diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
index c1613e4..c1e2b1d 100644
--- a/.github/workflows/vulnerability-scan.yml
+++ b/.github/workflows/vulnerability-scan.yml
@@ -25,9 +25,9 @@ jobs:
connect-timeout = 5
system-features = nixos-test benchmark big-parallel kvm
- name: Ghaf Vulnerability Scan (main)
- run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/main --flakeref=github:tiiuae/ghaf?ref=main --target=packages.x86_64-linux.lenovo-x1-carbon-gen11-release --target=packages.riscv64-linux.microchip-icicle-kit-release --target=packages.aarch64-linux.nvidia-jetson-orin-nx-release
+ run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/main --flakeref=github:tiiuae/ghaf?ref=main --target=packages.x86_64-linux.lenovo-x1-carbon-gen11-release --target=packages.aarch64-linux.nvidia-jetson-orin-nx-release
- name: Ghaf Vulnerability Scan (ghaf-24.03)
- run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/ghaf-24.03 --flakeref=github:tiiuae/ghaf?ref=ghaf-24.03 --target=packages.x86_64-linux.lenovo-x1-carbon-gen11-release --target=packages.aarch64-linux.nvidia-jetson-orin-nx-release
+ run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/ghaf-24.03 --flakeref=github:tiiuae/ghaf?ref=ghaf-24.03 --target=packages.x86_64-linux.lenovo-x1-carbon-gen11-release
- name: Ghaf Vulnerability Scan (ghaf-23.12)
run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/ghaf-23.12 --flakeref=github:tiiuae/ghaf?ref=ghaf-23.12 --target=packages.x86_64-linux.lenovo-x1-carbon-gen11-release
- uses: stefanzweifel/git-auto-commit-action@v4
diff --git a/README.md b/README.md
index 89b46ab..bd8ec8a 100644
--- a/README.md
+++ b/README.md
@@ -11,10 +11,8 @@ The Ghaf [vulnerability reports](./reports/) available on this repository are au
## Example Reports
- [Ghaf 'main' x86_64-linux.lenovo-x1-carbon-gen11-release](./reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md)
-- [Ghaf 'main' riscv64-linux.microchip-icicle-kit-release](./reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md)
- [Ghaf 'main' aarch64-linux.nvidia-jetson-orin-nx-release](./reports/main/packages.aarch64-linux.nvidia-jetson-orin-nx-release.md)
- [Ghaf 'ghaf-24.03' x86_64-linux.lenovo-x1-carbon-gen11-release](./reports/ghaf-24.03/packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md)
-- [Ghaf 'ghaf-24.03' aarch64-linux.nvidia-jetson-orin-nx-release](./reports/ghaf-24.03/packages.aarch64-linux.nvidia-jetson-orin-nx-release.md)
- [Ghaf 'ghaf-23.12' x86_64-linux.lenovo-x1-carbon-gen11-release](./reports/ghaf-23.12/packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md)
## Motivation
diff --git a/reports/ghaf-24.03/README.md b/reports/ghaf-24.03/README.md
index 84f8370..d233259 100644
--- a/reports/ghaf-24.03/README.md
+++ b/reports/ghaf-24.03/README.md
@@ -9,5 +9,4 @@ SPDX-License-Identifier: CC-BY-SA-4.0
See the following links for detailled Ghaf vulnerability reports:
* [Vulnerability Report: 'packages.x86_64-linux.lenovo-x1-carbon-gen11-release'](packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md)
-* [Vulnerability Report: 'packages.aarch64-linux.nvidia-jetson-orin-nx-release'](packages.aarch64-linux.nvidia-jetson-orin-nx-release.md)
diff --git a/reports/ghaf-24.03/packages.aarch64-linux.nvidia-jetson-orin-nx-release.md b/reports/ghaf-24.03/packages.aarch64-linux.nvidia-jetson-orin-nx-release.md
deleted file mode 100644
index 3935d42..0000000
--- a/reports/ghaf-24.03/packages.aarch64-linux.nvidia-jetson-orin-nx-release.md
+++ /dev/null
@@ -1,839 +0,0 @@
-
-
-# Vulnerability Report
-
-This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=ghaf-24.03#packages.aarch64-linux.nvidia-jetson-orin-nx-release` revision https://github.com/tiiuae/ghaf/commit/0783c4d1bb47c9f8f5427ea7761d77aeda5ffdf6. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target.
-
-This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file.
-
-See section [Theory of Operation](https://github.com/tiiuae/ghafscan#theory-of-operation) in the [ghafscan README.md](https://github.com/tiiuae/ghafscan/blob/main/README.md) for details of how the data on this report is generated.
-
-Reports
-=================
-
-* [Vulnerabilities Fixed in Ghaf nixpkgs Upstream](#vulnerabilities-fixed-in-ghaf-nixpkgs-upstream)
-* [Vulnerabilities Fixed in nix-unstable](#vulnerabilities-fixed-in-nix-unstable)
-* [New Vulnerabilities Since Last Run](#new-vulnerabilities-since-last-run)
-* [All Vulnerabilities Impacting Ghaf](#all-vulnerabilities-impacting-ghaf)
-* [Whitelisted Vulnerabilities](#whitelisted-vulnerabilities)
-
-## Vulnerabilities Fixed in Ghaf nixpkgs Upstream
-
-Following table lists vulnerabilities that have been fixed in the nixpkgs channel the Ghaf target is currently pinned to, but the fixes have not been included in Ghaf.
-
-Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/flake.lock) file to mitigate the following issues:
-
-
-| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
-|-------------------------------------------------------------------|-------------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [CVE-2024-24577](https://nvd.nist.gov/vuln/detail/CVE-2024-24577) | libgit2 | 9.8 | 1.7.1 | 1.7.2 | 1.8.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286911), [PR](https://github.com/NixOS/nixpkgs/pull/287829), [PR](https://github.com/NixOS/nixpkgs/pull/287841)]* |
-| [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* |
-| [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* |
-| [CVE-2023-6816](https://nvd.nist.gov/vuln/detail/CVE-2023-6816) | xorg-server | 9.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 3.2.1 | 3.2.2 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288214), [PR](https://github.com/NixOS/nixpkgs/pull/289291), [PR](https://github.com/NixOS/nixpkgs/pull/291549), [PR](https://github.com/NixOS/nixpkgs/pull/300526)]* |
-| [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 2.5.8 | 3.2.2 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288214), [PR](https://github.com/NixOS/nixpkgs/pull/289291), [PR](https://github.com/NixOS/nixpkgs/pull/291549), [PR](https://github.com/NixOS/nixpkgs/pull/300526)]* |
-| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-45235](https://nvd.nist.gov/vuln/detail/CVE-2023-45235) | edk2 | 8.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45234](https://nvd.nist.gov/vuln/detail/CVE-2023-45234) | edk2 | 8.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45230](https://nvd.nist.gov/vuln/detail/CVE-2023-45230) | edk2 | 8.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* |
-| [CVE-2024-0985](https://nvd.nist.gov/vuln/detail/CVE-2024-0985) | postgresql | 8.0 | 15.5 | 16.2 | 16.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/287353)]* |
-| [CVE-2024-21886](https://nvd.nist.gov/vuln/detail/CVE-2024-21886) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-21885](https://nvd.nist.gov/vuln/detail/CVE-2024-21885) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-0229](https://nvd.nist.gov/vuln/detail/CVE-2024-0229) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2022-36765](https://nvd.nist.gov/vuln/detail/CVE-2022-36765) | edk2 | 7.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2022-36764](https://nvd.nist.gov/vuln/detail/CVE-2022-36764) | edk2 | 7.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2022-36763](https://nvd.nist.gov/vuln/detail/CVE-2022-36763) | edk2 | 7.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2024-25062](https://nvd.nist.gov/vuln/detail/CVE-2024-25062) | libxml2 | 7.5 | 2.11.5 | 2.12.6 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286300), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* |
-| [CVE-2024-24575](https://nvd.nist.gov/vuln/detail/CVE-2024-24575) | libgit2 | 7.5 | 1.7.1 | 1.7.2 | 1.8.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286911), [PR](https://github.com/NixOS/nixpkgs/pull/287829), [PR](https://github.com/NixOS/nixpkgs/pull/287841)]* |
-| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/297657)]* |
-| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/297657)]* |
-| [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) | unbound | 7.5 | 1.18.0 | 1.19.2 | 1.19.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288564), [PR](https://github.com/NixOS/nixpkgs/pull/288652), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288792)]* |
-| [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) | dnsmasq | 7.5 | 2.89 | 2.90 | 2.90 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288564), [PR](https://github.com/NixOS/nixpkgs/pull/288652), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288792)]* |
-| [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288564), [PR](https://github.com/NixOS/nixpkgs/pull/288652), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288792)]* |
-| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.22.1 | 1.22.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580), [PR](https://github.com/NixOS/nixpkgs/pull/301373)]* |
-| [CVE-2023-45237](https://nvd.nist.gov/vuln/detail/CVE-2023-45237) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45236](https://nvd.nist.gov/vuln/detail/CVE-2023-45236) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45233](https://nvd.nist.gov/vuln/detail/CVE-2023-45233) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45232](https://nvd.nist.gov/vuln/detail/CVE-2023-45232) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-28450](https://nvd.nist.gov/vuln/detail/CVE-2023-28450) | dnsmasq | 7.5 | 2.89 | 2.90 | 2.90 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288796)]* |
