From 5ebb28a676eef1ce7874fc776e5aee2778db32fb Mon Sep 17 00:00:00 2001 From: henrirosten Date: Wed, 21 Aug 2024 03:37:48 +0000 Subject: [PATCH] Automatic vulnerability report update --- reports/main/data.csv | 154 +++++++++++++++++- ...6_64-linux.lenovo-x1-carbon-gen11-debug.md | 153 ++++++++++++++++- 2 files changed, 302 insertions(+), 5 deletions(-) diff --git a/reports/main/data.csv b/reports/main/data.csv index fda1a5d..f1c03c3 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -1,9 +1,12 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0595","9.1.0680","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 +https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0680","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0680","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41817","https://nvd.nist.gov/vuln/detail/CVE-2024-41817","imagemagick","7.0","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2024A0000041817","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-35326","https://nvd.nist.gov/vuln/detail/CVE-2024-35326","libyaml","9.8","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035326","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-24790","https://nvd.nist.gov/vuln/detail/CVE-2024-24790","go","9.8","1.21.0-linux-amd64-bootstrap","1.23.0","1.23.0","go","2024A0000024790","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/319485 @@ -23,6 +26,7 @@ https://github.com/NixOS/nixpkgs/pull/334447" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-4030","https://nvd.nist.gov/vuln/detail/CVE-2024-4030","python","7.1","2.7.18.8","3.13.0rc1","3.12.5","python","2024A0000004030","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-919","https://osv.dev/OSV-2024-919","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000919","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-831","https://osv.dev/OSV-2024-831","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-728","https://osv.dev/OSV-2024-728","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2024A0000000728","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-678","https://osv.dev/OSV-2024-678","flac","","1.4.3","1.4.3","1.4.3","flac","2024A0000000678","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-517","https://osv.dev/OSV-2024-517","libaom","","3.9.1","","","","2024A0000000517","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-460","https://osv.dev/OSV-2024-460","glslang","","14.3.0","14.3.0","14.3.0","glslang","2024A0000000460","False","","err_not_vulnerable_based_on_repology","" @@ -35,6 +39,7 @@ https://github.com/NixOS/nixpkgs/pull/299125" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-395","https://osv.dev/OSV-2024-395","libpcap","","1.10.4","1.10.4","1.10.4","libpcap","2024A0000000395","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-371","https://osv.dev/OSV-2024-371","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000371","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-330","https://osv.dev/OSV-2024-330","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000330","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-294","https://osv.dev/OSV-2024-294","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2024A0000000294","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-233","https://osv.dev/OSV-2024-233","openh264","","2.4.1","2.4.1","2.4.1","openh264","2024A0000000233","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" @@ -112,7 +117,9 @@ https://github.com/NixOS/nixpkgs/pull/274068 https://github.com/NixOS/nixpkgs/pull/274071" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-6228","https://nvd.nist.gov/vuln/detail/CVE-2023-6228","libtiff","5.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000006228","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-5841","https://nvd.nist.gov/vuln/detail/CVE-2023-5841","openexr","9.1","2.5.10","3.2.4","3.2.4","openexr","2023A0000005841","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/300526" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","20.3.4-source","24.0","24.2","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","13.3.0","13.3.0","14.2.0","gcc","2023A0000004039","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","3.3","3.3.17-lore-override","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150 @@ -132,6 +139,7 @@ https://github.com/NixOS/nixpkgs/pull/239571" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1344","https://osv.dev/OSV-2023-1344","jq","","1.7.1","1.7.1","1.7.1","jq","2023A0000001344","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1329","https://osv.dev/OSV-2023-1329","jq","","1.7.1","1.7.1","1.7.1","jq","2023A0000001329","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.4.5","1.4.5","1.4.5","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1129","https://osv.dev/OSV-2023-1129","libheif","","1.18.0","1.18.0","1.18.2","libheif","2023A0000001129","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.4.5","1.4.5","1.4.5","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-862","https://osv.dev/OSV-2023-862","gstreamer","","1.24.3","1.24.3","1.24.6","gstreamer","2023A0000000862","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" @@ -149,6 +157,7 @@ https://github.com/NixOS/nixpkgs/pull/239571" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0238","https://nvd.nist.gov/vuln/detail/CVE-2023-0238","warp","5.5","3.3.31","3.4.1","3.4.1","haskell:warp","2023A0000000238","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-197","https://osv.dev/OSV-2023-197","p11-kit","","0.25.5","0.25.5","0.25.5","p11-kit","2023A0000000197","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","9.0.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-34","https://osv.dev/OSV-2023-34","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2023A0000000034","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-14","https://osv.dev/OSV-2023-14","hunspell","","1.7.2","1.7.2","1.7.2","hunspell","2023A0000000014","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-48566","https://nvd.nist.gov/vuln/detail/CVE-2022-48566","python","5.9","2.7.18.8","3.13.0rc1","3.12.5","python","2022A0000048566","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-48565","https://nvd.nist.gov/vuln/detail/CVE-2022-48565","python","9.8","2.7.18.8","3.13.0rc1","3.12.5","python","2022A0000048565","False","","fix_update_to_version_nixpkgs","" @@ -164,6 +173,7 @@ https://github.com/NixOS/nixpkgs/pull/204902" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.46","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-43410","https://nvd.nist.gov/vuln/detail/CVE-2022-43410","mercurial","5.3","6.8","6.8.1","6.8.1","mercurial","2022A0000043410","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726 https://github.com/NixOS/nixpkgs/pull/275599 https://github.com/NixOS/nixpkgs/pull/275878" @@ -176,7 +186,7 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5-r7.cabal","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40898","https://nvd.nist.gov/vuln/detail/CVE-2022-40898","wheel","7.5","0.37.1-source","0.43.0","0.44.0","python:wheel","2022A0000040898","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/210565" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","73.0.0","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","73.0.1","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.45.2","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" @@ -260,15 +270,21 