26691","https://nvd.nist.gov/vuln/detail/CVE-2022-26691","cups","6.7","2.4.7","","","","2022A0000026691","True","Fixed in nixpkgs with PR: https://github.com/NixOS/nixpkgs/pull/174898.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","MAL-2022-4301","https://osv.dev/MAL-2022-4301","libidn2","","2.3.4","","","","2022A0000004301","True","Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 https://gitlab.com/libidn/libidn2.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","121.0.1","121.0b9","122.0","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","122.0","122.0","122.0","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-3341","https://nvd.nist.gov/vuln/detail/CVE-2022-3341","ffmpeg","5.3","4.4.4","","","","2022A0000003341","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/c513bd48039a718dabf6d7a829efb6732693c04b.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-3219","https://nvd.nist.gov/vuln/detail/CVE-2022-3219","gnupg","3.3","2.4.1","","","","2022A0000003219","True","Fix patch is not accepted upstream: https://dev.gnupg.org/D556.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-3219","https://nvd.nist.gov/vuln/detail/CVE-2022-3219","gnupg","3.3","2.4.3","","","","2022A0000003219","True","Fix patch is not accepted upstream: https://dev.gnupg.org/D556.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-3109","https://nvd.nist.gov/vuln/detail/CVE-2022-3109","ffmpeg","7.5","4.4.4","","","","2022A0000003109","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.70","5.70","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.71","5.71","5.72","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.6","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.70","5.70","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.1","0.21.1","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.71","5.71","5.72","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.2","0.21.2","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-785","https://osv.dev/OSV-2022-785","dnsmasq","","2.89","2.89","2.89","dnsmasq","2022A0000000785","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-608","https://osv.dev/OSV-2022-608","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000608","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -1064,17 +1033,17 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-33454","https://nvd.nist.gov/vuln/detail/CVE-2021-33454","yasm","5.5","1.3.0","","","","2021A0000033454","True","Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-28794","https://nvd.nist.gov/vuln/detail/CVE-2021-28794","ShellCheck","9.8","0.9.0-r2.cabal","0.9.0","0.9.0","shellcheck","2021A0000028794","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-28794","https://nvd.nist.gov/vuln/detail/CVE-2021-28794","ShellCheck","9.8","0.9.0","0.9.0","0.9.0","shellcheck","2021A0000028794","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-26945","https://nvd.nist.gov/vuln/detail/CVE-2021-26945","openexr","5.5","2.5.8","","","","2021A0000026945","True","Fix patch https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-26945","https://nvd.nist.gov/vuln/detail/CVE-2021-26945","openexr","5.5","2.5.10","","","","2021A0000026945","True","Fix patch https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-26720","https://nvd.nist.gov/vuln/detail/CVE-2021-26720","avahi","7.8","0.8","","","","2021A0000026720","True","False positive: issue refers avahi-daemon-check-dns.sh in the Debian avahi package. As such, the issue is specific to Debian and its derivatives.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-26260","https://nvd.nist.gov/vuln/detail/CVE-2021-26260","openexr","5.5","2.5.8","","","","2021A0000026260","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-23215","https://nvd.nist.gov/vuln/detail/CVE-2021-23215","openexr","5.5","2.5.8","","","","2021A0000023215","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-23169","https://nvd.nist.gov/vuln/detail/CVE-2021-23169","openexr","8.8","2.5.8","","","","2021A0000023169","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-26260","https://nvd.nist.gov/vuln/detail/CVE-2021-26260","openexr","5.5","2.5.10","","","","2021A0000026260","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-23215","https://nvd.nist.gov/vuln/detail/CVE-2021-23215","openexr","5.5","2.5.10","","","","2021A0000023215","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-23169","https://nvd.nist.gov/vuln/detail/CVE-2021-23169","openexr","8.8","2.5.10","","","","2021A0000023169","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-21684","https://nvd.nist.gov/vuln/detail/CVE-2021-21684","git","6.1","2.43.0","","","","2021A0000021684","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-20255","https://nvd.nist.gov/vuln/detail/CVE-2021-20255","qemu","5.5","8.2.0","","","","2021A0000020255","True","Upstream patch not merged: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html. No point fixing this in nixpkgs as long as it is not fixed upstream.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-4336","https://nvd.nist.gov/vuln/detail/CVE-2021-4336","ninja","9.8","1.11.1","","","","2021A0000004336","True","Incorrect package: nixpkgs 'ninja' refers https://github.com/ninja-build/ninja, not https://github.com/ITRS-Group/monitor-ninja.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-4217","https://nvd.nist.gov/vuln/detail/CVE-2021-4217","unzip","3.3","6.0","","","","2021A0000004217","True","Ignored by other distribution as 'no security impact', e.g. Debian: https://security-tracker.debian.org/tracker/CVE-2021-4217.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-3605","https://nvd.nist.gov/vuln/detail/CVE-2021-3605","openexr","5.5","2.5.8","","","","2021A0000003605","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.8","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-3605","https://nvd.nist.gov/vuln/detail/CVE-2021-3605","openexr","5.5","2.5.10","","","","2021A0000003605","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.10","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-1157","https://osv.dev/OSV-2021-1157","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001157","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-1141","https://osv.dev/OSV-2021-1141","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001141","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-1110","https://osv.dev/OSV-2021-1110","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001110","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -1087,8 +1056,8 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.17.6","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.5","3.6.5","3.6.6","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.11","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-24490","https://nvd.nist.gov/vuln/detail/CVE-2020-24490","bluez","6.5","5.70","","","","2020A0000024490","True","Fixed in linux kernel (5.8) with: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-22628","https://nvd.nist.gov/vuln/detail/CVE-2020-22628","libraw","6.5","0.21.1","0.21.1","0.21.2","libraw","2020A0000022628","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-24490","https://nvd.nist.gov/vuln/detail/CVE-2020-24490","bluez","6.5","5.71","","","","2020A0000024490","True","Fixed in linux kernel (5.8) with: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-22628","https://nvd.nist.gov/vuln/detail/CVE-2020-22628","libraw","6.5","0.21.2","0.21.2","0.21.2","libraw","2020A0000022628","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-18781","https://nvd.nist.gov/vuln/detail/CVE-2020-18781","audiofile","5.5","0.3.6","0.3.6","0.3.6","audiofile","2020A0000018781","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.35","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.33","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" @@ -1096,7 +1065,6 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.15.2","1.15.2","1.17.6","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.43.0","2.43.0","2.43.0","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-1610","https://osv.dev/OSV-2020-1610","openexr","","2.5.8","3.2.1","3.2.1","openexr","2020A0000001610","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-1420","https://osv.dev/OSV-2020-1420","libsass","","3.6.5","3.6.5","3.6.6","libsass","2020A0000001420","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-862","https://osv.dev/OSV-2020-862","libsass","","3.6.5","3.6.5","3.6.6","libsass","2020A0000000862","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-438","https://osv.dev/OSV-2020-438","capstone","","4.0.2","4.0.2","5.0.1","capstone","2020A0000000438","False","","err_not_vulnerable_based_on_repology","" @@ -1125,25 +1093,25 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2019-5443","https://nvd.nist.gov/vuln/detail/CVE-2019-5443","curl","7.8","0.4.44","","","","2019A0000005443","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-18438","https://nvd.nist.gov/vuln/detail/CVE-2018-18438","qemu","5.5","8.2.0","","","","2018A0000018438","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-13162","https://nvd.nist.gov/vuln/detail/CVE-2018-13162","alex","7.5","3.3.0.0","3.3.0.0","3.5.0.0","alex","2018A0000013162","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","121.0.1","121.0b9","122.0","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","121.0.1","121.0b9","122.0","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","122.0","122.0","122.0","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","122.0","122.0","122.0","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.4","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.4","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5436","https://nvd.nist.gov/vuln/detail/CVE-2017-5436","graphite2","8.8","1.3.14","","","","2017A0000005436","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10141","https://nvd.nist.gov/vuln/detail/CVE-2016-10141","mujs","9.8","1.3.4","","","","2016A0000010141","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10133","https://nvd.nist.gov/vuln/detail/CVE-2016-10133","mujs","9.8","1.3.4","","","","2016A0000010133","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10132","https://nvd.nist.gov/vuln/detail/CVE-2016-10132","mujs","7.5","1.3.4","","","","2016A0000010132","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-9294","https://nvd.nist.gov/vuln/detail/CVE-2016-9294","mujs","7.5","1.3.4","","","","2016A0000009294","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-9136","https://nvd.nist.gov/vuln/detail/CVE-2016-9136","mujs","7.5","1.3.4","","","","2016A0000009136","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-9109","https://nvd.nist.gov/vuln/detail/CVE-2016-9109","mujs","7.5","1.3.4","","","","2016A0000009109","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -1151,38 +1119,38 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-9017","https://nvd.nist.gov/vuln/detail/CVE-2016-9017","mujs","7.5","1.3.4","","","","2016A0000009017","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7564","https://nvd.nist.gov/vuln/detail/CVE-2016-7564","mujs","7.5","1.3.4","","","","2016A0000007564","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7563","https://nvd.nist.gov/vuln/detail/CVE-2016-7563","mujs","7.5","1.3.4","","","","2016A0000007563","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7506","https://nvd.nist.gov/vuln/detail/CVE-2016-7506","mujs","7.5","1.3.4","","","","2016A0000007506","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7504","https://nvd.nist.gov/vuln/detail/CVE-2016-7504","mujs","9.8","1.3.4","","","","2016A0000007504","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","121.0.1","121.0b9","122.0","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","121.0.1","121.0b9","122.0","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","122.0","122.0","122.0","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","122.0","122.0","122.0","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-6131","https://nvd.nist.gov/vuln/detail/CVE-2016-6131","libiberty","7.5","13.2.0","","","","2016A0000006131","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-4493","https://nvd.nist.gov/vuln/detail/CVE-2016-4493","libiberty","5.5","13.2.0","","","","2016A0000004493","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-4492","https://nvd.nist.gov/vuln/detail/CVE-2016-4492","libiberty","4.4","13.2.0","","","","2016A0000004492","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-4491","https://nvd.nist.gov/vuln/detail/CVE-2016-4491","libiberty","5.5","13.2.0","","","","2016A0000004491","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -1193,68 +1161,68 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-2781","https://nvd.nist.gov/vuln/detail/CVE-2016-2781","coreutils","6.5","9.4","","","","2016A0000002781","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2016-2226","https://nvd.nist.gov/vuln/detail/CVE-2016-2226","libiberty","7.8","13.2.0","","","","2016A0000002226","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2015-7313","https://nvd.nist.gov/vuln/detail/CVE-2015-7313","libtiff","5.5","4.6.0","","","","2015A0000007313","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-9157","https://nvd.nist.gov/vuln/detail/CVE-2014-9157","graphviz","","9.0.0","","","","2014A0000009157","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","121.0.1","121.0b9","122.0","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","122.0","122.0","122.0","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202311","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202311","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","121.0.1","121.0b9","122.0","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","121.0.1","121.0b9","122.0","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","122.0","122.0","122.0","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","122.0","122.0","122.0","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","13.2.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","121.0.1","121.0b9","122.0","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","121.0.1","121.0b9","122.0","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","122.0","122.0","122.0","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","122.0","122.0","122.0","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-2409","https://nvd.nist.gov/vuln/detail/CVE-2009-2409","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000002409","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","121.0.1","121.0b9","122.0","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","121.0.1","121.0b9","122.0","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-25","7.1.1-25","7.1.1.27","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","121.0.1","121.0b9","122.0","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","121.0.1","121.0b9","122.0","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","122.0","122.0","122.0","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","122.0","122.0","122.0","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","122.0","122.0","122.0","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","122.0","122.0","122.0","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-2409","https://nvd.nist.gov/vuln/detail/CVE-2009-2409","firefox","","122.0","122.0","122.0","firefox","2009A0000002409","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","122.0","122.0","122.0","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","122.0","122.0","122.0","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","122.0","122.0","122.0","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","122.0","122.0","122.0","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","122.0","122.0","122.0","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","122.0","122.0","122.0","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","122.0","122.0","122.0","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","122.0","122.0","122.0","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-26","7.1.1-26","7.1.1.27","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","122.0","122.0","122.0","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","122.0","122.0","122.0","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" @@ -1281,41 +1249,24 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47100","https://nvd.nist.gov/vuln/detail/CVE-2023-47100","perl","9.8","5.38.0","5.38.2","5.38.2","perl","2023A0000047100","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269996 https://github.com/NixOS/nixpkgs/pull/271223" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.1.0050","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 -https://github.com/NixOS/nixpkgs/pull/271373 -https://github.com/NixOS/nixpkgs/pull/276595" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0059","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" @@ -1324,7 +1275,7 @@ https://github.com/NixOS/nixpkgs/pull/283888" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -1447,23 +1398,22 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9157","https://nvd.nist.gov/vuln/detail/CVE-2014-9157","graphviz","","9.0.0","","","","2014A0000009157","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.3.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.3","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.5","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0059","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.5.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.12.3-unstable-2023-12-14","2.12.4","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 -https://github.com/NixOS/nixpkgs/pull/280837 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" @@ -1472,7 +1422,7 @@ https://github.com/NixOS/nixpkgs/pull/283888" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -1595,17 +1545,10 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9157","https://nvd.nist.gov/vuln/detail/CVE-2014-9157","graphviz","","9.0.0","","","","2014A0000009157","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.3.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000567","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 -https://github.com/NixOS/nixpkgs/pull/281775" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0553","https://nvd.nist.gov/vuln/detail/CVE-2024-0553","gnutls","7.5","3.8.2","3.8.2","3.8.3","gnutls","2024A0000000553","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/281471 -https://github.com/NixOS/nixpkgs/pull/281775" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.1.0050","vim","2023A0000048706","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083 https://github.com/NixOS/nixpkgs/pull/283179" @@ -1615,7 +1558,7 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.43.0","0.43.0","0.43.0","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -1662,9 +1605,8 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-36883","https://nvd.nist.gov/vuln/detail/CVE-2022-36883","git","7.5","2.43.0","","","","2022A0000036883","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-36882","https://nvd.nist.gov/vuln/detail/CVE-2022-36882","git","8.8","2.43.0","","","","2022A0000036882","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-30947","https://nvd.nist.gov/vuln/detail/CVE-2022-30947","git","7.5","2.43.0","","","","2022A0000030947","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-28321","https://nvd.nist.gov/vuln/detail/CVE-2022-28321","linux-pam","9.8","1.5.2","","","","2022A0000028321","True","Only impacts SUSE-specific patch version. Notice: repology package name is pam: https://repology.org/project/pam/versions.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","MAL-2022-4301","https://osv.dev/MAL-2022-4301","libidn2","","2.3.4","","","","2022A0000004301","True","Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 https://gitlab.com/libidn/libidn2.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-3219","https://nvd.nist.gov/vuln/detail/CVE-2022-3219","gnupg","3.3","2.4.1","","","","2022A0000003219","True","Fix patch is not accepted upstream: https://dev.gnupg.org/D556.","err_missing_repology_version","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-3219","https://nvd.nist.gov/vuln/detail/CVE-2022-3219","gnupg","3.3","2.4.3","","","","2022A0000003219","True","Fix patch is not accepted upstream: https://dev.gnupg.org/D556.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-608","https://osv.dev/OSV-2022-608","libjxl","","0.8.2","0.8.2","0.9.1","libjxl","2022A0000000608","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-581","https://osv.dev/OSV-2022-581","qemu","","8.2.0","8.2.0","8.2.0","qemu","2022A0000000581","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -1688,21 +1630,14 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-33454","https://nvd.nist.gov/vuln/detail/CVE-2021-33454","yasm","5.5","1.3.0","","","","2021A0000033454","True","Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-28794","https://nvd.nist.gov/vuln/detail/CVE-2021-28794","ShellCheck","9.8","0.9.0-r2.cabal","0.9.0","0.9.0","shellcheck","2021A0000028794","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-28794","https://nvd.nist.gov/vuln/detail/CVE-2021-28794","ShellCheck","9.8","0.9.0","0.9.0","0.9.0","shellcheck","2021A0000028794","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-26945","https://nvd.nist.gov/vuln/detail/CVE-2021-26945","openexr","5.5","2.5.8","","","","2021A0000026945","True","Fix patch https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-26260","https://nvd.nist.gov/vuln/detail/CVE-2021-26260","openexr","5.5","2.5.8","","","","2021A0000026260","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-23215","https://nvd.nist.gov/vuln/detail/CVE-2021-23215","openexr","5.5","2.5.8","","","","2021A0000023215","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-23169","https://nvd.nist.gov/vuln/detail/CVE-2021-23169","openexr","8.8","2.5.8","","","","2021A0000023169","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-21684","https://nvd.nist.gov/vuln/detail/CVE-2021-21684","git","6.1","2.43.0","","","","2021A0000021684","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-20255","https://nvd.nist.gov/vuln/detail/CVE-2021-20255","qemu","5.5","8.2.0","","","","2021A0000020255","True","Upstream patch not merged: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html. No point fixing this in nixpkgs as long as it is not fixed upstream.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-4336","https://nvd.nist.gov/vuln/detail/CVE-2021-4336","ninja","9.8","1.11.1","","","","2021A0000004336","True","Incorrect package: nixpkgs 'ninja' refers https://github.com/ninja-build/ninja, not https://github.com/ITRS-Group/monitor-ninja.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-4217","https://nvd.nist.gov/vuln/detail/CVE-2021-4217","unzip","3.3","6.0","","","","2021A0000004217","True","Ignored by other distribution as 'no security impact', e.g. Debian: https://security-tracker.debian.org/tracker/CVE-2021-4217.