-| [CVE-2023-5679](https://nvd.nist.gov/vuln/detail/CVE-2023-5679) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288662)]* |
-| [CVE-2023-5517](https://nvd.nist.gov/vuln/detail/CVE-2023-5517) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288662)]* |
-| [CVE-2023-4408](https://nvd.nist.gov/vuln/detail/CVE-2023-4408) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288662)]* |
-| [CVE-2024-24806](https://nvd.nist.gov/vuln/detail/CVE-2024-24806) | libuv | 7.3 | 1.46.0 | 1.48.0 | 1.48.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/287226)]* |
-| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184), [PR](https://github.com/NixOS/nixpkgs/pull/300671)]* |
-| [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* |
-| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.6 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* |
-| [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6129](https://nvd.nist.gov/vuln/detail/CVE-2023-6129) | openssl | 6.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* |
-| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-1580](https://nvd.nist.gov/vuln/detail/CVE-2024-1580) | dav1d | 5.9 | 1.2.1 | 1.4.1 | 1.4.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288951), [PR](https://github.com/NixOS/nixpkgs/pull/290956)]* |
-| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276505), [PR](https://github.com/NixOS/nixpkgs/pull/294783), [PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295142)]* |
-| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276505), [PR](https://github.com/NixOS/nixpkgs/pull/294783), [PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295142)]* |
-| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276505), [PR](https://github.com/NixOS/nixpkgs/pull/294783), [PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295142)]* |
-| [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) | openssl | 5.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* |
-| [CVE-2024-0408](https://nvd.nist.gov/vuln/detail/CVE-2024-0408) | xorg-server | 5.5 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184), [PR](https://github.com/NixOS/nixpkgs/pull/300671)]* |
-| [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | |
-| [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | |
-| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580), [PR](https://github.com/NixOS/nixpkgs/pull/301373)]* |
-| [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* |
-| [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-5680](https://nvd.nist.gov/vuln/detail/CVE-2023-5680) | bind | 5.3 | 9.18.19 | 9.18.25 | 9.18.25 | |
-| [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* |
-| [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* |
-| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* |
-| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-31393](https://nvd.nist.gov/vuln/detail/CVE-2024-31393) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-31392](https://nvd.nist.gov/vuln/detail/CVE-2024-31392) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* |
-| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* |
-| [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1554](https://nvd.nist.gov/vuln/detail/CVE-2024-1554) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1553](https://nvd.nist.gov/vuln/detail/CVE-2024-1553) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1552](https://nvd.nist.gov/vuln/detail/CVE-2024-1552) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1551](https://nvd.nist.gov/vuln/detail/CVE-2024-1551) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1550](https://nvd.nist.gov/vuln/detail/CVE-2024-1550) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1549](https://nvd.nist.gov/vuln/detail/CVE-2024-1549) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1548](https://nvd.nist.gov/vuln/detail/CVE-2024-1548) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1547](https://nvd.nist.gov/vuln/detail/CVE-2024-1547) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1546](https://nvd.nist.gov/vuln/detail/CVE-2024-1546) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-5388](https://nvd.nist.gov/vuln/detail/CVE-2023-5388) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/289161), [PR](https://github.com/NixOS/nixpkgs/pull/289162)]* |
-
-
-## Vulnerabilities Fixed in nix-unstable
-
-Following table lists vulnerabilities that have been fixed in nixpkgs nix-unstable channel, but the fixes have not been backported to the channel the Ghaf target is currently pinned to.
-
-Following issues potentially require backporting the fix from nixpkgs-unstable to the correct nixpkgs release branch.
-
-Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community backport the fix to the correct nixpkgs branch:
-
-
-| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
-|-------------------------------------------------------------------|-------------|------------|------------------|----------------|------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [CVE-2024-22862](https://nvd.nist.gov/vuln/detail/CVE-2024-22862) | ffmpeg | 9.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22862](https://nvd.nist.gov/vuln/detail/CVE-2024-22862) | ffmpeg | 9.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3.1 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* |
-| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0-r1.cabal | 0.10.0 | 0.10.0 | |
-| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0 | 0.10.0 | 0.10.0 | |
-| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xorg-server | 7.8 | 21.1.11 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* |
-| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.38-44-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587), [PR](https://github.com/NixOS/nixpkgs/pull/285588)]* |
-| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587), [PR](https://github.com/NixOS/nixpkgs/pull/285588)]* |
-| [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | glibc | 7.8 | 2.38-44-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/258972), [PR](https://github.com/NixOS/nixpkgs/pull/258975), [PR](https://github.com/NixOS/nixpkgs/pull/259039)]* |
-| [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | glibc | 7.8 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/258972), [PR](https://github.com/NixOS/nixpkgs/pull/258975), [PR](https://github.com/NixOS/nixpkgs/pull/259039)]* |
-| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | |
-| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | |
-| [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | glibc | 7.5 | 2.38-44-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | glibc | 7.5 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-44-source-u | | | |
-| [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-44 | | | |
-| [CVE-2024-31082](https://nvd.nist.gov/vuln/detail/CVE-2024-31082) | xorg-server | 7.3 | 21.1.11 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-31081](https://nvd.nist.gov/vuln/detail/CVE-2024-31081) | xorg-server | 7.3 | 21.1.11 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-31080](https://nvd.nist.gov/vuln/detail/CVE-2024-31080) | xorg-server | 7.3 | 21.1.11 | 21.1.12 | 21.1.12 | |
-| [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* |
-| [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* |
-| [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* |
-| [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.38-44-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* |
-| [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* |
-| [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.5 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* |
-| [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* |
-| [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* |
-| [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.3 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* |
-| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* |
-| [CVE-2023-6780](https://nvd.nist.gov/vuln/detail/CVE-2023-6780) | glibc | 5.3 | 2.38-44-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-6780](https://nvd.nist.gov/vuln/detail/CVE-2023-6780) | glibc | 5.3 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.3 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* |
-| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | |
-| [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | |
-| [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [OSV-2021-594](https://osv.dev/OSV-2021-594) | libheif | | 1.15.2 | 1.17.6 | 1.17.6 | |
-| [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.2 | 3.2.4 | |
-| [OSV-2020-438](https://osv.dev/OSV-2020-438) | capstone | | 4.0.2 | 5.0.1 | 5.0.1 | |
-
-
-
-## New Vulnerabilities Since Last Run
-
-Following table lists vulnerabilities currently impacting the Ghaf target that have emerged since the last time this vulnerability report was generated.
-
-Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:
-
-```No vulnerabilities```
-
-
-## All Vulnerabilities Impacting Ghaf
-
-Following table lists all vulnerabilities currently impacting the Ghaf target.