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-882","https://osv.dev/OSV-2022-882","hunspell","","1.7.2","1.7.2","1.7.2","hunspell","2022A0000000882","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.76","5.76","5.77","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.2","0.21.2","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-785","https://osv.dev/OSV-2022-785","dnsmasq","","2.90","2.90","2.90","dnsmasq","2022A0000000785","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.10.3","0.10.3","0.10.3","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-608","https://osv.dev/OSV-2022-608","libjxl","","0.10.3","0.10.3","0.10.3","libjxl","2022A0000000608","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-572","https://osv.dev/OSV-2022-572","dnsmasq","","2.90","2.90","2.90","dnsmasq","2022A0000000572","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-530","https://osv.dev/OSV-2022-530","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2022A0000000530","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-524","https://osv.dev/OSV-2022-524","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2022A0000000524","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-519","https://osv.dev/OSV-2022-519","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2022A0000000519","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-0486","https://nvd.nist.gov/vuln/detail/CVE-2022-0486","network","7.8","3.1.4.0-r1.cabal","3.2.1.0","3.2.1.0","haskell:network","2022A0000000486","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-0486","https://nvd.nist.gov/vuln/detail/CVE-2022-0486","network","7.8","3.1.4.0","3.2.1.0","3.2.1.0","haskell:network","2022A0000000486","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-462","https://osv.dev/OSV-2022-462","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2022A0000000462","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-0391","https://nvd.nist.gov/vuln/detail/CVE-2022-0391","python","7.5","2.7.18.8","3.13.0rc1","3.12.5","python","2022A0000000391","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/203428" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-312","https://osv.dev/OSV-2022-312","dnsmasq","","2.90","2.90","2.90","dnsmasq","2022A0000000312","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-193","https://osv.dev/OSV-2022-193","w3m","","0.5.3+git20230121","0.5.3+git20230121","0.5.3+git20230121","w3m","2022A0000000193","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-73","https://osv.dev/OSV-2022-73","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2022A0000000073","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-rjvj-673q-4hfw","https://osv.dev/GHSA-rjvj-673q-4hfw","traceroute","","2.1.5","","","","2021A1633305600","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-m75h-cghq-c8h5","https://osv.dev/GHSA-m75h-cghq-c8h5","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2021A1632355200","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-pgcr-7wm4-mcv6","https://osv.dev/GHSA-pgcr-7wm4-mcv6","pem","","0.2.4","0.2.4","0.2.4","haskell:pem","2021A1628035200","False","","err_not_vulnerable_based_on_repology","" @@ -328,10 +344,14 @@ https://github.com/NixOS/nixpkgs/pull/195788" https://github.com/NixOS/nixpkgs/pull/120157" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-27400","https://nvd.nist.gov/vuln/detail/CVE-2021-27400","vault","7.5","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000027400","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/120155 https://github.com/NixOS/nixpkgs/pull/120157" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-26945","https://nvd.nist.gov/vuln/detail/CVE-2021-26945","openexr","5.5","2.5.10","","","","2021A0000026945","True","Fix patch https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-26720","https://nvd.nist.gov/vuln/detail/CVE-2021-26720","avahi","7.8","0.8","","","","2021A0000026720","True","False positive: issue refers avahi-daemon-check-dns.sh in the Debian avahi package. As such, the issue is specific to Debian and its derivatives.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-26260","https://nvd.nist.gov/vuln/detail/CVE-2021-26260","openexr","5.5","2.5.10","","","","2021A0000026260","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-23336","https://nvd.nist.gov/vuln/detail/CVE-2021-23336","python","5.9","2.7.18.8","3.13.0rc1","3.12.5","python","2021A0000023336","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/117037 https://github.com/NixOS/nixpkgs/pull/117082 https://github.com/NixOS/nixpkgs/pull/118403" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-23215","https://nvd.nist.gov/vuln/detail/CVE-2021-23215","openexr","5.5","2.5.10","","","","2021A0000023215","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-23169","https://nvd.nist.gov/vuln/detail/CVE-2021-23169","openexr","8.8","2.5.10","","","","2021A0000023169","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-21684","https://nvd.nist.gov/vuln/detail/CVE-2021-21684","git","6.1","2.45.2","","","","2021A0000021684","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-4336","https://nvd.nist.gov/vuln/detail/CVE-2021-4336","ninja","9.8","1.12.1","","","","2021A0000004336","True","Incorrect package: nixpkgs 'ninja' refers https://github.com/ninja-build/ninja, not https://github.com/ITRS-Group/monitor-ninja.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-4276","https://nvd.nist.gov/vuln/detail/CVE-2021-4276","hedgehog","8.8","1.4-r8.cabal","1.4","1.5","haskell:hedgehog","2021A0000004276","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/192632" @@ -350,10 +370,20 @@ https://github.com/NixOS/nixpkgs/pull/156822 https://github.com/NixOS/nixpkgs/pull/295087" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3733","https://nvd.nist.gov/vuln/detail/CVE-2021-3733","python","6.5","2.7.18.8","3.13.0rc1","3.12.5","python","2021A0000003733","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/203428" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3670","https://nvd.nist.gov/vuln/detail/CVE-2021-3670","samba","6.5","4.20.1","4.20.1","4.20.4","samba","2021A0000003670","False","","fix_not_available","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3605","https://nvd.nist.gov/vuln/detail/CVE-2021-3605","openexr","5.5","2.5.10","","","","2021A0000003605","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.10","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3572","https://nvd.nist.gov/vuln/detail/CVE-2021-3572","pip","5.7","20.3.4-source","24.0","24.2","pip","2021A0000003572","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5-r7.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-1157","https://osv.dev/OSV-2021-1157","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001157","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-1141","https://osv.dev/OSV-2021-1141","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001141","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-1110","https://osv.dev/OSV-2021-1110","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001110","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-1041","https://osv.dev/OSV-2021-1041","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001041","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-1024","https://osv.dev/OSV-2021-1024","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001024","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-802","https://osv.dev/OSV-2021-802","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000802","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-787","https://osv.dev/OSV-2021-787","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000787","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-777","https://osv.dev/OSV-2021-777","libxml2","","2.13.2","","","","2021A0000000777","True","Fixed by https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325, which went to 2.9.13. Therefore, this issue is fixed in 2.10.4.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-765","https://osv.dev/OSV-2021-765","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000765","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.6","3.6.6","3.6.6","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.12","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-27748","https://nvd.nist.gov/vuln/detail/CVE-2020-27748","xdg-utils","6.5","1.2.1","1.2.1","1.2.1","xdg-utils","2020A0000027748","False","","fix_not_available","" @@ -373,12 +403,14 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-11104","https://nvd.nist.gov/vuln/detail/CVE-2020-11104","cereal","5.3","0.5.8.3","0.5.8.3","0.5.8.3","haskell:cereal","2020A0000011104","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-11021","https://nvd.nist.gov/vuln/detail/CVE-2020-11021","http-client","7.5","0.7.17","0.7.17","0.7.17","haskell:http-client","2020A0000011021","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.46","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.18.0","1.18.0","1.18.2","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.45.2","2.45.2","2.46.0","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2020-1420","https://osv.dev/OSV-2020-1420","libsass","","3.6.6","3.6.6","3.6.6","libsass","2020A0000001420","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2020-862","https://osv.dev/OSV-2020-862","libsass","","3.6.6","3.6.6","3.6.6","libsass","2020A0000000862","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2019-1003010","https://nvd.nist.gov/vuln/detail/CVE-2019-1003010","git","4.3","2.45.2","","","","2019A0001003010","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2019-20633","https://nvd.nist.gov/vuln/detail/CVE-2019-20633","patch","5.5","2.7.6","","","","2019A0000020633","True","Upstream patch is not merged: https://savannah.gnu.org/bugs/index.php?56683. Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2019-17178","https://nvd.nist.gov/vuln/detail/CVE-2019-17178","lodepng","7.5","3.10.1","","","","2019A0000017178","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2019-14900","https://nvd.nist.gov/vuln/detail/CVE-2019-14900","fuse","6.5","3.16.2","","","","2019A0000014900","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2019-14900","https://nvd.nist.gov/vuln/detail/CVE-2019-14900","fuse","6.5","2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9","","","","2019A0000014900","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2019-14900","https://nvd.nist.gov/vuln/detail/CVE-2019-14900","fuse","6.5","2.9.9","","","","2019A0000014900","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" @@ -415,10 +447,15 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.7","16.4","16.4","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.5","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.5","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-5436","https://nvd.nist.gov/vuln/detail/CVE-2017-5436","graphite2","8.8","1.3.14","","","","2017A0000005436","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-10141","https://nvd.nist.gov/vuln/detail/CVE-2016-10141","mujs","9.8","1.3.5","","","","2016A0000010141","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-10133","https://nvd.nist.gov/vuln/detail/CVE-2016-10133","mujs","9.8","1.3.5","","","","2016A0000010133","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-10132","https://nvd.nist.gov/vuln/detail/CVE-2016-10132","mujs","7.5","1.3.5","","","","2016A0000010132","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-9294","https://nvd.nist.gov/vuln/detail/CVE-2016-9294","mujs","7.5","1.3.5","","","","2016A0000009294","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-9136","https://nvd.nist.gov/vuln/detail/CVE-2016-9136","mujs","7.5","1.3.5","","","","2016A0000009136","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-9109","https://nvd.nist.gov/vuln/detail/CVE-2016-9109","mujs","7.5","1.3.5","","","","2016A0000009109","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -426,9 +463,15 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-9017","https://nvd.nist.gov/vuln/detail/CVE-2016-9017","mujs","7.5","1.3.5","","","","2016A0000009017","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7564","https://nvd.nist.gov/vuln/detail/CVE-2016-7564","mujs","7.5","1.3.5","","","","2016A0000007564","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7563","https://nvd.nist.gov/vuln/detail/CVE-2016-7563","mujs","7.5","1.3.5","","","","2016A0000007563","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7506","https://nvd.nist.gov/vuln/detail/CVE-2016-7506","mujs","7.5","1.3.5","","","","2016A0000007506","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-7504","https://nvd.nist.gov/vuln/detail/CVE-2016-7504","mujs","9.8","1.3.5","","","","2016A0000007504","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-6131","https://nvd.nist.gov/vuln/detail/CVE-2016-6131","libiberty","7.5","13.3.0","","","","2016A0000006131","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298535" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-4493","https://nvd.nist.gov/vuln/detail/CVE-2016-4493","libiberty","5.5","13.3.0","","","","2016A0000004493","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-4492","https://nvd.nist.gov/vuln/detail/CVE-2016-4492","libiberty","4.4","13.3.0","","","","2016A0000004492","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-4491","https://nvd.nist.gov/vuln/detail/CVE-2016-4491","libiberty","5.5","13.3.0","","","","2016A0000004491","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -443,6 +486,39 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-5652","https://nvd.nist.gov/vuln/detail/CVE-2015-5652","python","","2.7.18.8","3.13.0rc1","3.12.5","python","2015A0000005652","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-4156","https://nvd.nist.gov/vuln/detail/CVE-2015-4156","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004156","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-4155","https://nvd.nist.gov/vuln/detail/CVE-2015-4155","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004155","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202402","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202402","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-2525","https://nvd.nist.gov/vuln/detail/CVE-2014-2525","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2014A0000002525","False","","err_not_vulnerable_based_on_repology","" @@ -461,6 +537,7 @@ https://github.com/NixOS/nixpkgs/pull/335269" https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0680","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41817","https://nvd.nist.gov/vuln/detail/CVE-2024-41817","imagemagick","7.0","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2024A0000041817","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-35326","https://nvd.nist.gov/vuln/detail/CVE-2024-35326","libyaml","9.8","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035326","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-24790","https://nvd.nist.gov/vuln/detail/CVE-2024-24790","go","9.8","1.21.0-linux-amd64-bootstrap","1.23.0","1.23.0","go","2024A0000024790","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/319485 @@ -480,6 +557,7 @@ https://github.com/NixOS/nixpkgs/pull/334447" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-4030","https://nvd.nist.gov/vuln/detail/CVE-2024-4030","python","7.1","2.7.18.8","3.13.0rc1","3.12.5","python","2024A0000004030","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-919","https://osv.dev/OSV-2024-919","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000919","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-831","https://osv.dev/OSV-2024-831","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-728","https://osv.dev/OSV-2024-728","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2024A0000000728","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-678","https://osv.dev/OSV-2024-678","flac","","1.4.3","1.4.3","1.4.3","flac","2024A0000000678","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-517","https://osv.dev/OSV-2024-517","libaom","","3.9.1","","","","2024A0000000517","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-460","https://osv.dev/OSV-2024-460","glslang","","14.3.0","14.3.0","14.3.0","glslang","2024A0000000460","False","","err_not_vulnerable_based_on_repology","" @@ -492,6 +570,7 @@ https://github.com/NixOS/nixpkgs/pull/299125" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-395","https://osv.dev/OSV-2024-395","libpcap","","1.10.4","1.10.4","1.10.4","libpcap","2024A0000000395","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-371","https://osv.dev/OSV-2024-371","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000371","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-330","https://osv.dev/OSV-2024-330","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000330","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-294","https://osv.dev/OSV-2024-294","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2024A0000000294","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2024-233","https://osv.dev/OSV-2024-233","openh264","","2.4.1","2.4.1","2.4.1","openh264","2024A0000000233","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" @@ -569,7 +648,9 @@ https://github.com/NixOS/nixpkgs/pull/274068 https://github.com/NixOS/nixpkgs/pull/274071" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-6228","https://nvd.nist.gov/vuln/detail/CVE-2023-6228","libtiff","5.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000006228","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5841","https://nvd.nist.gov/vuln/detail/CVE-2023-5841","openexr","9.1","2.5.10","3.2.4","3.2.4","openexr","2023A0000005841","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/300526" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","20.3.4-source","24.0","24.2","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","13.3.0","13.3.0","14.2.0","gcc","2023A0000004039","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","3.3","3.3.17-lore-override","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150 @@ -589,6 +670,7 @@ https://github.com/NixOS/nixpkgs/pull/239571" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1344","https://osv.dev/OSV-2023-1344","jq","","1.7.1","1.7.1","1.7.1","jq","2023A0000001344","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1329","https://osv.dev/OSV-2023-1329","jq","","1.7.1","1.7.1","1.7.1","jq","2023A0000001329","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.4.5","1.4.5","1.4.5","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1129","https://osv.dev/OSV-2023-1129","libheif","","1.18.0","1.18.0","1.18.2","libheif","2023A0000001129","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.4.5","1.4.5","1.4.5","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-862","https://osv.dev/OSV-2023-862","gstreamer","","1.24.3","1.24.3","1.24.6","gstreamer","2023A0000000862","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" @@ -606,6 +688,7 @@ https://github.com/NixOS/nixpkgs/pull/239571" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-0238","https://nvd.nist.gov/vuln/detail/CVE-2023-0238","warp","5.5","3.3.31","3.4.1","3.4.1","haskell:warp","2023A0000000238","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-197","https://osv.dev/OSV-2023-197","p11-kit","","0.25.5","0.25.5","0.25.5","p11-kit","2023A0000000197","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","9.0.