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-3605","https://nvd.nist.gov/vuln/detail/CVE-2021-3605","openexr","5.5","2.5.8","","","","2021A0000003605","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.8","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-820","https://osv.dev/OSV-2021-820","qemu","","8.2.0","","","","2021A0000000820","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.35","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.43.0","2.43.0","2.43.0","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-1610","https://osv.dev/OSV-2020-1610","openexr","","2.5.8","3.2.1","3.2.1","openexr","2020A0000001610","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-438","https://osv.dev/OSV-2020-438","capstone","","4.0.2","4.0.2","5.0.1","capstone","2020A0000000438","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-438","https://osv.dev/OSV-2020-438","capstone","","4.0.2","4.0.2","5.0.1","python:capstone","2020A0000000438","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2019-1003010","https://nvd.nist.gov/vuln/detail/CVE-2019-1003010","git","4.3","2.43.0","","","","2019A0001003010","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index 0ef8d25..b4f305b 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/e43d37fa11f9eb9b8ef6b0dec3df65a17e4c513d. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/95776688fee50323c121ffd7e44f7fb1d976a355. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -38,14 +38,14 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | ## Vulnerabilities Fixed in nix-unstable @@ -57,12 +57,18 @@ Following issues potentially require backporting the fix from nixpkgs-unstable t Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community backport the fix to the correct nixpkgs branch: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|------------------|------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | -| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/280837), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | -| [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|------------------|------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | +| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | +| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | +| [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.1 | 3.2.1 | | @@ -72,13 +78,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -98,8 +98,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.1.3 | 8.2.0 | 8.2.0 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27 | | | | | [CVE-2018-13162](https://nvd.nist.gov/vuln/detail/CVE-2018-13162) | alex | 7.5 | 3.3.0.0 | 3.3.0.0 | 3.5.0.0 | | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.1 | 5.2.1 | | @@ -107,9 +107,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.3 | 8.2.0 | 8.2.0 | | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/280837), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | -| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.42.2 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | +| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.0 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.3 | 8.2.0 | 8.2.0 | | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-6129](https://nvd.nist.gov/vuln/detail/CVE-2023-6129) | openssl | 6.5 | 3.0.12 | 3.2.0 | 3.2.0 | | @@ -124,7 +124,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -136,19 +136,19 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.3 | 1.3 | 1.3.1 | | | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.0 | 8.2.0 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.0.2116 | 9.1.0050 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | | @@ -192,10 +192,11 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2016-7504](https://nvd.nist.gov/vuln/detail/CVE-2016-7504) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.43.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | -| [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.5.3 | Latest impacted version in 3.x is 3.0.4. | +| [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.5.5 | Latest impacted version in 3.x is 3.0.4. | | [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.4.22 | Latest impacted version in 3.x is 3.0.4. | | [CVE-2022-26592](https://nvd.nist.gov/vuln/detail/CVE-2022-26592) | libsass | 8.8 | 3.6.5 | Pending upstream fix: [link](https://github.com/sass/libsass/issues/3174). | | [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | +| [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2018-6553](https://nvd.nist.gov/vuln/detail/CVE-2018-6553) | cups | 8.8 | 2.4.7 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2017-5436](https://nvd.nist.gov/vuln/detail/CVE-2017-5436) | graphite2 | 8.8 | 1.3.14 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2022-48434](https://nvd.nist.gov/vuln/detail/CVE-2022-48434) | ffmpeg | 8.1 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 [link](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db). | @@ -249,6 +250,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.43.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-37416](https://nvd.nist.gov/vuln/detail/CVE-2022-37416) | libmpeg2 | 6.5 | 0.5.1 | NVD data issue: concerns Android only. | +| [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.71 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). | | [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.70 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). | | [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 3.16.2 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. | | [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 2.9.9-closefrom- | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. | @@ -285,12 +287,17 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2021-33455](https://nvd.nist.gov/vuln/detail/CVE-2021-33455) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. | | [CVE-2021-33454](https://nvd.nist.gov/vuln/detail/CVE-2021-33454) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. | | [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.8 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. | +| [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.10 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. | | [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | +| [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | +| [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.2.0 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.1.3 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | +| [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | +| [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2019-20633](https://nvd.nist.gov/vuln/detail/CVE-2019-20633) | patch | 5.5 | 2.7.6 | Upstream patch is not merged: [link](https://savannah.gnu.org/bugs/index.php?56683). Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6293](https://nvd.nist.gov/vuln/detail/CVE-2019-6293) | flex | 5.5 | 2.6.4 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -320,6 +327,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2019-1003010](https://nvd.nist.gov/vuln/detail/CVE-2019-1003010) | git | 4.3 | 2.43.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2019-1003010](https://nvd.nist.gov/vuln/detail/CVE-2019-1003010) | git | 4.3 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2023-31975](https://nvd.nist.gov/vuln/detail/CVE-2023-31975) | yasm | 3.3 | 1.3.0 | Memory leak in CLI tool, no security impact. | +| [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.3 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). | | [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.1 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). | | [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217) | unzip | 3.3 | 6.0 | Ignored by other distribution as 'no security impact', e.g. Debian: [link](https://security-tracker.debian.org/tracker/CVE-2021-4217). | | [GHSA-6898-wx94-8jq8](https://osv.dev/GHSA-6898-wx94-8jq8) | libnotify | | 0.8.3 | Incorrect package: Issue refers node-libnotify [link](https://github.com/mytrile/node-libnotify), whereas nixpkgs refers gnome-libnotify [link](https://gitlab.gnome.org/GNOME/libnotify). | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index c075f45..505823e 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/e43d37fa11f9eb9b8ef6b0dec3df65a17e4c513d. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/95776688fee50323c121ffd7e44f7fb1d976a355. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -32,46 +32,46 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla |-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | -| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | -| [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 121.0b9 | 122.0 | | +| [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | ## Vulnerabilities Fixed in nix-unstable @@ -83,21 +83,30 @@ Following issues potentially require backporting the fix from nixpkgs-unstable t Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community backport the fix to the correct nixpkgs branch: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|------------------|------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | -| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | -| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | -| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/280837), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | -| [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | -| [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | -| [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [OSV-2020-521](https://osv.dev/OSV-2020-521) | aspell | | 0.60.8 | 0.60.8.1 | 0.60.8.1 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|------------------|------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | +| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | +| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | +| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | +| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | +| [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | +| [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | +| [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | +| [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | +| [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | +| [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.1 | 3.2.1 | | +| [OSV-2020-521](https://osv.dev/OSV-2020-521) | aspell | | 0.60.8 | 0.60.8.1 | 0.60.8.1 | | @@ -107,13 +116,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -128,36 +131,36 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* | -| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | | +| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | | [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221) | curl | 9.8 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0-r1.cabal | 0.9.0 | 0.9.0 | | | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0 | 0.9.0 | 0.9.0 | | -| [CVE-2017-5511](https://nvd.nist.gov/vuln/detail/CVE-2017-5511) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | +| [CVE-2017-5511](https://nvd.nist.gov/vuln/detail/CVE-2017-5511) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | | [CVE-2023-45235](https://nvd.nist.gov/vuln/detail/CVE-2023-45235) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45234](https://nvd.nist.gov/vuln/detail/CVE-2023-45234) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45230](https://nvd.nist.gov/vuln/detail/CVE-2023-45230) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | -| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | | [CVE-2023-5217](https://nvd.nist.gov/vuln/detail/CVE-2023-5217) | libvpx | 8.8 | 1.13.1 | 1.13.1 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258448), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/261404), [PR](https://github.com/NixOS/nixpkgs/pull/262808)]* | -| [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | +| [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.1.3 | 8.2.0 | 8.2.0 | | -| [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 120.0.1 | 121.0b9 | 122.0 | | +| [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 120.0.1 | 122.0 | 122.0 | | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.1.3 | 8.2.0 | 8.2.0 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | @@ -167,28 +170,28 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2019-5443](https://nvd.nist.gov/vuln/detail/CVE-2019-5443) | curl | 7.8 | 0.4.44 | | | | -| [CVE-2017-5510](https://nvd.nist.gov/vuln/detail/CVE-2017-5510) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2017-5509](https://nvd.nist.gov/vuln/detail/CVE-2017-5509) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9822](https://nvd.nist.gov/vuln/detail/CVE-2014-9822) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9821](https://nvd.nist.gov/vuln/detail/CVE-2014-9821) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9820](https://nvd.nist.gov/vuln/detail/CVE-2014-9820) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9819](https://nvd.nist.gov/vuln/detail/CVE-2014-9819) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.2 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2017-5510](https://nvd.nist.gov/vuln/detail/CVE-2017-5510) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2017-5509](https://nvd.nist.gov/vuln/detail/CVE-2017-5509) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9822](https://nvd.nist.gov/vuln/detail/CVE-2014-9822) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9821](https://nvd.nist.gov/vuln/detail/CVE-2014-9821) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9820](https://nvd.nist.gov/vuln/detail/CVE-2014-9820) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9819](https://nvd.nist.gov/vuln/detail/CVE-2014-9819) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-45237](https://nvd.nist.gov/vuln/detail/CVE-2023-45237) | edk2 | 7.5 | 202311 | 202311 | 202311 | | | [CVE-2023-45236](https://nvd.nist.gov/vuln/detail/CVE-2023-45236) | edk2 | 7.5 | 202311 | 202311 | 202311 | | | [CVE-2023-45233](https://nvd.nist.gov/vuln/detail/CVE-2023-45233) | edk2 | 7.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45232](https://nvd.nist.gov/vuln/detail/CVE-2023-45232) | edk2 | 7.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | -| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713)]* | -| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | | -| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073)]* | +| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713)]* | +| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | | [CVE-2023-28450](https://nvd.nist.gov/vuln/detail/CVE-2023-28450) | dnsmasq | 7.5 | 2.89 | 2.89 | 2.89 | | | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27-source-u | | | | @@ -197,10 +200,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782) | curl | 7.5 | 0.4.44 | | | | | [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781) | curl | 7.5 | 0.4.44 | | | | | [CVE-2018-13162](https://nvd.nist.gov/vuln/detail/CVE-2018-13162) | alex | 7.5 | 3.3.0.0 | 3.3.0.0 | 3.5.0.0 | | -| [CVE-2016-10146](https://nvd.nist.gov/vuln/detail/CVE-2016-10146) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9854](https://nvd.nist.gov/vuln/detail/CVE-2014-9854) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9848](https://nvd.nist.gov/vuln/detail/CVE-2014-9848) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9804](https://nvd.nist.gov/vuln/detail/CVE-2014-9804) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | +| [CVE-2016-10146](https://nvd.nist.gov/vuln/detail/CVE-2016-10146) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9854](https://nvd.nist.gov/vuln/detail/CVE-2014-9854) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9848](https://nvd.nist.gov/vuln/detail/CVE-2014-9848) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9804](https://nvd.nist.gov/vuln/detail/CVE-2014-9804) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | @@ -208,16 +211,16 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/280837), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | -| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.42.2 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | -| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.0 | 0.43.0 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | +| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.3 | 8.2.0 | 8.2.0 | | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-6129](https://nvd.nist.gov/vuln/detail/CVE-2023-6129) | openssl | 6.5 | 3.0.12 | 3.2.0 | 3.2.0 | | @@ -231,40 +234,40 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776) | curl | 6.