-
-Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:
-
-
-| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
-|-------------------------------------------------------------------|-------------|------------|------------------|------------------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [CVE-2024-24577](https://nvd.nist.gov/vuln/detail/CVE-2024-24577) | libgit2 | 9.8 | 1.7.1 | 1.7.2 | 1.8.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286911), [PR](https://github.com/NixOS/nixpkgs/pull/287829), [PR](https://github.com/NixOS/nixpkgs/pull/287841)]* |
-| [CVE-2024-22862](https://nvd.nist.gov/vuln/detail/CVE-2024-22862) | ffmpeg | 9.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22862](https://nvd.nist.gov/vuln/detail/CVE-2024-22862) | ffmpeg | 9.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* |
-| [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* |
-| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3.1 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* |
-| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
-| [CVE-2023-6816](https://nvd.nist.gov/vuln/detail/CVE-2023-6816) | xorg-server | 9.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221) | curl | 9.8 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/198730)]* |
-| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0-r1.cabal | 0.10.0 | 0.10.0 | |
-| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0 | 0.10.0 | 0.10.0 | |
-| [CVE-2017-5511](https://nvd.nist.gov/vuln/detail/CVE-2017-5511) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298535)]* |
-| [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 3.2.1 | 3.2.2 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288214), [PR](https://github.com/NixOS/nixpkgs/pull/289291), [PR](https://github.com/NixOS/nixpkgs/pull/291549), [PR](https://github.com/NixOS/nixpkgs/pull/300526)]* |
-| [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 2.5.8 | 3.2.2 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288214), [PR](https://github.com/NixOS/nixpkgs/pull/289291), [PR](https://github.com/NixOS/nixpkgs/pull/291549), [PR](https://github.com/NixOS/nixpkgs/pull/300526)]* |
-| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-45235](https://nvd.nist.gov/vuln/detail/CVE-2023-45235) | edk2 | 8.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45234](https://nvd.nist.gov/vuln/detail/CVE-2023-45234) | edk2 | 8.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45230](https://nvd.nist.gov/vuln/detail/CVE-2023-45230) | edk2 | 8.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.1.3 | 8.2.2 | 8.2.2 | |
-| [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* |
-| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
-| [CVE-2024-0985](https://nvd.nist.gov/vuln/detail/CVE-2024-0985) | postgresql | 8.0 | 15.5 | 16.2 | 16.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/287353)]* |
-| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2024-21886](https://nvd.nist.gov/vuln/detail/CVE-2024-21886) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-21885](https://nvd.nist.gov/vuln/detail/CVE-2024-21885) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-0229](https://nvd.nist.gov/vuln/detail/CVE-2024-0229) | xorg-server | 7.8 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* |
-| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.38-27-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587), [PR](https://github.com/NixOS/nixpkgs/pull/285588)]* |
-| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.38-27 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587), [PR](https://github.com/NixOS/nixpkgs/pull/285588)]* |
-| [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | glibc | 7.8 | 2.38-27-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/258972), [PR](https://github.com/NixOS/nixpkgs/pull/258975), [PR](https://github.com/NixOS/nixpkgs/pull/259039)]* |
-| [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | glibc | 7.8 | 2.38-27 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/258972), [PR](https://github.com/NixOS/nixpkgs/pull/258975), [PR](https://github.com/NixOS/nixpkgs/pull/259039)]* |
-| [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.1.3 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). |
-| [CVE-2022-36765](https://nvd.nist.gov/vuln/detail/CVE-2022-36765) | edk2 | 7.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2022-36764](https://nvd.nist.gov/vuln/detail/CVE-2022-36764) | edk2 | 7.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2022-36763](https://nvd.nist.gov/vuln/detail/CVE-2022-36763) | edk2 | 7.8 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | |
-| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | |
-| [CVE-2021-37322](https://nvd.nist.gov/vuln/detail/CVE-2021-37322) | gcc | 7.8 | 9.5.0 | 13.2.0 | 13.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259666)]* |
-| [CVE-2019-5443](https://nvd.nist.gov/vuln/detail/CVE-2019-5443) | curl | 7.8 | 0.4.44 | | | |
-| [CVE-2017-5510](https://nvd.nist.gov/vuln/detail/CVE-2017-5510) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2017-5509](https://nvd.nist.gov/vuln/detail/CVE-2017-5509) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9822](https://nvd.nist.gov/vuln/detail/CVE-2014-9822) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9821](https://nvd.nist.gov/vuln/detail/CVE-2014-9821) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9820](https://nvd.nist.gov/vuln/detail/CVE-2014-9820) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9819](https://nvd.nist.gov/vuln/detail/CVE-2014-9819) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2024-25062](https://nvd.nist.gov/vuln/detail/CVE-2024-25062) | libxml2 | 7.5 | 2.11.5 | 2.12.6 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286300), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* |
-| [CVE-2024-24575](https://nvd.nist.gov/vuln/detail/CVE-2024-24575) | libgit2 | 7.5 | 1.7.1 | 1.7.2 | 1.8.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286911), [PR](https://github.com/NixOS/nixpkgs/pull/287829), [PR](https://github.com/NixOS/nixpkgs/pull/287841)]* |
-| [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/297657)]* |
-| [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/297657)]* |
-| [CVE-2023-52356](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2023-52355](https://nvd.nist.gov/vuln/detail/CVE-2023-52355) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) | unbound | 7.5 | 1.18.0 | 1.19.2 | 1.19.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288564), [PR](https://github.com/NixOS/nixpkgs/pull/288652), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288792)]* |
-| [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) | dnsmasq | 7.5 | 2.89 | 2.90 | 2.90 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288564), [PR](https://github.com/NixOS/nixpkgs/pull/288652), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288792)]* |
-| [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288564), [PR](https://github.com/NixOS/nixpkgs/pull/288652), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288792)]* |
-| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.22.1 | 1.22.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580), [PR](https://github.com/NixOS/nixpkgs/pull/301373)]* |
-| [CVE-2023-45237](https://nvd.nist.gov/vuln/detail/CVE-2023-45237) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45236](https://nvd.nist.gov/vuln/detail/CVE-2023-45236) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45233](https://nvd.nist.gov/vuln/detail/CVE-2023-45233) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45232](https://nvd.nist.gov/vuln/detail/CVE-2023-45232) | edk2 | 7.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248), [PR](https://github.com/NixOS/nixpkgs/pull/298640)]* |
-| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/300783)]* |
-| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
-| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
-| [CVE-2023-28450](https://nvd.nist.gov/vuln/detail/CVE-2023-28450) | dnsmasq | 7.5 | 2.89 | 2.90 | 2.90 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288666), [PR](https://github.com/NixOS/nixpkgs/pull/288796)]* |
-| [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* |
-| [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | glibc | 7.5 | 2.38-27-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | glibc | 7.5 | 2.38-27 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-5679](https://nvd.nist.gov/vuln/detail/CVE-2023-5679) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288662)]* |
-| [CVE-2023-5517](https://nvd.nist.gov/vuln/detail/CVE-2023-5517) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288662)]* |
-| [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27-source-u | | | |
-| [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27 | | | |
-| [CVE-2023-4408](https://nvd.nist.gov/vuln/detail/CVE-2023-4408) | bind | 7.5 | 9.18.19 | 9.18.25 | 9.18.25 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288662)]* |
-| [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/274726), [PR](https://github.com/NixOS/nixpkgs/pull/275599), [PR](https://github.com/NixOS/nixpkgs/pull/275878)]* |
-| [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782) | curl | 7.5 | 0.4.44 | | | |
-| [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781) | curl | 7.5 | 0.4.44 | | | |
-| [CVE-2018-13162](https://nvd.nist.gov/vuln/detail/CVE-2018-13162) | alex | 7.5 | 3.3.0.0 | 3.4.0.1 | 3.5.1.0 | |
-| [CVE-2016-10146](https://nvd.nist.gov/vuln/detail/CVE-2016-10146) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9854](https://nvd.nist.gov/vuln/detail/CVE-2014-9854) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9848](https://nvd.nist.gov/vuln/detail/CVE-2014-9848) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9804](https://nvd.nist.gov/vuln/detail/CVE-2014-9804) | imagemagick | 7.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2024-31082](https://nvd.nist.gov/vuln/detail/CVE-2024-31082) | xorg-server | 7.3 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-31081](https://nvd.nist.gov/vuln/detail/CVE-2024-31081) | xorg-server | 7.3 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-31080](https://nvd.nist.gov/vuln/detail/CVE-2024-31080) | xorg-server | 7.3 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2024-24806](https://nvd.nist.gov/vuln/detail/CVE-2024-24806) | libuv | 7.3 | 1.46.0 | 1.48.0 | 1.48.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/287226)]* |
-| [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* |
-| [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.3 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288044), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184), [PR](https://github.com/NixOS/nixpkgs/pull/300671)]* |
-| [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* |
-| [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | |
-| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* |
-| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.6 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* |
-| [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* |