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-34","https://osv.dev/OSV-2023-34","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2023A0000000034","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-14","https://osv.dev/OSV-2023-14","hunspell","","1.7.2","1.7.2","1.7.2","hunspell","2023A0000000014","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-48566","https://nvd.nist.gov/vuln/detail/CVE-2022-48566","python","5.9","2.7.18.8","3.13.0rc1","3.12.5","python","2022A0000048566","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-48565","https://nvd.nist.gov/vuln/detail/CVE-2022-48565","python","9.8","2.7.18.8","3.13.0rc1","3.12.5","python","2022A0000048565","False","","fix_update_to_version_nixpkgs","" @@ -621,6 +704,7 @@ https://github.com/NixOS/nixpkgs/pull/204902" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.46","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-43410","https://nvd.nist.gov/vuln/detail/CVE-2022-43410","mercurial","5.3","6.8","6.8.1","6.8.1","mercurial","2022A0000043410","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726 https://github.com/NixOS/nixpkgs/pull/275599 https://github.com/NixOS/nixpkgs/pull/275878" @@ -633,7 +717,7 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5-r7.cabal","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-40898","https://nvd.nist.gov/vuln/detail/CVE-2022-40898","wheel","7.5","0.37.1-source","0.43.0","0.44.0","python:wheel","2022A0000040898","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/210565" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","73.0.0","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","73.0.1","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.45.2","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" @@ -717,15 +801,21 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-882","https://osv.dev/OSV-2022-882","hunspell","","1.7.2","1.7.2","1.7.2","hunspell","2022A0000000882","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.76","5.76","5.77","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.2","0.21.2","0.21.2","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-785","https://osv.dev/OSV-2022-785","dnsmasq","","2.90","2.90","2.90","dnsmasq","2022A0000000785","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.10.3","0.10.3","0.10.3","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-608","https://osv.dev/OSV-2022-608","libjxl","","0.10.3","0.10.3","0.10.3","libjxl","2022A0000000608","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-572","https://osv.dev/OSV-2022-572","dnsmasq","","2.90","2.90","2.90","dnsmasq","2022A0000000572","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-530","https://osv.dev/OSV-2022-530","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2022A0000000530","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-524","https://osv.dev/OSV-2022-524","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2022A0000000524","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-519","https://osv.dev/OSV-2022-519","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2022A0000000519","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-0486","https://nvd.nist.gov/vuln/detail/CVE-2022-0486","network","7.8","3.1.4.0-r1.cabal","3.2.1.0","3.2.1.0","haskell:network","2022A0000000486","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-0486","https://nvd.nist.gov/vuln/detail/CVE-2022-0486","network","7.8","3.1.4.0","3.2.1.0","3.2.1.0","haskell:network","2022A0000000486","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-462","https://osv.dev/OSV-2022-462","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2022A0000000462","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-0391","https://nvd.nist.gov/vuln/detail/CVE-2022-0391","python","7.5","2.7.18.8","3.13.0rc1","3.12.5","python","2022A0000000391","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/203428" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-312","https://osv.dev/OSV-2022-312","dnsmasq","","2.90","2.90","2.90","dnsmasq","2022A0000000312","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-193","https://osv.dev/OSV-2022-193","w3m","","0.5.3+git20230121","0.5.3+git20230121","0.5.3+git20230121","w3m","2022A0000000193","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-73","https://osv.dev/OSV-2022-73","ghostscript","","10.03.1","10.03.1","10.03.1","ghostscript","2022A0000000073","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-rjvj-673q-4hfw","https://osv.dev/GHSA-rjvj-673q-4hfw","traceroute","","2.1.5","","","","2021A1633305600","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-m75h-cghq-c8h5","https://osv.dev/GHSA-m75h-cghq-c8h5","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2021A1632355200","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-pgcr-7wm4-mcv6","https://osv.dev/GHSA-pgcr-7wm4-mcv6","pem","","0.2.4","0.2.4","0.2.4","haskell:pem","2021A1628035200","False","","err_not_vulnerable_based_on_repology","" @@ -785,10 +875,14 @@ https://github.com/NixOS/nixpkgs/pull/195788" https://github.com/NixOS/nixpkgs/pull/120157" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-27400","https://nvd.nist.gov/vuln/detail/CVE-2021-27400","vault","7.5","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000027400","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/120155 https://github.com/NixOS/nixpkgs/pull/120157" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-26945","https://nvd.nist.gov/vuln/detail/CVE-2021-26945","openexr","5.5","2.5.10","","","","2021A0000026945","True","Fix patch https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-26720","https://nvd.nist.gov/vuln/detail/CVE-2021-26720","avahi","7.8","0.8","","","","2021A0000026720","True","False positive: issue refers avahi-daemon-check-dns.sh in the Debian avahi package. As such, the issue is specific to Debian and its derivatives.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-26260","https://nvd.nist.gov/vuln/detail/CVE-2021-26260","openexr","5.5","2.5.10","","","","2021A0000026260","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-23336","https://nvd.nist.gov/vuln/detail/CVE-2021-23336","python","5.9","2.7.18.8","3.13.0rc1","3.12.5","python","2021A0000023336","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/117037 https://github.com/NixOS/nixpkgs/pull/117082 https://github.com/NixOS/nixpkgs/pull/118403" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-23215","https://nvd.nist.gov/vuln/detail/CVE-2021-23215","openexr","5.5","2.5.10","","","","2021A0000023215","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-23169","https://nvd.nist.gov/vuln/detail/CVE-2021-23169","openexr","8.8","2.5.10","","","","2021A0000023169","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-21684","https://nvd.nist.gov/vuln/detail/CVE-2021-21684","git","6.1","2.45.2","","","","2021A0000021684","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-4336","https://nvd.nist.gov/vuln/detail/CVE-2021-4336","ninja","9.8","1.12.1","","","","2021A0000004336","True","Incorrect package: nixpkgs 'ninja' refers https://github.com/ninja-build/ninja, not https://github.com/ITRS-Group/monitor-ninja.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-4276","https://nvd.nist.gov/vuln/detail/CVE-2021-4276","hedgehog","8.8","1.4-r8.cabal","1.4","1.5","haskell:hedgehog","2021A0000004276","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/192632" @@ -807,10 +901,20 @@ https://github.com/NixOS/nixpkgs/pull/156822 https://github.com/NixOS/nixpkgs/pull/295087" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3733","https://nvd.nist.gov/vuln/detail/CVE-2021-3733","python","6.5","2.7.18.8","3.13.0rc1","3.12.5","python","2021A0000003733","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/203428" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3670","https://nvd.nist.gov/vuln/detail/CVE-2021-3670","samba","6.5","4.20.1","4.20.1","4.20.4","samba","2021A0000003670","False","","fix_not_available","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3605","https://nvd.nist.gov/vuln/detail/CVE-2021-3605","openexr","5.5","2.5.10","","","","2021A0000003605","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.10","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3572","https://nvd.nist.gov/vuln/detail/CVE-2021-3572","pip","5.7","20.3.4-source","24.0","24.2","pip","2021A0000003572","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5-r7.