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/170654), [PR](https://github.com/NixOS/nixpkgs/pull/170659)]* | | [CVE-2021-46312](https://nvd.nist.gov/vuln/detail/CVE-2021-46312) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | | [CVE-2021-46310](https://nvd.nist.gov/vuln/detail/CVE-2021-46310) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | -| [CVE-2020-22628](https://nvd.nist.gov/vuln/detail/CVE-2020-22628) | libraw | 6.5 | 0.21.1 | 0.21.1 | 0.21.2 | | +| [CVE-2020-22628](https://nvd.nist.gov/vuln/detail/CVE-2020-22628) | libraw | 6.5 | 0.21.1 | 0.21.2 | 0.21.2 | | | [CVE-2019-20503](https://nvd.nist.gov/vuln/detail/CVE-2019-20503) | usrsctp | 6.5 | 0.9.5.0 | 0.9.5.0 | 0.9.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82874), [PR](https://github.com/NixOS/nixpkgs/pull/82958)]* | -| [CVE-2016-7538](https://nvd.nist.gov/vuln/detail/CVE-2016-7538) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7537](https://nvd.nist.gov/vuln/detail/CVE-2016-7537) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7536](https://nvd.nist.gov/vuln/detail/CVE-2016-7536) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7535](https://nvd.nist.gov/vuln/detail/CVE-2016-7535) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7534](https://nvd.nist.gov/vuln/detail/CVE-2016-7534) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7533](https://nvd.nist.gov/vuln/detail/CVE-2016-7533) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7532](https://nvd.nist.gov/vuln/detail/CVE-2016-7532) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7531](https://nvd.nist.gov/vuln/detail/CVE-2016-7531) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7530](https://nvd.nist.gov/vuln/detail/CVE-2016-7530) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7529](https://nvd.nist.gov/vuln/detail/CVE-2016-7529) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7528](https://nvd.nist.gov/vuln/detail/CVE-2016-7528) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7527](https://nvd.nist.gov/vuln/detail/CVE-2016-7527) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7526](https://nvd.nist.gov/vuln/detail/CVE-2016-7526) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7525](https://nvd.nist.gov/vuln/detail/CVE-2016-7525) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7524](https://nvd.nist.gov/vuln/detail/CVE-2016-7524) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7523](https://nvd.nist.gov/vuln/detail/CVE-2016-7523) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7522](https://nvd.nist.gov/vuln/detail/CVE-2016-7522) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7521](https://nvd.nist.gov/vuln/detail/CVE-2016-7521) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7520](https://nvd.nist.gov/vuln/detail/CVE-2016-7520) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7519](https://nvd.nist.gov/vuln/detail/CVE-2016-7519) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7518](https://nvd.nist.gov/vuln/detail/CVE-2016-7518) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7517](https://nvd.nist.gov/vuln/detail/CVE-2016-7517) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7516](https://nvd.nist.gov/vuln/detail/CVE-2016-7516) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7515](https://nvd.nist.gov/vuln/detail/CVE-2016-7515) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7514](https://nvd.nist.gov/vuln/detail/CVE-2016-7514) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2016-7513](https://nvd.nist.gov/vuln/detail/CVE-2016-7513) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2007-5967](https://nvd.nist.gov/vuln/detail/CVE-2007-5967) | firefox | 6.5 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | | -| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2016-7538](https://nvd.nist.gov/vuln/detail/CVE-2016-7538) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7537](https://nvd.nist.gov/vuln/detail/CVE-2016-7537) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7536](https://nvd.nist.gov/vuln/detail/CVE-2016-7536) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7535](https://nvd.nist.gov/vuln/detail/CVE-2016-7535) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7534](https://nvd.nist.gov/vuln/detail/CVE-2016-7534) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7533](https://nvd.nist.gov/vuln/detail/CVE-2016-7533) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7532](https://nvd.nist.gov/vuln/detail/CVE-2016-7532) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7531](https://nvd.nist.gov/vuln/detail/CVE-2016-7531) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7530](https://nvd.nist.gov/vuln/detail/CVE-2016-7530) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7529](https://nvd.nist.gov/vuln/detail/CVE-2016-7529) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7528](https://nvd.nist.gov/vuln/detail/CVE-2016-7528) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7527](https://nvd.nist.gov/vuln/detail/CVE-2016-7527) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7526](https://nvd.nist.gov/vuln/detail/CVE-2016-7526) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7525](https://nvd.nist.gov/vuln/detail/CVE-2016-7525) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7524](https://nvd.nist.gov/vuln/detail/CVE-2016-7524) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7523](https://nvd.nist.gov/vuln/detail/CVE-2016-7523) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7522](https://nvd.nist.gov/vuln/detail/CVE-2016-7522) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7521](https://nvd.nist.gov/vuln/detail/CVE-2016-7521) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7520](https://nvd.nist.gov/vuln/detail/CVE-2016-7520) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7519](https://nvd.nist.gov/vuln/detail/CVE-2016-7519) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7518](https://nvd.nist.gov/vuln/detail/CVE-2016-7518) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7517](https://nvd.nist.gov/vuln/detail/CVE-2016-7517) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7516](https://nvd.nist.gov/vuln/detail/CVE-2016-7516) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7515](https://nvd.nist.gov/vuln/detail/CVE-2016-7515) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7514](https://nvd.nist.gov/vuln/detail/CVE-2016-7514) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2016-7513](https://nvd.nist.gov/vuln/detail/CVE-2016-7513) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2007-5967](https://nvd.nist.gov/vuln/detail/CVE-2007-5967) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | | [CVE-2020-35669](https://nvd.nist.gov/vuln/detail/CVE-2020-35669) | http | 6.1 | 0.2.11 | 0.3-0 | 0.4 | | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -278,7 +281,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1 | 6.1.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1 | 6.1.