-| [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* |
-| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.4 | 0.43.4 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". |
-| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.3 | 8.2.2 | 8.2.2 | |
-| [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2023-6129](https://nvd.nist.gov/vuln/detail/CVE-2023-6129) | openssl | 6.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* |
-| [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.38-27-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* |
-| [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.38-27 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* |
-| [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.3 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* |
-| [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* |
-| [CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* |
-| [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206) | curl | 6.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/179314), [PR](https://github.com/NixOS/nixpkgs/pull/180021)]* |
-| [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776) | curl | 6.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/170654), [PR](https://github.com/NixOS/nixpkgs/pull/170659)]* |
-| [CVE-2021-46312](https://nvd.nist.gov/vuln/detail/CVE-2021-46312) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | |
-| [CVE-2021-46310](https://nvd.nist.gov/vuln/detail/CVE-2021-46310) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | |
-| [CVE-2020-22628](https://nvd.nist.gov/vuln/detail/CVE-2020-22628) | libraw | 6.5 | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [CVE-2019-20503](https://nvd.nist.gov/vuln/detail/CVE-2019-20503) | usrsctp | 6.5 | 0.9.5.0 | 0.9.5.0 | 0.9.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82874), [PR](https://github.com/NixOS/nixpkgs/pull/82958)]* |
-| [CVE-2016-7538](https://nvd.nist.gov/vuln/detail/CVE-2016-7538) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7537](https://nvd.nist.gov/vuln/detail/CVE-2016-7537) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7536](https://nvd.nist.gov/vuln/detail/CVE-2016-7536) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7535](https://nvd.nist.gov/vuln/detail/CVE-2016-7535) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7534](https://nvd.nist.gov/vuln/detail/CVE-2016-7534) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7533](https://nvd.nist.gov/vuln/detail/CVE-2016-7533) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7532](https://nvd.nist.gov/vuln/detail/CVE-2016-7532) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7531](https://nvd.nist.gov/vuln/detail/CVE-2016-7531) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7530](https://nvd.nist.gov/vuln/detail/CVE-2016-7530) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7529](https://nvd.nist.gov/vuln/detail/CVE-2016-7529) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7528](https://nvd.nist.gov/vuln/detail/CVE-2016-7528) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7527](https://nvd.nist.gov/vuln/detail/CVE-2016-7527) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7526](https://nvd.nist.gov/vuln/detail/CVE-2016-7526) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7525](https://nvd.nist.gov/vuln/detail/CVE-2016-7525) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7524](https://nvd.nist.gov/vuln/detail/CVE-2016-7524) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7523](https://nvd.nist.gov/vuln/detail/CVE-2016-7523) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7522](https://nvd.nist.gov/vuln/detail/CVE-2016-7522) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7521](https://nvd.nist.gov/vuln/detail/CVE-2016-7521) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7520](https://nvd.nist.gov/vuln/detail/CVE-2016-7520) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7519](https://nvd.nist.gov/vuln/detail/CVE-2016-7519) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7518](https://nvd.nist.gov/vuln/detail/CVE-2016-7518) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7517](https://nvd.nist.gov/vuln/detail/CVE-2016-7517) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7516](https://nvd.nist.gov/vuln/detail/CVE-2016-7516) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7515](https://nvd.nist.gov/vuln/detail/CVE-2016-7515) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7514](https://nvd.nist.gov/vuln/detail/CVE-2016-7514) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2016-7513](https://nvd.nist.gov/vuln/detail/CVE-2016-7513) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2007-5967](https://nvd.nist.gov/vuln/detail/CVE-2007-5967) | firefox | 6.5 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-0953](https://nvd.nist.gov/vuln/detail/CVE-2024-0953) | firefox | 6.1 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
-| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
-| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2020-35669](https://nvd.nist.gov/vuln/detail/CVE-2020-35669) | http | 6.1 | 0.2.11 | 0.3-0 | 0.4 | |
-| [CVE-2024-1580](https://nvd.nist.gov/vuln/detail/CVE-2024-1580) | dav1d | 5.9 | 1.2.1 | 1.4.1 | 1.4.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288951), [PR](https://github.com/NixOS/nixpkgs/pull/290956)]* |
-| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276505), [PR](https://github.com/NixOS/nixpkgs/pull/294783), [PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295142)]* |
-| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276505), [PR](https://github.com/NixOS/nixpkgs/pull/294783), [PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295142)]* |
-| [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276505), [PR](https://github.com/NixOS/nixpkgs/pull/294783), [PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295142)]* |
-| [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* |
-| [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* |
-| [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* |
-| [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* |
-| [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) | openssl | 5.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* |
-| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/299945), [PR](https://github.com/NixOS/nixpkgs/pull/300310)]* |
-| [CVE-2024-0408](https://nvd.nist.gov/vuln/detail/CVE-2024-0408) | xorg-server | 5.5 | 21.1.9 | 21.1.12 | 21.1.12 | |
-| [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184), [PR](https://github.com/NixOS/nixpkgs/pull/300671)]* |
-| [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | |
-| [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | |
-| [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | |
-| [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
-| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-42363](https://nvd.nist.gov/vuln/detail/CVE-2023-42363) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* |
-| [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* |
-| [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599), [PR](https://github.com/NixOS/nixpkgs/pull/298069), [PR](https://github.com/NixOS/nixpkgs/pull/298573)]* |
-| [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.3 | 1.3.1 | 1.3.1 | |
-| [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | |
-| [CVE-2017-8806](https://nvd.nist.gov/vuln/detail/CVE-2017-8806) | postgresql | 5.5 | 15.5 | 16.2 | 16.2 | |
-| [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9816](https://nvd.nist.gov/vuln/detail/CVE-2014-9816) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9815](https://nvd.nist.gov/vuln/detail/CVE-2014-9815) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9814](https://nvd.nist.gov/vuln/detail/CVE-2014-9814) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9813](https://nvd.nist.gov/vuln/detail/CVE-2014-9813) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9812](https://nvd.nist.gov/vuln/detail/CVE-2014-9812) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9811](https://nvd.nist.gov/vuln/detail/CVE-2014-9811) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9810](https://nvd.nist.gov/vuln/detail/CVE-2014-9810) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9809](https://nvd.nist.gov/vuln/detail/CVE-2014-9809) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9808](https://nvd.nist.gov/vuln/detail/CVE-2014-9808) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9807](https://nvd.nist.gov/vuln/detail/CVE-2014-9807) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9806](https://nvd.nist.gov/vuln/detail/CVE-2014-9806) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.44.0 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* |
-| [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* |
-| [CVE-2024-28182](https://nvd.nist.gov/vuln/detail/CVE-2024-28182) | nghttp2 | 5.3 | 1.57.0 | 1.60.0 | 1.61.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301545), [PR](https://github.com/NixOS/nixpkgs/pull/302390)]* |
-| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* |
-| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580), [PR](https://github.com/NixOS/nixpkgs/pull/301373)]* |
-| [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.14 | 2.15 | 2.15 | |
-| [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* |
-| [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-6780](https://nvd.nist.gov/vuln/detail/CVE-2023-6780) | glibc | 5.3 | 2.38-27-source-u | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-6780](https://nvd.nist.gov/vuln/detail/CVE-2023-6780) | glibc | 5.3 | 2.38-27 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2023-5680](https://nvd.nist.gov/vuln/detail/CVE-2023-5680) | bind | 5.3 | 9.18.19 | 9.18.25 | 9.18.25 | |
-| [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* |
-| [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* |
-| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.22.1 | 1.22.2 | |
-| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
-| [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* |
-| [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 9.5.0 | 13.2.0 | 13.2.0 | |
-| [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | |
-| [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* |
-| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/301230), [PR](https://github.com/NixOS/nixpkgs/pull/301254)]* |
-| [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* |
-| [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* |
-| [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* |
-| [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | |
-| [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | |
-| [CVE-2024-31393](https://nvd.nist.gov/vuln/detail/CVE-2024-31393) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-31392](https://nvd.nist.gov/vuln/detail/CVE-2024-31392) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* |
-| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* |
-| [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.3 | 8.2.2 | 8.2.2 | |
-| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1554](https://nvd.nist.gov/vuln/detail/CVE-2024-1554) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1553](https://nvd.nist.gov/vuln/detail/CVE-2024-1553) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1552](https://nvd.nist.gov/vuln/detail/CVE-2024-1552) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1551](https://nvd.nist.gov/vuln/detail/CVE-2024-1551) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1550](https://nvd.nist.gov/vuln/detail/CVE-2024-1550) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1549](https://nvd.nist.gov/vuln/detail/CVE-2024-1549) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1548](https://nvd.nist.gov/vuln/detail/CVE-2024-1548) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1547](https://nvd.nist.gov/vuln/detail/CVE-2024-1547) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2024-1546](https://nvd.nist.gov/vuln/detail/CVE-2024-1546) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | |
-| [CVE-2023-5388](https://nvd.nist.gov/vuln/detail/CVE-2023-5388) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/289161), [PR](https://github.com/NixOS/nixpkgs/pull/289162)]* |
-| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.2 | 1.3.0 | 1.4.0 | |
-| [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [OSV-2023-889](https://osv.dev/OSV-2023-889) | file | | 5.45 | 5.45 | 5.45 | |
-| [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.2.2 | 1.3.0 | 1.4.0 | |
-| [OSV-2023-675](https://osv.dev/OSV-2023-675) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | |
-| [OSV-2023-505](https://osv.dev/OSV-2023-505) | file | | 5.45 | 5.45 | 5.45 | Unclear if this is still valid. |
-| [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.1.3 | 8.2.2 | 8.2.2 | Unclear if this is still valid. |
-| [OSV-2023-298](https://osv.dev/OSV-2023-298) | cairo | | 1.18.0 | 1.17.13 | 1.17.13 | |
-| [OSV-2023-197](https://osv.dev/OSV-2023-197) | p11-kit | | 0.25.0 | 0.25.3 | 0.25.3 | |
-| [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.70 | 5.72 | 5.73 | Unclear if this is still valid. |
-| [OSV-2022-896](https://osv.dev/OSV-2022-896) | libsass | | 3.6.5 | 3.6.6 | 3.6.6 | Unclear if this is still valid. |
-| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.70 | 5.72 | 5.73 | Unclear if this is still valid. |
-| [OSV-2022-819](https://osv.dev/OSV-2022-819) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | |
-| [OSV-2022-785](https://osv.dev/OSV-2022-785) | dnsmasq | | 2.89 | 2.90 | 2.90 | |
-| [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.9.1 | 0.10.2 | Unclear if this is still valid. |
-| [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.2 | 0.9.1 | 0.10.2 | Unclear if this is still valid. |
-| [OSV-2022-581](https://osv.dev/OSV-2022-581) | qemu | | 8.1.3 | 8.2.2 | 8.2.2 | Unclear if this is still valid. |
-| [OSV-2022-572](https://osv.dev/OSV-2022-572) | dnsmasq | | 2.89 | 2.90 | 2.90 | |
-| [OSV-2022-530](https://osv.dev/OSV-2022-530) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2022-519](https://osv.dev/OSV-2022-519) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2022-462](https://osv.dev/OSV-2022-462) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2022-312](https://osv.dev/OSV-2022-312) | dnsmasq | | 2.89 | 2.90 | 2.90 | |
-| [OSV-2022-193](https://osv.dev/OSV-2022-193) | w3m | | 0.5.3+git2023012 | 0.5.3+git2023012 | 0.5.3+git2023012 | Unclear if this is still valid. |
-| [RUSTSEC-2022-0034](https://osv.dev/RUSTSEC-2022-0034) | pkcs11 | | 35.3.1 | | | |
-| [OSV-2021-1157](https://osv.dev/OSV-2021-1157) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-1141](https://osv.dev/OSV-2021-1141) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-1110](https://osv.dev/OSV-2021-1110) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-1041](https://osv.dev/OSV-2021-1041) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-1024](https://osv.dev/OSV-2021-1024) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-802](https://osv.dev/OSV-2021-802) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-787](https://osv.dev/OSV-2021-787) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-765](https://osv.dev/OSV-2021-765) | espeak-ng | | 1.51.1 | 1.51.1 | 1.51.1 | Unclear if this is still valid. |
-| [OSV-2021-594](https://osv.dev/OSV-2021-594) | libheif | | 1.15.2 | 1.17.6 | 1.17.6 | |
-| [OSV-2021-508](https://osv.dev/OSV-2021-508) | libsass | | 3.6.5 | 3.6.6 | 3.6.6 | Unclear if this is still valid. |
-| [OSV-2020-2308](https://osv.dev/OSV-2020-2308) | libheif | | 1.15.2 | 1.17.6 | 1.17.6 | |
-| [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.2 | 3.2.4 | |
-| [OSV-2020-1420](https://osv.dev/OSV-2020-1420) | libsass | | 3.6.5 | 3.6.6 | 3.6.6 | |
-| [OSV-2020-862](https://osv.dev/OSV-2020-862) | libsass | | 3.6.5 | 3.6.6 | 3.6.6 | |
-| [OSV-2020-438](https://osv.dev/OSV-2020-438) | capstone | | 4.0.2 | 5.0.1 | 5.0.1 | |
-| [CVE-2014-6492](https://nvd.nist.gov/vuln/detail/CVE-2014-6492) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2012-4930](https://nvd.nist.gov/vuln/detail/CVE-2012-4930) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2012-4929](https://nvd.nist.gov/vuln/detail/CVE-2012-4929) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2011-3389](https://nvd.nist.gov/vuln/detail/CVE-2011-3389) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2011-0064](https://nvd.nist.gov/vuln/detail/CVE-2011-0064) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2009-4630](https://nvd.nist.gov/vuln/detail/CVE-2009-4630) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2009-4130](https://nvd.nist.gov/vuln/detail/CVE-2009-4130) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2009-4129](https://nvd.nist.gov/vuln/detail/CVE-2009-4129) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2009-4102](https://nvd.nist.gov/vuln/detail/CVE-2009-4102) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2009-2409](https://nvd.nist.gov/vuln/detail/CVE-2009-2409) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2009-1597](https://nvd.nist.gov/vuln/detail/CVE-2009-1597) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2007-6715](https://nvd.nist.gov/vuln/detail/CVE-2007-6715) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2007-4013](https://nvd.nist.gov/vuln/detail/CVE-2007-4013) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2007-3827](https://nvd.nist.gov/vuln/detail/CVE-2007-3827) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2007-3670](https://nvd.nist.gov/vuln/detail/CVE-2007-3670) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2007-2176](https://nvd.nist.gov/vuln/detail/CVE-2007-2176) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2007-1970](https://nvd.nist.gov/vuln/detail/CVE-2007-1970) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2007-1667](https://nvd.nist.gov/vuln/detail/CVE-2007-1667) | imagemagick | | 7.1.1-21 | 7.1.1-29 | 7.1.1.30 | |
-| [CVE-2007-0896](https://nvd.nist.gov/vuln/detail/CVE-2007-0896) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-| [CVE-2003-1492](https://nvd.nist.gov/vuln/detail/CVE-2003-1492) | firefox | | 120.0.1 | 124.0.2 | 124.0.2 | |
-
-
-
-## Whitelisted Vulnerabilities
-
-Following table lists vulnerabilities that would otherwise have been included to the report, but were left out due to whitelisting.
-
-
-Whitelisted vulnerabilities
-
-
-| vuln_id | package | severity | version_local | comment |
-|-----------------------------------------------------------------------|------------|------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [CVE-2023-41330](https://nvd.nist.gov/vuln/detail/CVE-2023-41330) | snappy | 9.8 | 1.1.10 | Incorrect package: Issue concerns snappy php library: [link](https://github.com/KnpLabs/snappy), whereas, nixpkgs "snappy" refers snappy compression library: [link](https://google.github.io/snappy/). Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2023-28115](https://nvd.nist.gov/vuln/detail/CVE-2023-28115) | snappy | 9.8 | 1.1.10 | Incorrect package: Issue concerns snappy php library: [link](https://github.com/KnpLabs/snappy), whereas, nixpkgs "snappy" refers snappy compression library: [link](https://google.github.io/snappy/). Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-28321](https://nvd.nist.gov/vuln/detail/CVE-2022-28321) | linux-pam | 9.8 | 1.5.2 | Only impacts SUSE-specific patch version. Notice: repology package name is pam: [link](https://repology.org/project/pam/versions). |
-| [CVE-2021-4336](https://nvd.nist.gov/vuln/detail/CVE-2021-4336) | ninja | 9.8 | 1.11.1 | Incorrect package: nixpkgs 'ninja' refers [link](https://github.com/ninja-build/ninja), not [link](https://github.com/ITRS-Group/monitor-ninja). |
-| [CVE-2018-7263](https://nvd.nist.gov/vuln/detail/CVE-2018-7263) | libmad | 9.8 | 0.15.1b | Based on [link](https://github.com/NixOS/nixpkgs/issues/57154), issue is fixed by [link](https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed). |
-| [CVE-2016-10141](https://nvd.nist.gov/vuln/detail/CVE-2016-10141) | mujs | 9.8 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-10141](https://nvd.nist.gov/vuln/detail/CVE-2016-10141) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-10133](https://nvd.nist.gov/vuln/detail/CVE-2016-10133) | mujs | 9.8 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-10133](https://nvd.nist.gov/vuln/detail/CVE-2016-10133) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7504](https://nvd.nist.gov/vuln/detail/CVE-2016-7504) | mujs | 9.8 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7504](https://nvd.nist.gov/vuln/detail/CVE-2016-7504) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.44.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.5.6 | Latest impacted version in 3.x is 3.0.4. |
-| [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.4.22 | Latest impacted version in 3.x is 3.0.4. |
-| [CVE-2022-26592](https://nvd.nist.gov/vuln/detail/CVE-2022-26592) | libsass | 8.8 | 3.6.5 | Pending upstream fix: [link](https://github.com/sass/libsass/issues/3174). |
-| [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2018-6553](https://nvd.nist.gov/vuln/detail/CVE-2018-6553) | cups | 8.8 | 2.4.7 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5436](https://nvd.nist.gov/vuln/detail/CVE-2017-5436) | graphite2 | 8.8 | 1.3.14 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-48434](https://nvd.nist.gov/vuln/detail/CVE-2022-48434) | ffmpeg | 8.1 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 [link](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db). |
-| [CVE-2019-14586](https://nvd.nist.gov/vuln/detail/CVE-2019-14586) | edk2 | 8.0 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14586](https://nvd.nist.gov/vuln/detail/CVE-2019-14586) | edk2 | 8.0 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14586](https://nvd.nist.gov/vuln/detail/CVE-2019-14586) | edk2 | 8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2021-30499](https://nvd.nist.gov/vuln/detail/CVE-2021-30499) | libcaca | 7.8 | 0.99.beta20 | NVD data issue: CPE entry does not correctly state the version numbers. Issue is fixed in v0.99.beta20: [link](https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20). |