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-1157","https://osv.dev/OSV-2021-1157","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001157","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-1141","https://osv.dev/OSV-2021-1141","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001141","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-1110","https://osv.dev/OSV-2021-1110","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001110","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-1041","https://osv.dev/OSV-2021-1041","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001041","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-1024","https://osv.dev/OSV-2021-1024","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000001024","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-802","https://osv.dev/OSV-2021-802","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000802","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-787","https://osv.dev/OSV-2021-787","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000787","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-777","https://osv.dev/OSV-2021-777","libxml2","","2.13.2","","","","2021A0000000777","True","Fixed by https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325, which went to 2.9.13. Therefore, this issue is fixed in 2.10.4.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-765","https://osv.dev/OSV-2021-765","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000765","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.6","3.6.6","3.6.6","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.12","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-27748","https://nvd.nist.gov/vuln/detail/CVE-2020-27748","xdg-utils","6.5","1.2.1","1.2.1","1.2.1","xdg-utils","2020A0000027748","False","","fix_not_available","" @@ -830,12 +934,14 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-11104","https://nvd.nist.gov/vuln/detail/CVE-2020-11104","cereal","5.3","0.5.8.3","0.5.8.3","0.5.8.3","haskell:cereal","2020A0000011104","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-11021","https://nvd.nist.gov/vuln/detail/CVE-2020-11021","http-client","7.5","0.7.17","0.7.17","0.7.17","haskell:http-client","2020A0000011021","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.46","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.18.0","1.18.0","1.18.2","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.45.2","2.45.2","2.46.0","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2020-1420","https://osv.dev/OSV-2020-1420","libsass","","3.6.6","3.6.6","3.6.6","libsass","2020A0000001420","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2020-862","https://osv.dev/OSV-2020-862","libsass","","3.6.6","3.6.6","3.6.6","libsass","2020A0000000862","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2019-1003010","https://nvd.nist.gov/vuln/detail/CVE-2019-1003010","git","4.3","2.45.2","","","","2019A0001003010","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2019-20633","https://nvd.nist.gov/vuln/detail/CVE-2019-20633","patch","5.5","2.7.6","","","","2019A0000020633","True","Upstream patch is not merged: https://savannah.gnu.org/bugs/index.php?56683. Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2019-17178","https://nvd.nist.gov/vuln/detail/CVE-2019-17178","lodepng","7.5","3.10.1","","","","2019A0000017178","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2019-14900","https://nvd.nist.gov/vuln/detail/CVE-2019-14900","fuse","6.5","3.16.2","","","","2019A0000014900","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2019-14900","https://nvd.nist.gov/vuln/detail/CVE-2019-14900","fuse","6.5","2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9","","","","2019A0000014900","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2019-14900","https://nvd.nist.gov/vuln/detail/CVE-2019-14900","fuse","6.5","2.9.9","","","","2019A0000014900","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" @@ -872,10 +978,15 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.7","16.4","16.4","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.5","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.5","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5436","https://nvd.nist.gov/vuln/detail/CVE-2017-5436","graphite2","8.8","1.3.14","","","","2017A0000005436","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10141","https://nvd.nist.gov/vuln/detail/CVE-2016-10141","mujs","9.8","1.3.5","","","","2016A0000010141","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10133","https://nvd.nist.gov/vuln/detail/CVE-2016-10133","mujs","9.8","1.3.5","","","","2016A0000010133","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10132","https://nvd.nist.gov/vuln/detail/CVE-2016-10132","mujs","7.5","1.3.5","","","","2016A0000010132","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9294","https://nvd.nist.gov/vuln/detail/CVE-2016-9294","mujs","7.5","1.3.5","","","","2016A0000009294","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9136","https://nvd.nist.gov/vuln/detail/CVE-2016-9136","mujs","7.5","1.3.5","","","","2016A0000009136","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9109","https://nvd.nist.gov/vuln/detail/CVE-2016-9109","mujs","7.5","1.3.5","","","","2016A0000009109","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -883,9 +994,15 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-9017","https://nvd.nist.gov/vuln/detail/CVE-2016-9017","mujs","7.5","1.3.5","","","","2016A0000009017","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7564","https://nvd.nist.gov/vuln/detail/CVE-2016-7564","mujs","7.5","1.3.5","","","","2016A0000007564","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7563","https://nvd.nist.gov/vuln/detail/CVE-2016-7563","mujs","7.5","1.3.5","","","","2016A0000007563","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7506","https://nvd.nist.gov/vuln/detail/CVE-2016-7506","mujs","7.5","1.3.5","","","","2016A0000007506","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-7504","https://nvd.nist.gov/vuln/detail/CVE-2016-7504","mujs","9.8","1.3.5","","","","2016A0000007504","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-6131","https://nvd.nist.gov/vuln/detail/CVE-2016-6131","libiberty","7.5","13.3.0","","","","2016A0000006131","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298535" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4493","https://nvd.nist.gov/vuln/detail/CVE-2016-4493","libiberty","5.5","13.3.0","","","","2016A0000004493","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4492","https://nvd.nist.gov/vuln/detail/CVE-2016-4492","libiberty","4.4","13.3.0","","","","2016A0000004492","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4491","https://nvd.nist.gov/vuln/detail/CVE-2016-4491","libiberty","5.5","13.3.0","","","","2016A0000004491","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -900,6 +1017,39 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-5652","https://nvd.nist.gov/vuln/detail/CVE-2015-5652","python","","2.7.18.8","3.13.0rc1","3.12.5","python","2015A0000005652","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-4156","https://nvd.nist.gov/vuln/detail/CVE-2015-4156","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004156","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-4155","https://nvd.nist.gov/vuln/detail/CVE-2015-4155","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004155","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-35","7.1.1-36","7.1.1.36","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202402","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202402","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-2525","https://nvd.nist.gov/vuln/detail/CVE-2014-2525","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2014A0000002525","False","","err_not_vulnerable_based_on_repology","" diff --git a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md index d5775df..b5ab683 100644 --- a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md +++ b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/2ce8175bb2aec073c2c6c72f6db53ee7dce407be. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/01071e26fb6113341289651cb6930533818aba86. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -47,7 +47,79 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -```No vulnerabilities``` + +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-------------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| +| [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298535)]* | +| [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 2.5.10 | 3.2.4 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/300526)]* | +| [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9822](https://nvd.nist.gov/vuln/detail/CVE-2014-9822) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9821](https://nvd.nist.gov/vuln/detail/CVE-2014-9821) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9820](https://nvd.nist.gov/vuln/detail/CVE-2014-9820) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9819](https://nvd.nist.gov/vuln/detail/CVE-2014-9819) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2019-17178](https://nvd.nist.gov/vuln/detail/CVE-2019-17178) | lodepng | 7.5 | 3.10.1 | | | | +| [CVE-2016-10146](https://nvd.nist.gov/vuln/detail/CVE-2016-10146) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9854](https://nvd.nist.gov/vuln/detail/CVE-2014-9854) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9848](https://nvd.nist.gov/vuln/detail/CVE-2014-9848) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9804](https://nvd.nist.gov/vuln/detail/CVE-2014-9804) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2024-41817](https://nvd.nist.gov/vuln/detail/CVE-2024-41817) | imagemagick | 7.0 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7538](https://nvd.nist.gov/vuln/detail/CVE-2016-7538) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7532](https://nvd.nist.gov/vuln/detail/CVE-2016-7532) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7531](https://nvd.nist.gov/vuln/detail/CVE-2016-7531) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7514](https://nvd.nist.gov/vuln/detail/CVE-2016-7514) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7513](https://nvd.nist.gov/vuln/detail/CVE-2016-7513) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9816](https://nvd.nist.gov/vuln/detail/CVE-2014-9816) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9815](https://nvd.nist.gov/vuln/detail/CVE-2014-9815) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9814](https://nvd.nist.gov/vuln/detail/CVE-2014-9814) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9813](https://nvd.nist.gov/vuln/detail/CVE-2014-9813) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9812](https://nvd.nist.gov/vuln/detail/CVE-2014-9812) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9811](https://nvd.nist.gov/vuln/detail/CVE-2014-9811) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9810](https://nvd.nist.gov/vuln/detail/CVE-2014-9810) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9809](https://nvd.nist.gov/vuln/detail/CVE-2014-9809) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9808](https://nvd.nist.gov/vuln/detail/CVE-2014-9808) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9807](https://nvd.nist.gov/vuln/detail/CVE-2014-9807) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9806](https://nvd.nist.gov/vuln/detail/CVE-2014-9806) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2022-43410](https://nvd.nist.gov/vuln/detail/CVE-2022-43410) | mercurial | 5.3 | 6.8 | 6.8.1 | 6.8.1 | | +| [CVE-2024-43374](https://nvd.nist.gov/vuln/detail/CVE-2024-43374) | vim | 4.5 | 9.1.0595 | 9.1.0595 | 9.1.0680 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | +| [OSV-2024-728](https://osv.dev/OSV-2024-728) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | +| [OSV-2024-294](https://osv.dev/OSV-2024-294) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | +| [OSV-2023-1129](https://osv.dev/OSV-2023-1129) | libheif | | 1.18.0 | 1.18.0 | 1.18.2 | | +| [OSV-2023-34](https://osv.dev/OSV-2023-34) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | +| [OSV-2022-819](https://osv.dev/OSV-2022-819) | libraw | | 0.21.2 | 0.21.2 | 0.21.2 | | +| [OSV-2022-530](https://osv.dev/OSV-2022-530) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2022-524](https://osv.dev/OSV-2022-524) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | +| [OSV-2022-519](https://osv.dev/OSV-2022-519) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2022-462](https://osv.dev/OSV-2022-462) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2022-73](https://osv.dev/OSV-2022-73) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | +| [OSV-2021-1157](https://osv.dev/OSV-2021-1157) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1141](https://osv.dev/OSV-2021-1141) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1110](https://osv.dev/OSV-2021-1110) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1041](https://osv.dev/OSV-2021-1041) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1024](https://osv.dev/OSV-2021-1024) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-802](https://osv.dev/OSV-2021-802) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-787](https://osv.dev/OSV-2021-787) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-765](https://osv.dev/OSV-2021-765) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2020-2308](https://osv.dev/OSV-2020-2308) | libheif | | 1.18.0 | 1.18.0 | 1.18.2 | | + ## All Vulnerabilities Impacting Ghaf @@ -75,7 +147,13 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-35048](https://nvd.nist.gov/vuln/detail/CVE-2021-35048) | network | 9.8 | 3.1.4.0 | 3.2.1.0 | 3.2.1.0 | | | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.10.0 | 0.10.0 | 0.10.0 | | | [CVE-2020-11105](https://nvd.nist.gov/vuln/detail/CVE-2020-11105) | cereal | 9.8 | 0.5.8.3 | 0.5.8.3 | 0.5.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/121574), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | +| [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298535)]* | +| [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2002-0059](https://nvd.nist.gov/vuln/detail/CVE-2002-0059) | zlib | 9.8 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | | +| [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 2.5.10 | 3.2.4 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/300526)]* | | [CVE-2021-4048](https://nvd.nist.gov/vuln/detail/CVE-2021-4048) | lapack | 9.1 | 3 | 3.12.0 | 3.12.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/150788), [PR](https://github.com/NixOS/nixpkgs/pull/150906), [PR](https://github.com/NixOS/nixpkgs/pull/152147), [PR](https://github.com/NixOS/nixpkgs/pull/152359), [PR](https://github.com/NixOS/nixpkgs/pull/168777)]* | | [CVE-2024-7272](https://nvd.nist.gov/vuln/detail/CVE-2024-7272) | ffmpeg | 8.8 | 4.4.4 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/333021)]* | | [CVE-2022-28872](https://nvd.nist.gov/vuln/detail/CVE-2022-28872) | safe | 8.8 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | @@ -102,6 +180,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-4276](https://nvd.nist.gov/vuln/detail/CVE-2021-4276) | hedgehog | 8.8 | 1.4-r8.cabal | 1.4 | 1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/192632)]* | | [CVE-2021-4276](https://nvd.nist.gov/vuln/detail/CVE-2021-4276) | hedgehog | 8.8 | 1.4 | 1.4 | 1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/192632)]* | | [CVE-2017-17522](https://nvd.nist.gov/vuln/detail/CVE-2017-17522) | python | 8.8 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | +| [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.23.0 | 1.23.0 | | | [CVE-2023-24999](https://nvd.nist.gov/vuln/detail/CVE-2023-24999) | vault | 8.1 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/221835), [PR](https://github.com/NixOS/nixpkgs/pull/221841)]* | | [CVE-2023-24999](https://nvd.nist.gov/vuln/detail/CVE-2023-24999) | vault | 8.1 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/221835), [PR](https://github.com/NixOS/nixpkgs/pull/221841)]* | @@ -124,6 +206,15 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2019-11644](https://nvd.nist.gov/vuln/detail/CVE-2019-11644) | safe | 7.8 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2019-11644](https://nvd.nist.gov/vuln/detail/CVE-2019-11644) | safe | 7.8 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2019-5443](https://nvd.nist.gov/vuln/detail/CVE-2019-5443) | curl | 7.8 | 0.4.46 | | | | +| [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9822](https://nvd.nist.gov/vuln/detail/CVE-2014-9822) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9821](https://nvd.nist.gov/vuln/detail/CVE-2014-9821) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9820](https://nvd.nist.gov/vuln/detail/CVE-2014-9820) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9819](https://nvd.nist.gov/vuln/detail/CVE-2014-9819) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2024-35328](https://nvd.nist.gov/vuln/detail/CVE-2024-35328) | libyaml | 7.5 | 0.2.5 | 0.2.5 | 0.2.5 | | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | | | | | [CVE-2024-7348](https://nvd.nist.gov/vuln/detail/CVE-2024-7348) | postgresql | 7.5 | 15.7 | 16.4 | 16.