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -295,52 +298,52 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.3 | 1.3 | 1.3.1 | | | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | -| [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | +| [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2017-8806](https://nvd.nist.gov/vuln/detail/CVE-2017-8806) | postgresql | 5.5 | 15.5 | 16.1 | 16.1 | | -| [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9816](https://nvd.nist.gov/vuln/detail/CVE-2014-9816) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9815](https://nvd.nist.gov/vuln/detail/CVE-2014-9815) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9814](https://nvd.nist.gov/vuln/detail/CVE-2014-9814) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9813](https://nvd.nist.gov/vuln/detail/CVE-2014-9813) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9812](https://nvd.nist.gov/vuln/detail/CVE-2014-9812) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9811](https://nvd.nist.gov/vuln/detail/CVE-2014-9811) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9810](https://nvd.nist.gov/vuln/detail/CVE-2014-9810) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9809](https://nvd.nist.gov/vuln/detail/CVE-2014-9809) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9808](https://nvd.nist.gov/vuln/detail/CVE-2014-9808) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9807](https://nvd.nist.gov/vuln/detail/CVE-2014-9807) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9806](https://nvd.nist.gov/vuln/detail/CVE-2014-9806) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | +| [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9816](https://nvd.nist.gov/vuln/detail/CVE-2014-9816) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9815](https://nvd.nist.gov/vuln/detail/CVE-2014-9815) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9814](https://nvd.nist.gov/vuln/detail/CVE-2014-9814) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9813](https://nvd.nist.gov/vuln/detail/CVE-2014-9813) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9812](https://nvd.nist.gov/vuln/detail/CVE-2014-9812) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9811](https://nvd.nist.gov/vuln/detail/CVE-2014-9811) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9810](https://nvd.nist.gov/vuln/detail/CVE-2014-9810) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9809](https://nvd.nist.gov/vuln/detail/CVE-2014-9809) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9808](https://nvd.nist.gov/vuln/detail/CVE-2014-9808) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9807](https://nvd.nist.gov/vuln/detail/CVE-2014-9807) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9806](https://nvd.nist.gov/vuln/detail/CVE-2014-9806) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.5 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | -| [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 121.0b9 | 122.0 | | +| [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0 | | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.0 | 8.2.0 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | | -| [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.21.5 | 1.21.6 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.21.5 | 1.21.6 | | +| [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.21.6 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | -| [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.0.2116 | 9.1.0050 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.1.0050 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373), [PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | -| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | -| [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 121.0b9 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0059 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595)]* | +| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | +| [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600)]* | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* | @@ -348,7 +351,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | | | [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.2 | 1.3.0 | 1.3.0 | | -| [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.1 | 0.21.2 | | +| [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2023-889](https://osv.dev/OSV-2023-889) | file | | 5.45 | 5.45 | 5.45 | | | [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.2.2 | 1.3.0 | 1.3.0 | | | [OSV-2023-675](https://osv.dev/OSV-2023-675) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | | @@ -356,12 +359,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.1.3 | 8.2.0 | 8.2.0 | Unclear if this is still valid. | | [OSV-2023-298](https://osv.dev/OSV-2023-298) | cairo | | 1.18.0 | 1.17.13 | 1.17.13 | | | [OSV-2023-197](https://osv.dev/OSV-2023-197) | p11-kit | | 0.25.0 | 0.25.3 | 0.25.3 | | -| [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.1 | 0.21.2 | | -| [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.1 | 0.21.2 | | -| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.70 | 5.70 | 5.72 | Unclear if this is still valid. | +| [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | +| [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | +| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.70 | 5.71 | 5.72 | Unclear if this is still valid. | | [OSV-2022-896](https://osv.dev/OSV-2022-896) | libsass | | 3.6.5 | 3.6.5 | 3.6.6 | Unclear if this is still valid. | -| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.70 | 5.70 | 5.72 | Unclear if this is still valid. | -| [OSV-2022-819](https://osv.dev/OSV-2022-819) | libraw | | 0.21.1 | 0.21.1 | 0.21.2 | | +| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.70 | 5.71 | 5.72 | Unclear if this is still valid. | +| [OSV-2022-819](https://osv.dev/OSV-2022-819) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2022-785](https://osv.dev/OSV-2022-785) | dnsmasq | | 2.89 | 2.89 | 2.89 | | | [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.8.2 | 0.9.1 | Unclear if this is still valid. | | [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.2 | 0.8.2 | 0.9.1 | Unclear if this is still valid. | @@ -388,26 +391,26 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2020-862](https://osv.dev/OSV-2020-862) | libsass | | 3.6.5 | 3.6.5 | 3.6.6 | | | [OSV-2020-521](https://osv.dev/OSV-2020-521) | aspell | | 0.60.8 | 0.60.8.1 | 0.60.8.1 | | | [OSV-2020-438](https://osv.dev/OSV-2020-438) | capstone | | 4.0.2 | 4.0.2 | 5.0.1 | | -| [CVE-2014-6492](https://nvd.nist.gov/vuln/detail/CVE-2014-6492) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2012-4930](https://nvd.nist.gov/vuln/detail/CVE-2012-4930) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2012-4929](https://nvd.nist.gov/vuln/detail/CVE-2012-4929) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2011-3389](https://nvd.nist.gov/vuln/detail/CVE-2011-3389) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2011-0064](https://nvd.nist.gov/vuln/detail/CVE-2011-0064) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2009-4630](https://nvd.nist.gov/vuln/detail/CVE-2009-4630) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2009-4130](https://nvd.nist.gov/vuln/detail/CVE-2009-4130) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2009-4129](https://nvd.nist.gov/vuln/detail/CVE-2009-4129) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2009-4102](https://nvd.nist.gov/vuln/detail/CVE-2009-4102) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2009-2409](https://nvd.nist.gov/vuln/detail/CVE-2009-2409) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2009-1597](https://nvd.nist.gov/vuln/detail/CVE-2009-1597) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2007-6715](https://nvd.nist.gov/vuln/detail/CVE-2007-6715) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2007-4013](https://nvd.nist.gov/vuln/detail/CVE-2007-4013) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2007-3827](https://nvd.nist.gov/vuln/detail/CVE-2007-3827) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2007-3670](https://nvd.nist.gov/vuln/detail/CVE-2007-3670) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2007-2176](https://nvd.nist.gov/vuln/detail/CVE-2007-2176) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2007-1970](https://nvd.nist.gov/vuln/detail/CVE-2007-1970) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2007-1667](https://nvd.nist.gov/vuln/detail/CVE-2007-1667) | imagemagick | | 7.1.1-21 | 7.1.1-25 | 7.1.1.27 | | -| [CVE-2007-0896](https://nvd.nist.gov/vuln/detail/CVE-2007-0896) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | -| [CVE-2003-1492](https://nvd.nist.gov/vuln/detail/CVE-2003-1492) | firefox | | 120.0.1 | 121.0b9 | 122.0 | | +| [CVE-2014-6492](https://nvd.nist.gov/vuln/detail/CVE-2014-6492) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2012-4930](https://nvd.nist.gov/vuln/detail/CVE-2012-4930) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2012-4929](https://nvd.nist.gov/vuln/detail/CVE-2012-4929) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2011-3389](https://nvd.nist.gov/vuln/detail/CVE-2011-3389) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2011-0064](https://nvd.nist.gov/vuln/detail/CVE-2011-0064) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2009-4630](https://nvd.nist.gov/vuln/detail/CVE-2009-4630) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2009-4130](https://nvd.nist.gov/vuln/detail/CVE-2009-4130) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2009-4129](https://nvd.nist.gov/vuln/detail/CVE-2009-4129) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2009-4102](https://nvd.nist.gov/vuln/detail/CVE-2009-4102) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2009-2409](https://nvd.nist.gov/vuln/detail/CVE-2009-2409) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2009-1597](https://nvd.nist.gov/vuln/detail/CVE-2009-1597) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2007-6715](https://nvd.nist.gov/vuln/detail/CVE-2007-6715) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2007-4013](https://nvd.nist.gov/vuln/detail/CVE-2007-4013) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2007-3827](https://nvd.nist.gov/vuln/detail/CVE-2007-3827) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2007-3670](https://nvd.nist.gov/vuln/detail/CVE-2007-3670) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2007-2176](https://nvd.nist.gov/vuln/detail/CVE-2007-2176) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2007-1970](https://nvd.nist.gov/vuln/detail/CVE-2007-1970) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2007-1667](https://nvd.nist.gov/vuln/detail/CVE-2007-1667) | imagemagick | | 7.1.1-21 | 7.1.1-26 | 7.1.1.27 | | +| [CVE-2007-0896](https://nvd.nist.gov/vuln/detail/CVE-2007-0896) | firefox | | 120.0.1 | 122.0 | 122.0 | | +| [CVE-2003-1492](https://nvd.nist.gov/vuln/detail/CVE-2003-1492) | firefox | | 120.0.1 | 122.0 | 122.0 | | @@ -434,10 +437,11 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2016-7504](https://nvd.nist.gov/vuln/detail/CVE-2016-7504) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.43.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | -| [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.5.3 | Latest impacted version in 3.x is 3.0.4. | +| [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.5.5 | Latest impacted version in 3.x is 3.0.4. | | [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.4.22 | Latest impacted version in 3.x is 3.0.4. | | [CVE-2022-26592](https://nvd.nist.gov/vuln/detail/CVE-2022-26592) | libsass | 8.8 | 3.6.5 | Pending upstream fix: [link](https://github.com/sass/libsass/issues/3174). | | [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | +| [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2018-6553](https://nvd.nist.gov/vuln/detail/CVE-2018-6553) | cups | 8.8 | 2.4.7 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2017-5436](https://nvd.nist.gov/vuln/detail/CVE-2017-5436) | graphite2 | 8.8 | 1.3.14 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2022-48434](https://nvd.nist.gov/vuln/detail/CVE-2022-48434) | ffmpeg | 8.1 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 [link](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db). | @@ -491,6 +495,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.43.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-37416](https://nvd.nist.gov/vuln/detail/CVE-2022-37416) | libmpeg2 | 6.5 | 0.5.1 | NVD data issue: concerns Android only. | +| [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.71 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). | | [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.70 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). | | [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 3.16.2 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. | | [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 2.9.9-closefrom- | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. | @@ -527,12 +532,17 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2021-33455](https://nvd.nist.gov/vuln/detail/CVE-2021-33455) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. | | [CVE-2021-33454](https://nvd.nist.gov/vuln/detail/CVE-2021-33454) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. | | [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.8 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. | +| [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.10 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. | | [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | +| [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | +| [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.2.0 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.1.3 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | +| [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | +| [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2019-20633](https://nvd.nist.gov/vuln/detail/CVE-2019-20633) | patch | 5.5 | 2.7.6 | Upstream patch is not merged: [link](https://savannah.gnu.org/bugs/index.php?56683). Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6293](https://nvd.nist.gov/vuln/detail/CVE-2019-6293) | flex | 5.5 | 2.6.4 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -562,6 +572,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2019-1003010](https://nvd.nist.gov/vuln/detail/CVE-2019-1003010) | git | 4.3 | 2.43.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2019-1003010](https://nvd.nist.gov/vuln/detail/CVE-2019-1003010) | git | 4.3 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2023-31975](https://nvd.nist.gov/vuln/detail/CVE-2023-31975) | yasm | 3.3 | 1.3.0 | Memory leak in CLI tool, no security impact. | +| [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.3 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). | | [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.1 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). | | [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217) | unzip | 3.3 | 6.0 | Ignored by other distribution as 'no security impact', e.g. Debian: [link](https://security-tracker.debian.org/tracker/CVE-2021-4217). | | [GHSA-6898-wx94-8jq8](https://osv.dev/GHSA-6898-wx94-8jq8) | libnotify | | 0.8.3 | Incorrect package: Issue refers node-libnotify [link](https://github.com/mytrile/node-libnotify), whereas nixpkgs refers gnome-libnotify [link](https://gitlab.gnome.org/GNOME/libnotify). |