-| [CVE-2021-26720](https://nvd.nist.gov/vuln/detail/CVE-2021-26720) | avahi | 7.8 | 0.8 | False positive: issue refers avahi-daemon-check-dns.sh in the Debian avahi package. As such, the issue is specific to Debian and its derivatives. |
-| [CVE-2019-14575](https://nvd.nist.gov/vuln/detail/CVE-2019-14575) | edk2 | 7.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14575](https://nvd.nist.gov/vuln/detail/CVE-2019-14575) | edk2 | 7.8 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14563](https://nvd.nist.gov/vuln/detail/CVE-2019-14563) | edk2 | 7.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14563](https://nvd.nist.gov/vuln/detail/CVE-2019-14563) | edk2 | 7.8 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5628](https://nvd.nist.gov/vuln/detail/CVE-2017-5628) | mujs | 7.8 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5628](https://nvd.nist.gov/vuln/detail/CVE-2017-5628) | mujs | 7.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5627](https://nvd.nist.gov/vuln/detail/CVE-2017-5627) | mujs | 7.8 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5627](https://nvd.nist.gov/vuln/detail/CVE-2017-5627) | mujs | 7.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-2226](https://nvd.nist.gov/vuln/detail/CVE-2016-2226) | libiberty | 7.8 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-2226](https://nvd.nist.gov/vuln/detail/CVE-2016-2226) | libiberty | 7.8 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-42969](https://nvd.nist.gov/vuln/detail/CVE-2022-42969) | py | 7.5 | 1.11.0 | Disputed upstream: [link](https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565). |
-| [CVE-2022-36883](https://nvd.nist.gov/vuln/detail/CVE-2022-36883) | git | 7.5 | 2.44.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-36883](https://nvd.nist.gov/vuln/detail/CVE-2022-36883) | git | 7.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-30947](https://nvd.nist.gov/vuln/detail/CVE-2022-30947) | git | 7.5 | 2.44.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-30947](https://nvd.nist.gov/vuln/detail/CVE-2022-30947) | git | 7.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-3109](https://nvd.nist.gov/vuln/detail/CVE-2022-3109) | ffmpeg | 7.5 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2). |
-| [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.7874 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). |
-| [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.7531 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). |
-| [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.25 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). |
-| [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.24 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). |
-| [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.19 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). |
-| [CVE-2016-10132](https://nvd.nist.gov/vuln/detail/CVE-2016-10132) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-10132](https://nvd.nist.gov/vuln/detail/CVE-2016-10132) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9294](https://nvd.nist.gov/vuln/detail/CVE-2016-9294) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9294](https://nvd.nist.gov/vuln/detail/CVE-2016-9294) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9136](https://nvd.nist.gov/vuln/detail/CVE-2016-9136) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9136](https://nvd.nist.gov/vuln/detail/CVE-2016-9136) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9109](https://nvd.nist.gov/vuln/detail/CVE-2016-9109) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9109](https://nvd.nist.gov/vuln/detail/CVE-2016-9109) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9108](https://nvd.nist.gov/vuln/detail/CVE-2016-9108) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9108](https://nvd.nist.gov/vuln/detail/CVE-2016-9108) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9017](https://nvd.nist.gov/vuln/detail/CVE-2016-9017) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9017](https://nvd.nist.gov/vuln/detail/CVE-2016-9017) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7564](https://nvd.nist.gov/vuln/detail/CVE-2016-7564) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7564](https://nvd.nist.gov/vuln/detail/CVE-2016-7564) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7563](https://nvd.nist.gov/vuln/detail/CVE-2016-7563) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7563](https://nvd.nist.gov/vuln/detail/CVE-2016-7563) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7506](https://nvd.nist.gov/vuln/detail/CVE-2016-7506) | mujs | 7.5 | 1.3.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7506](https://nvd.nist.gov/vuln/detail/CVE-2016-7506) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-6131](https://nvd.nist.gov/vuln/detail/CVE-2016-6131) | libiberty | 7.5 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-6131](https://nvd.nist.gov/vuln/detail/CVE-2016-6131) | libiberty | 7.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-12749](https://nvd.nist.gov/vuln/detail/CVE-2019-12749) | dbus | 7.1 | 1 | Fixed with [link](https://github.com/NixOS/nixpkgs/pull/63021) (dbus version '1' in nixpkgs currently refers 1.14.8). |
-| [CVE-2014-4860](https://nvd.nist.gov/vuln/detail/CVE-2014-4860) | edk2 | 6.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2014-4860](https://nvd.nist.gov/vuln/detail/CVE-2014-4860) | edk2 | 6.8 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2014-4859](https://nvd.nist.gov/vuln/detail/CVE-2014-4859) | edk2 | 6.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2014-4859](https://nvd.nist.gov/vuln/detail/CVE-2014-4859) | edk2 | 6.8 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-26691](https://nvd.nist.gov/vuln/detail/CVE-2022-26691) | cups | 6.7 | 2.4.7 | Fixed in nixpkgs with PR: [link](https://github.com/NixOS/nixpkgs/pull/174898). |
-| [CVE-2023-3603](https://nvd.nist.gov/vuln/detail/CVE-2023-3603) | libssh | 6.5 | 0.10.6 | Based on [link](https://security-tracker.debian.org/tracker/CVE-2023-3603) and [link](https://bugzilla.redhat.com/show_bug.cgi?id=2221791), vulnerable code is not present in 0.10.5 or any currently released version. |
-| [CVE-2023-3603](https://nvd.nist.gov/vuln/detail/CVE-2023-3603) | libssh | 6.5 | 0.10.5 | Based on [link](https://security-tracker.debian.org/tracker/CVE-2023-3603) and [link](https://bugzilla.redhat.com/show_bug.cgi?id=2221791), vulnerable code is not present in 0.10.5 or any currently released version. |
-| [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.44.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-37416](https://nvd.nist.gov/vuln/detail/CVE-2022-37416) | libmpeg2 | 6.5 | 0.5.1 | NVD data issue: concerns Android only. |
-| [CVE-2022-0856](https://nvd.nist.gov/vuln/detail/CVE-2022-0856) | libcaca | 6.5 | 0.99.beta20 | Crash in CLI tool, no security impact. |
-| [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.72 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). |
-| [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.70 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). |
-| [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 3.16.2 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 2.9.9-closefrom- | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 2.9.9 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 3.16.2 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 2.9.9-closefrom- | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 2.9.9 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14587](https://nvd.nist.gov/vuln/detail/CVE-2019-14587) | edk2 | 6.5 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14587](https://nvd.nist.gov/vuln/detail/CVE-2019-14587) | edk2 | 6.5 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.2.2 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.1.5 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.1.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.7874 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). |
-| [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.7531 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). |
-| [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.44.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2023-31974](https://nvd.nist.gov/vuln/detail/CVE-2023-31974) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2023-31973](https://nvd.nist.gov/vuln/detail/CVE-2023-31973) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2023-31972](https://nvd.nist.gov/vuln/detail/CVE-2023-31972) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2023-30402](https://nvd.nist.gov/vuln/detail/CVE-2023-30402) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2021-33468](https://nvd.nist.gov/vuln/detail/CVE-2021-33468) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33467](https://nvd.nist.gov/vuln/detail/CVE-2021-33467) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33466](https://nvd.nist.gov/vuln/detail/CVE-2021-33466) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33465](https://nvd.nist.gov/vuln/detail/CVE-2021-33465) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33464](https://nvd.nist.gov/vuln/detail/CVE-2021-33464) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33463](https://nvd.nist.gov/vuln/detail/CVE-2021-33463) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33462](https://nvd.nist.gov/vuln/detail/CVE-2021-33462) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33461](https://nvd.nist.gov/vuln/detail/CVE-2021-33461) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33460](https://nvd.nist.gov/vuln/detail/CVE-2021-33460) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33459](https://nvd.nist.gov/vuln/detail/CVE-2021-33459) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33458](https://nvd.nist.gov/vuln/detail/CVE-2021-33458) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33457](https://nvd.nist.gov/vuln/detail/CVE-2021-33457) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33456](https://nvd.nist.gov/vuln/detail/CVE-2021-33456) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33455](https://nvd.nist.gov/vuln/detail/CVE-2021-33455) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33454](https://nvd.nist.gov/vuln/detail/CVE-2021-33454) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.8 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. |
-| [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.10 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. |
-| [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. |
-| [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. |
-| [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. |
-| [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. |
-| [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.2.2 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. |
-| [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.1.5 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. |
-| [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.1.3 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. |