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334479)]* | @@ -156,14 +247,20 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | | [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | | [CVE-2020-11021](https://nvd.nist.gov/vuln/detail/CVE-2020-11021) | http-client | 7.5 | 0.7.17 | 0.7.17 | 0.7.17 | | +| [CVE-2019-17178](https://nvd.nist.gov/vuln/detail/CVE-2019-17178) | lodepng | 7.5 | 3.10.1 | | | | | [CVE-2019-9674](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) | python | 7.5 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) | zlib | 7.5 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/165642), [PR](https://github.com/NixOS/nixpkgs/pull/166451), [PR](https://github.com/NixOS/nixpkgs/pull/167084), [PR](https://github.com/NixOS/nixpkgs/pull/205374)]* | | [CVE-2018-13162](https://nvd.nist.gov/vuln/detail/CVE-2018-13162) | alex | 7.5 | 3.4.0.1 | 3.4.0.1 | 3.5.1.0 | | | [CVE-2017-18589](https://nvd.nist.gov/vuln/detail/CVE-2017-18589) | cookie | 7.5 | 0.4.6 | 0.5.0 | 0.5.0 | | +| [CVE-2016-10146](https://nvd.nist.gov/vuln/detail/CVE-2016-10146) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9854](https://nvd.nist.gov/vuln/detail/CVE-2014-9854) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9848](https://nvd.nist.gov/vuln/detail/CVE-2014-9848) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9804](https://nvd.nist.gov/vuln/detail/CVE-2014-9804) | imagemagick | 7.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2024-0397](https://nvd.nist.gov/vuln/detail/CVE-2024-0397) | python | 7.4 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2023-1862](https://nvd.nist.gov/vuln/detail/CVE-2023-1862) | warp | 7.3 | 3.3.31 | 3.4.1 | 3.4.1 | | | [CVE-2022-37967](https://nvd.nist.gov/vuln/detail/CVE-2022-37967) | samba | 7.2 | 4.20.1 | 4.20.1 | 4.20.4 | | | [CVE-2024-4030](https://nvd.nist.gov/vuln/detail/CVE-2024-4030) | python | 7.1 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | +| [CVE-2024-41817](https://nvd.nist.gov/vuln/detail/CVE-2024-41817) | imagemagick | 7.0 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2022-26488](https://nvd.nist.gov/vuln/detail/CVE-2022-26488) | python | 7.0 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2023-2754](https://nvd.nist.gov/vuln/detail/CVE-2023-2754) | warp | 6.8 | 3.3.31 | 3.4.1 | 3.4.1 | | | [CVE-2023-0620](https://nvd.nist.gov/vuln/detail/CVE-2023-0620) | vault | 6.7 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | @@ -187,6 +284,13 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-3670](https://nvd.nist.gov/vuln/detail/CVE-2021-3670) | samba | 6.5 | 4.20.1 | 4.20.1 | 4.20.4 | | | [CVE-2020-27748](https://nvd.nist.gov/vuln/detail/CVE-2020-27748) | xdg-utils | 6.5 | 1.2.1 | 1.2.1 | 1.2.1 | | | [CVE-2017-18207](https://nvd.nist.gov/vuln/detail/CVE-2017-18207) | python | 6.5 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | +| [CVE-2016-7538](https://nvd.nist.gov/vuln/detail/CVE-2016-7538) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7532](https://nvd.nist.gov/vuln/detail/CVE-2016-7532) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7531](https://nvd.nist.gov/vuln/detail/CVE-2016-7531) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7514](https://nvd.nist.gov/vuln/detail/CVE-2016-7514) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2016-7513](https://nvd.nist.gov/vuln/detail/CVE-2016-7513) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2024-0450](https://nvd.nist.gov/vuln/detail/CVE-2024-0450) | python | 6.2 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298006), [PR](https://github.com/NixOS/nixpkgs/pull/299123), [PR](https://github.com/NixOS/nixpkgs/pull/299125)]* | | [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.23.0 | 1.23.0 | | | [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.23.0 | 1.23.0 | | @@ -196,7 +300,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-48566](https://nvd.nist.gov/vuln/detail/CVE-2022-48566) | python | 5.9 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | -| [CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897) | setuptools | 5.9 | 44.0.0-source | 72.1.0 | 73.0.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/331098)]* | +| [CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897) | setuptools | 5.9 | 44.0.0-source | 72.1.0 | 73.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/331098)]* | | [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336) | python | 5.9 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/117037), [PR](https://github.com/NixOS/nixpkgs/pull/117082), [PR](https://github.com/NixOS/nixpkgs/pull/118403)]* | | [CVE-2021-3572](https://nvd.nist.gov/vuln/detail/CVE-2021-3572) | pip | 5.7 | 20.3.4-source | 24.0 | 24.2 | | | [CVE-2024-24789](https://nvd.nist.gov/vuln/detail/CVE-2024-24789) | go | 5.5 | 1.21.0-linux-amd | 1.23.0 | 1.23.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/319485), [PR](https://github.com/NixOS/nixpkgs/pull/334447)]* | @@ -211,6 +315,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 0.6.3.0-r4.cabal | 0.7.1.0 | 0.7.1.0 | | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | | | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | +| [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2023-0238](https://nvd.nist.gov/vuln/detail/CVE-2023-0238) | warp | 5.5 | 3.3.31 | 3.4.1 | 3.4.1 | | | [CVE-2022-4457](https://nvd.nist.gov/vuln/detail/CVE-2022-4457) | warp | 5.5 | 3.3.31 | 3.4.1 | 3.4.1 | | | [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615) | samba | 5.5 | 4.20.1 | 4.20.1 | 4.20.4 | | @@ -220,6 +325,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-4235](https://nvd.nist.gov/vuln/detail/CVE-2021-4235) | yaml | 5.5 | 0.11.11.2 | 0.11.11.2 | 0.11.11.2 | | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2017-8806](https://nvd.nist.gov/vuln/detail/CVE-2017-8806) | postgresql | 5.5 | 15.7 | 16.4 | 16.4 | | +| [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9816](https://nvd.nist.gov/vuln/detail/CVE-2014-9816) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9815](https://nvd.nist.gov/vuln/detail/CVE-2014-9815) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9814](https://nvd.nist.gov/vuln/detail/CVE-2014-9814) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9813](https://nvd.nist.gov/vuln/detail/CVE-2014-9813) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9812](https://nvd.nist.gov/vuln/detail/CVE-2014-9812) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9811](https://nvd.nist.gov/vuln/detail/CVE-2014-9811) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9810](https://nvd.nist.gov/vuln/detail/CVE-2014-9810) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9809](https://nvd.nist.gov/vuln/detail/CVE-2014-9809) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9808](https://nvd.nist.gov/vuln/detail/CVE-2014-9808) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9807](https://nvd.nist.gov/vuln/detail/CVE-2014-9807) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9806](https://nvd.nist.gov/vuln/detail/CVE-2014-9806) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | +| [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-35 | 7.1.1-36 | 7.1.1.36 | | | [CVE-2024-21485](https://nvd.nist.gov/vuln/detail/CVE-2024-21485) | dash | 5.4 | 0.5.12 | | | | | [CVE-2023-41940](https://nvd.nist.gov/vuln/detail/CVE-2023-41940) | tap | 5.4 | 1.0.1 | 0.77 | 0.77 | | | [CVE-2023-2121](https://nvd.nist.gov/vuln/detail/CVE-2023-2121) | vault | 5.4 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236911), [PR](https://github.com/NixOS/nixpkgs/pull/239559), [PR](https://github.com/NixOS/nixpkgs/pull/239571)]* | @@ -232,6 +352,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-41957](https://nvd.nist.gov/vuln/detail/CVE-2024-41957) | vim | 5.3 | 9.1.0595 | 9.1.0595 | 9.1.0680 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217) | python | 5.3 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.15 | 2.15 | 2.15 | | +| [CVE-2022-43410](https://nvd.nist.gov/vuln/detail/CVE-2022-43410) | mercurial | 5.3 | 6.8 | 6.8.1 | 6.8.1 | | | [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | | [CVE-2021-44751](https://nvd.nist.gov/vuln/detail/CVE-2021-44751) | safe | 5.