-| [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2019-20633](https://nvd.nist.gov/vuln/detail/CVE-2019-20633) | patch | 5.5 | 2.7.6 | Upstream patch is not merged: [link](https://savannah.gnu.org/bugs/index.php?56683). Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream. |
-| [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-6293](https://nvd.nist.gov/vuln/detail/CVE-2019-6293) | flex | 5.5 | 2.6.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.2.2 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.1.5 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.1.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4493](https://nvd.nist.gov/vuln/detail/CVE-2016-4493) | libiberty | 5.5 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4493](https://nvd.nist.gov/vuln/detail/CVE-2016-4493) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4491](https://nvd.nist.gov/vuln/detail/CVE-2016-4491) | libiberty | 5.5 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4491](https://nvd.nist.gov/vuln/detail/CVE-2016-4491) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4490](https://nvd.nist.gov/vuln/detail/CVE-2016-4490) | libiberty | 5.5 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4490](https://nvd.nist.gov/vuln/detail/CVE-2016-4490) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4489](https://nvd.nist.gov/vuln/detail/CVE-2016-4489) | libiberty | 5.5 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4489](https://nvd.nist.gov/vuln/detail/CVE-2016-4489) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4488](https://nvd.nist.gov/vuln/detail/CVE-2016-4488) | libiberty | 5.5 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4488](https://nvd.nist.gov/vuln/detail/CVE-2016-4488) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4487](https://nvd.nist.gov/vuln/detail/CVE-2016-4487) | libiberty | 5.5 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4487](https://nvd.nist.gov/vuln/detail/CVE-2016-4487) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2015-7313](https://nvd.nist.gov/vuln/detail/CVE-2015-7313) | libtiff | 5.5 | 4.6.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-36884](https://nvd.nist.gov/vuln/detail/CVE-2022-36884) | git | 5.3 | 2.44.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-36884](https://nvd.nist.gov/vuln/detail/CVE-2022-36884) | git | 5.3 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-3341](https://nvd.nist.gov/vuln/detail/CVE-2022-3341) | ffmpeg | 5.3 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/c513bd48039a718dabf6d7a829efb6732693c04b). |
-| [CVE-2020-16194](https://nvd.nist.gov/vuln/detail/CVE-2020-16194) | quote | 5.3 | 1.0.35 | Incorrect package: Issue concerns prestashop product: [link](https://prestashop.com/), whereas, nixpkgs "quote" refers rust package 'quote': [link](https://docs.rs/quote/latest/quote/). |
-| [CVE-2020-16194](https://nvd.nist.gov/vuln/detail/CVE-2020-16194) | quote | 5.3 | 1.0.33 | Incorrect package: Issue concerns prestashop product: [link](https://prestashop.com/), whereas, nixpkgs "quote" refers rust package 'quote': [link](https://docs.rs/quote/latest/quote/). |
-| [CVE-2019-14553](https://nvd.nist.gov/vuln/detail/CVE-2019-14553) | edk2 | 4.9 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14553](https://nvd.nist.gov/vuln/detail/CVE-2019-14553) | edk2 | 4.9 | 202311 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4492](https://nvd.nist.gov/vuln/detail/CVE-2016-4492) | libiberty | 4.4 | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4492](https://nvd.nist.gov/vuln/detail/CVE-2016-4492) | libiberty | 4.4 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-1003010](https://nvd.nist.gov/vuln/detail/CVE-2019-1003010) | git | 4.3 | 2.44.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2019-1003010](https://nvd.nist.gov/vuln/detail/CVE-2019-1003010) | git | 4.3 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2023-31975](https://nvd.nist.gov/vuln/detail/CVE-2023-31975) | yasm | 3.3 | 1.3.0 | Memory leak in CLI tool, no security impact. |
-| [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.5 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). |
-| [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.4 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). |
-| [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.1 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). |
-| [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217) | unzip | 3.3 | 6.0 | Ignored by other distribution as 'no security impact', e.g. Debian: [link](https://security-tracker.debian.org/tracker/CVE-2021-4217). |
-| [GHSA-6898-wx94-8jq8](https://osv.dev/GHSA-6898-wx94-8jq8) | libnotify | | 0.8.3 | Incorrect package: Issue refers node-libnotify [link](https://github.com/mytrile/node-libnotify), whereas nixpkgs refers gnome-libnotify [link](https://gitlab.gnome.org/GNOME/libnotify). |
-| [OSV-2023-137](https://osv.dev/OSV-2023-137) | harfbuzz | | 8.3.0 | Based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2), the issue is fixed in range [link](https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc) all of which have been merged in 7.1.0. |
-| [OSV-2023-137](https://osv.dev/OSV-2023-137) | harfbuzz | | 7.3.0 | Based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2), the issue is fixed in range [link](https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc) all of which have been merged in 7.1.0. |
-| [PYSEC-2022-42969](https://osv.dev/PYSEC-2022-42969) | py | | 1.11.0 | Same as CVE-2022-42969. |
-| [MAL-2022-4301](https://osv.dev/MAL-2022-4301) | libidn2 | | 2.3.7 | Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 [link](https://gitlab.com/libidn/libidn2). |
-| [MAL-2022-4301](https://osv.dev/MAL-2022-4301) | libidn2 | | 2.3.4 | Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 [link](https://gitlab.com/libidn/libidn2). |
-| [OSV-2022-416](https://osv.dev/OSV-2022-416) | openjpeg | | 2.5.0 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47500#c2). |
-| [OSV-2022-183](https://osv.dev/OSV-2022-183) | binutils | | 2.40 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44864#c2). |
-| [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.2.2 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). |
-| [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.1.5 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). |
-| [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.1.3 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). |
-| [OSV-2021-777](https://osv.dev/OSV-2021-777) | libxml2 | | 2.12.6 | Fixed by [link](https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325), which went to 2.9.13. Therefore, this issue is fixed in 2.10.4. |
-| [OSV-2021-777](https://osv.dev/OSV-2021-777) | libxml2 | | 2.11.7 | Fixed by [link](https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325), which went to 2.9.13. Therefore, this issue is fixed in 2.10.4. |
-| [OSV-2021-777](https://osv.dev/OSV-2021-777) | libxml2 | | 2.11.5 | Fixed by [link](https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325), which went to 2.9.13. Therefore, this issue is fixed in 2.10.4. |
-| [CVE-2014-9157](https://nvd.nist.gov/vuln/detail/CVE-2014-9157) | graphviz | | 9.0.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2014-9157](https://nvd.nist.gov/vuln/detail/CVE-2014-9157) | graphviz | | 10.0.1 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2012-3509](https://nvd.nist.gov/vuln/detail/CVE-2012-3509) | libiberty | | 13.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2012-3509](https://nvd.nist.gov/vuln/detail/CVE-2012-3509) | libiberty | | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2010-4226](https://nvd.nist.gov/vuln/detail/CVE-2010-4226) | cpio | | 2.15 | NVD data issue: concerns OpenSuSE, not cpio. |
-| [CVE-2010-4226](https://nvd.nist.gov/vuln/detail/CVE-2010-4226) | cpio | | 2.14 | NVD data issue: concerns OpenSuSE, not cpio. |
-
-
diff --git a/reports/main/README.md b/reports/main/README.md
index 63edbfa..84f8370 100644
--- a/reports/main/README.md
+++ b/reports/main/README.md
@@ -9,6 +9,5 @@ SPDX-License-Identifier: CC-BY-SA-4.0
See the following links for detailled Ghaf vulnerability reports:
* [Vulnerability Report: 'packages.x86_64-linux.lenovo-x1-carbon-gen11-release'](packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md)
-* [Vulnerability Report: 'packages.riscv64-linux.microchip-icicle-kit-release'](packages.riscv64-linux.microchip-icicle-kit-release.md)
* [Vulnerability Report: 'packages.aarch64-linux.nvidia-jetson-orin-nx-release'](packages.aarch64-linux.nvidia-jetson-orin-nx-release.md)
diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md
deleted file mode 100644
index bd79862..0000000
--- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md
+++ /dev/null
@@ -1,262 +0,0 @@
-
-
-# Vulnerability Report
-
-This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/ae77a616548a566b60452fa55e4dfb693d098e11. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target.
-
-This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file.
-
-See section [Theory of Operation](https://github.com/tiiuae/ghafscan#theory-of-operation) in the [ghafscan README.md](https://github.com/tiiuae/ghafscan/blob/main/README.md) for details of how the data on this report is generated.
-
-Reports
-=================
-
-* [Vulnerabilities Fixed in Ghaf nixpkgs Upstream](#vulnerabilities-fixed-in-ghaf-nixpkgs-upstream)
-* [Vulnerabilities Fixed in nix-unstable](#vulnerabilities-fixed-in-nix-unstable)
-* [New Vulnerabilities Since Last Run](#new-vulnerabilities-since-last-run)
-* [All Vulnerabilities Impacting Ghaf](#all-vulnerabilities-impacting-ghaf)
-* [Whitelisted Vulnerabilities](#whitelisted-vulnerabilities)
-
-## Vulnerabilities Fixed in Ghaf nixpkgs Upstream
-
-Following table lists vulnerabilities that have been fixed in the nixpkgs channel the Ghaf target is currently pinned to, but the fixes have not been included in Ghaf.
-
-Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/flake.lock) file to mitigate the following issues:
-
-```No vulnerabilities```
-
-## Vulnerabilities Fixed in nix-unstable
-
-Following table lists vulnerabilities that have been fixed in nixpkgs nix-unstable channel, but the fixes have not been backported to the channel the Ghaf target is currently pinned to.
-
-Following issues potentially require backporting the fix from nixpkgs-unstable to the correct nixpkgs release branch.
-
-Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community backport the fix to the correct nixpkgs branch:
-
-```Error evaluating 'packages.riscv64-linux.microchip-icicle-kit-release' on nix_unstable```
-For more details, see: https://github.com/tiiuae/ghafscan/actions
-
-
-## New Vulnerabilities Since Last Run
-
-Following table lists vulnerabilities currently impacting the Ghaf target that have emerged since the last time this vulnerability report was generated.
-
-Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:
-
-```No vulnerabilities```
-
-
-## All Vulnerabilities Impacting Ghaf
-
-Following table lists all vulnerabilities currently impacting the Ghaf target.