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | @@ -248,6 +369,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 13.3.0 | 13.3.0 | 14.2.0 | | | [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | +| [CVE-2024-43374](https://nvd.nist.gov/vuln/detail/CVE-2024-43374) | vim | 4.5 | 9.1.0595 | 9.1.0595 | 9.1.0680 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2022-28870](https://nvd.nist.gov/vuln/detail/CVE-2022-28870) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | @@ -282,6 +404,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-4032](https://nvd.nist.gov/vuln/detail/CVE-2024-4032) | python | | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [OSV-2024-919](https://osv.dev/OSV-2024-919) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | | [OSV-2024-831](https://osv.dev/OSV-2024-831) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | +| [OSV-2024-728](https://osv.dev/OSV-2024-728) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | | [OSV-2024-678](https://osv.dev/OSV-2024-678) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | | | [OSV-2024-517](https://osv.dev/OSV-2024-517) | libaom | | 3.9.1 | | | | | [OSV-2024-460](https://osv.dev/OSV-2024-460) | glslang | | 14.3.0 | 14.3.0 | 14.3.0 | | @@ -290,6 +413,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2024-395](https://osv.dev/OSV-2024-395) | libpcap | | 1.10.4 | 1.10.4 | 1.10.4 | | | [OSV-2024-371](https://osv.dev/OSV-2024-371) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | | [OSV-2024-330](https://osv.dev/OSV-2024-330) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | +| [OSV-2024-294](https://osv.dev/OSV-2024-294) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | | [OSV-2024-233](https://osv.dev/OSV-2024-233) | openh264 | | 2.4.1 | 2.4.1 | 2.4.1 | | | [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | | | [GHSA-vjrq-cg9x-rfjp](https://osv.dev/GHSA-vjrq-cg9x-rfjp) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | | @@ -297,6 +421,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2023-1344](https://osv.dev/OSV-2023-1344) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | | [OSV-2023-1329](https://osv.dev/OSV-2023-1329) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | | [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.4.5 | 1.4.5 | 1.4.5 | | +| [OSV-2023-1129](https://osv.dev/OSV-2023-1129) | libheif | | 1.18.0 | 1.18.0 | 1.18.2 | | | [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.4.5 | 1.4.5 | 1.4.5 | | | [OSV-2023-862](https://osv.dev/OSV-2023-862) | gstreamer | | 1.24.3 | 1.24.3 | 1.24.6 | | | [OSV-2023-675](https://osv.dev/OSV-2023-675) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | | @@ -306,6 +431,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2023-327](https://osv.dev/OSV-2023-327) | hunspell | | 1.7.2 | 1.7.2 | 1.7.2 | | | [OSV-2023-298](https://osv.dev/OSV-2023-298) | cairo | | 1.18.0 | 1.17.13 | 1.17.13 | | | [OSV-2023-197](https://osv.dev/OSV-2023-197) | p11-kit | | 0.25.5 | 0.25.5 | 0.25.5 | | +| [OSV-2023-34](https://osv.dev/OSV-2023-34) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | | [OSV-2023-14](https://osv.dev/OSV-2023-14) | hunspell | | 1.7.2 | 1.7.2 | 1.7.2 | | | [OSV-2022-1276](https://osv.dev/OSV-2022-1276) | openvpn | | 2.6.11 | 2.6.11 | 2.6.12 | | | [OSV-2022-1201](https://osv.dev/OSV-2022-1201) | opensc | | 0.25.1 | 0.25.1 | 0.25.1 | | @@ -314,18 +440,33 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2022-896](https://osv.dev/OSV-2022-896) | libsass | | 3.6.6 | 3.6.6 | 3.6.6 | Unclear if this is still valid. | | [OSV-2022-882](https://osv.dev/OSV-2022-882) | hunspell | | 1.7.2 | 1.7.2 | 1.7.2 | | | [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.76 | 5.76 | 5.77 | Unclear if this is still valid. | +| [OSV-2022-819](https://osv.dev/OSV-2022-819) | libraw | | 0.21.2 | 0.21.2 | 0.21.2 | | | [OSV-2022-785](https://osv.dev/OSV-2022-785) | dnsmasq | | 2.90 | 2.90 | 2.90 | | | [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.10.3 | 0.10.3 | 0.10.3 | Unclear if this is still valid. | | [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.10.3 | 0.10.3 | 0.10.3 | Unclear if this is still valid. | | [OSV-2022-572](https://osv.dev/OSV-2022-572) | dnsmasq | | 2.90 | 2.90 | 2.90 | | +| [OSV-2022-530](https://osv.dev/OSV-2022-530) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2022-524](https://osv.dev/OSV-2022-524) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | +| [OSV-2022-519](https://osv.dev/OSV-2022-519) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2022-462](https://osv.dev/OSV-2022-462) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | | [OSV-2022-312](https://osv.dev/OSV-2022-312) | dnsmasq | | 2.90 | 2.90 | 2.90 | | | [OSV-2022-193](https://osv.dev/OSV-2022-193) | w3m | | 0.5.3+git2023012 | 0.5.3+git2023012 | 0.5.3+git2023012 | Unclear if this is still valid. | +| [OSV-2022-73](https://osv.dev/OSV-2022-73) | ghostscript | | 10.03.1 | 10.03.1 | 10.03.1 | | | [GHSA-rjvj-673q-4hfw](https://osv.dev/GHSA-rjvj-673q-4hfw) | traceroute | | 2.1.5 | | | | | [GHSA-m75h-cghq-c8h5](https://osv.dev/GHSA-m75h-cghq-c8h5) | libyaml | | 0.1.4 | 0.1.4 | 0.1.4 | | | [GHSA-pgcr-7wm4-mcv6](https://osv.dev/GHSA-pgcr-7wm4-mcv6) | pem | | 0.2.4 | 0.2.4 | 0.2.4 | | | [BIT-lua-2021-43519](https://osv.dev/BIT-lua-2021-43519) | lua | | 5.2.4 | 5.4.6 | 5.4.7 | | +| [OSV-2021-1157](https://osv.dev/OSV-2021-1157) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1141](https://osv.dev/OSV-2021-1141) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1110](https://osv.dev/OSV-2021-1110) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1041](https://osv.dev/OSV-2021-1041) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-1024](https://osv.dev/OSV-2021-1024) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-802](https://osv.dev/OSV-2021-802) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-787](https://osv.dev/OSV-2021-787) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | +| [OSV-2021-765](https://osv.dev/OSV-2021-765) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. | | [OSV-2021-508](https://osv.dev/OSV-2021-508) | libsass | | 3.6.6 | 3.6.6 | 3.6.6 | Unclear if this is still valid. | | [CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529) | systemd | | 256.2 | 256.4 | 256.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/127461)]* | +| [OSV-2020-2308](https://osv.dev/OSV-2020-2308) | libheif | | 1.18.0 | 1.18.0 | 1.18.2 | | | [OSV-2020-1420](https://osv.dev/OSV-2020-1420) | libsass | | 3.6.6 | 3.6.6 | 3.6.6 | | | [OSV-2020-862](https://osv.dev/OSV-2020-862) | libsass | | 3.6.6 | 3.6.6 | 3.6.6 | | | [RUSTSEC-2019-0006](https://osv.dev/RUSTSEC-2019-0006) | ncurses | | 6.4.20221231 | 6.4.20221231 | 6.5 | | @@ -361,6 +502,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2016-7504](https://nvd.nist.gov/vuln/detail/CVE-2016-7504) | mujs | 9.8 | 1.3.5 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.45.2 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.5.16 | Latest impacted version in 3.x is 3.0.4. | +| [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2018-6553](https://nvd.nist.gov/vuln/detail/CVE-2018-6553) | cups | 8.8 | 2.4.10 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2017-5436](https://nvd.nist.gov/vuln/detail/CVE-2017-5436) | graphite2 | 8.8 | 1.3.14 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2022-48434](https://nvd.nist.gov/vuln/detail/CVE-2022-48434) | ffmpeg | 8.1 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 [link](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db). | @@ -425,6 +567,11 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2021-33456](https://nvd.nist.gov/vuln/detail/CVE-2021-33456) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. | | [CVE-2021-33455](https://nvd.nist.gov/vuln/detail/CVE-2021-33455) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. | | [CVE-2021-33454](https://nvd.nist.gov/vuln/detail/CVE-2021-33454) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. | +| [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.10 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. | +| [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | +| [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | +| [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | +| [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2019-20633](https://nvd.nist.gov/vuln/detail/CVE-2019-20633) | patch | 5.5 | 2.7.6 | Upstream patch is not merged: [link](https://savannah.gnu.org/bugs/index.php?56683). Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6293](https://nvd.nist.gov/vuln/detail/CVE-2019-6293) | flex | 5.5 | 2.6.4 | NVD data issue: CPE entry does not correctly state the version numbers. |