-
-Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:
-
-
-| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
-|-------------------------------------------------------------------|------------|------------|------------------|------------------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3.1 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* |
-| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0-r1.cabal | 0.10.0 | 0.10.0 | |
-| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0 | 0.10.0 | 0.10.0 | |
-| [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 2.5.8 | 3.2.2 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288214), [PR](https://github.com/NixOS/nixpkgs/pull/289291), [PR](https://github.com/NixOS/nixpkgs/pull/291549), [PR](https://github.com/NixOS/nixpkgs/pull/300526)]* |
-| [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.1.5 | 8.2.2 | 8.2.2 | |
-| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* |
-| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587), [PR](https://github.com/NixOS/nixpkgs/pull/285588)]* |
-| [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | glibc | 7.8 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/258972), [PR](https://github.com/NixOS/nixpkgs/pull/258975), [PR](https://github.com/NixOS/nixpkgs/pull/259039)]* |
-| [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.1.5 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). |
-| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | |
-| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | |
-| [CVE-2023-52356](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2023-52355](https://nvd.nist.gov/vuln/detail/CVE-2023-52355) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | glibc | 7.5 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-44 | | | |
-| [CVE-2018-13162](https://nvd.nist.gov/vuln/detail/CVE-2018-13162) | alex | 7.5 | 3.3.0.0 | 3.4.0.1 | 3.5.1.0 | |
-| [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* |
-| [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* |
-| [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.4 | 0.43.4 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". |
-| [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.5 | 8.2.2 | 8.2.2 | |
-| [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* |
-| [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.5 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* |
-| [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* |
-| [CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* |
-| [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* |
-| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/299945), [PR](https://github.com/NixOS/nixpkgs/pull/300310)]* |
-| [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | |
-| [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-42363](https://nvd.nist.gov/vuln/detail/CVE-2023-42363) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | |
-| [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* |
-| [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* |
-| [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.3 | 1.3.1 | 1.3.1 | |
-| [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
-| [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.44.0 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* |
-| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.3 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* |
-| [CVE-2024-28182](https://nvd.nist.gov/vuln/detail/CVE-2024-28182) | nghttp2 | 5.3 | 1.57.0 | 1.60.0 | 1.61.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/301545), [PR](https://github.com/NixOS/nixpkgs/pull/302390)]* |
-| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* |
-| [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.14 | 2.15 | 2.15 | |
-| [CVE-2023-6780](https://nvd.nist.gov/vuln/detail/CVE-2023-6780) | glibc | 5.3 | 2.38-44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
-| [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* |
-| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.3 | 3.8.4 | 3.8.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* |
-| [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | |
-| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
-| [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | |
-| [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | |
-| [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | |
-| [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | |
-| [OSV-2023-1344](https://osv.dev/OSV-2023-1344) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | |
-| [OSV-2023-1329](https://osv.dev/OSV-2023-1329) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | |
-| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.2 | 1.3.0 | 1.4.0 | |
-| [OSV-2023-889](https://osv.dev/OSV-2023-889) | file | | 5.45 | 5.45 | 5.45 | |
-| [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.2.2 | 1.3.0 | 1.4.0 | |
-| [OSV-2023-675](https://osv.dev/OSV-2023-675) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | |
-| [OSV-2023-505](https://osv.dev/OSV-2023-505) | file | | 5.45 | 5.45 | 5.45 | Unclear if this is still valid. |
-| [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | Unclear if this is still valid. |
-| [OSV-2023-298](https://osv.dev/OSV-2023-298) | cairo | | 1.18.0 | 1.17.13 | 1.17.13 | |
-| [OSV-2023-197](https://osv.dev/OSV-2023-197) | p11-kit | | 0.25.0 | 0.25.3 | 0.25.3 | |
-| [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.9.1 | 0.10.2 | Unclear if this is still valid. |
-| [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.2 | 0.9.1 | 0.10.2 | Unclear if this is still valid. |
-| [OSV-2022-581](https://osv.dev/OSV-2022-581) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | Unclear if this is still valid. |
-| [OSV-2022-193](https://osv.dev/OSV-2022-193) | w3m | | 0.5.3+git2023012 | 0.5.3+git2023012 | 0.5.3+git2023012 | Unclear if this is still valid. |
-| [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.2 | 3.2.4 | |
-| [OSV-2020-438](https://osv.dev/OSV-2020-438) | capstone | | 4.0.2 | 5.0.1 | 5.0.1 | |
-
-
-
-## Whitelisted Vulnerabilities
-
-Following table lists vulnerabilities that would otherwise have been included to the report, but were left out due to whitelisting.
-
-
-Whitelisted vulnerabilities
-
-
-| vuln_id | package | severity | version_local | comment |
-|-----------------------------------------------------------------------|------------|------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [CVE-2023-41330](https://nvd.nist.gov/vuln/detail/CVE-2023-41330) | snappy | 9.8 | 1.1.10 | Incorrect package: Issue concerns snappy php library: [link](https://github.com/KnpLabs/snappy), whereas, nixpkgs "snappy" refers snappy compression library: [link](https://google.github.io/snappy/). Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2023-28115](https://nvd.nist.gov/vuln/detail/CVE-2023-28115) | snappy | 9.8 | 1.1.10 | Incorrect package: Issue concerns snappy php library: [link](https://github.com/KnpLabs/snappy), whereas, nixpkgs "snappy" refers snappy compression library: [link](https://google.github.io/snappy/). Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-28321](https://nvd.nist.gov/vuln/detail/CVE-2022-28321) | linux-pam | 9.8 | 1.5.2 | Only impacts SUSE-specific patch version. Notice: repology package name is pam: [link](https://repology.org/project/pam/versions). |
-| [CVE-2021-4336](https://nvd.nist.gov/vuln/detail/CVE-2021-4336) | ninja | 9.8 | 1.11.1 | Incorrect package: nixpkgs 'ninja' refers [link](https://github.com/ninja-build/ninja), not [link](https://github.com/ITRS-Group/monitor-ninja). |
-| [CVE-2018-7263](https://nvd.nist.gov/vuln/detail/CVE-2018-7263) | libmad | 9.8 | 0.15.1b | Based on [link](https://github.com/NixOS/nixpkgs/issues/57154), issue is fixed by [link](https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed). |
-| [CVE-2016-10141](https://nvd.nist.gov/vuln/detail/CVE-2016-10141) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-10133](https://nvd.nist.gov/vuln/detail/CVE-2016-10133) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7504](https://nvd.nist.gov/vuln/detail/CVE-2016-7504) | mujs | 9.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.4.22 | Latest impacted version in 3.x is 3.0.4. |
-| [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2018-6553](https://nvd.nist.gov/vuln/detail/CVE-2018-6553) | cups | 8.8 | 2.4.7 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5436](https://nvd.nist.gov/vuln/detail/CVE-2017-5436) | graphite2 | 8.8 | 1.3.14 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-48434](https://nvd.nist.gov/vuln/detail/CVE-2022-48434) | ffmpeg | 8.1 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 [link](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db). |
-| [CVE-2019-14586](https://nvd.nist.gov/vuln/detail/CVE-2019-14586) | edk2 | 8.0 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14586](https://nvd.nist.gov/vuln/detail/CVE-2019-14586) | edk2 | 8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2021-30499](https://nvd.nist.gov/vuln/detail/CVE-2021-30499) | libcaca | 7.8 | 0.99.beta20 | NVD data issue: CPE entry does not correctly state the version numbers. Issue is fixed in v0.99.beta20: [link](https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20). |
-| [CVE-2021-26720](https://nvd.nist.gov/vuln/detail/CVE-2021-26720) | avahi | 7.8 | 0.8 | False positive: issue refers avahi-daemon-check-dns.sh in the Debian avahi package. As such, the issue is specific to Debian and its derivatives. |
-| [CVE-2019-14575](https://nvd.nist.gov/vuln/detail/CVE-2019-14575) | edk2 | 7.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-14563](https://nvd.nist.gov/vuln/detail/CVE-2019-14563) | edk2 | 7.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5628](https://nvd.nist.gov/vuln/detail/CVE-2017-5628) | mujs | 7.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2017-5627](https://nvd.nist.gov/vuln/detail/CVE-2017-5627) | mujs | 7.8 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-2226](https://nvd.nist.gov/vuln/detail/CVE-2016-2226) | libiberty | 7.8 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-42969](https://nvd.nist.gov/vuln/detail/CVE-2022-42969) | py | 7.5 | 1.11.0 | Disputed upstream: [link](https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565). |
-| [CVE-2022-36883](https://nvd.nist.gov/vuln/detail/CVE-2022-36883) | git | 7.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-30947](https://nvd.nist.gov/vuln/detail/CVE-2022-30947) | git | 7.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-3109](https://nvd.nist.gov/vuln/detail/CVE-2022-3109) | ffmpeg | 7.5 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2). |
-| [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.7531 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). |
-| [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.24 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). |
-| [CVE-2016-10132](https://nvd.nist.gov/vuln/detail/CVE-2016-10132) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9294](https://nvd.nist.gov/vuln/detail/CVE-2016-9294) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9136](https://nvd.nist.gov/vuln/detail/CVE-2016-9136) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9109](https://nvd.nist.gov/vuln/detail/CVE-2016-9109) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9108](https://nvd.nist.gov/vuln/detail/CVE-2016-9108) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-9017](https://nvd.nist.gov/vuln/detail/CVE-2016-9017) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7564](https://nvd.nist.gov/vuln/detail/CVE-2016-7564) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7563](https://nvd.nist.gov/vuln/detail/CVE-2016-7563) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-7506](https://nvd.nist.gov/vuln/detail/CVE-2016-7506) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-6131](https://nvd.nist.gov/vuln/detail/CVE-2016-6131) | libiberty | 7.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-12749](https://nvd.nist.gov/vuln/detail/CVE-2019-12749) | dbus | 7.1 | 1 | Fixed with [link](https://github.com/NixOS/nixpkgs/pull/63021) (dbus version '1' in nixpkgs currently refers 1.14.8). |
-| [CVE-2014-4860](https://nvd.nist.gov/vuln/detail/CVE-2014-4860) | edk2 | 6.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2014-4859](https://nvd.nist.gov/vuln/detail/CVE-2014-4859) | edk2 | 6.8 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-26691](https://nvd.nist.gov/vuln/detail/CVE-2022-26691) | cups | 6.7 | 2.4.7 | Fixed in nixpkgs with PR: [link](https://github.com/NixOS/nixpkgs/pull/174898). |
-| [CVE-2023-3603](https://nvd.nist.gov/vuln/detail/CVE-2023-3603) | libssh | 6.5 | 0.10.6 | Based on [link](https://security-tracker.debian.org/tracker/CVE-2023-3603) and [link](https://bugzilla.redhat.com/show_bug.cgi?id=2221791), vulnerable code is not present in 0.10.5 or any currently released version. |
-| [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-37416](https://nvd.nist.gov/vuln/detail/CVE-2022-37416) | libmpeg2 | 6.5 | 0.5.1 | NVD data issue: concerns Android only. |
-| [CVE-2022-0856](https://nvd.nist.gov/vuln/detail/CVE-2022-0856) | libcaca | 6.5 | 0.99.beta20 | Crash in CLI tool, no security impact. |
-| [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.70 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). |
-| [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 3.16.2 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 2.9.9-closefrom- | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900) | fuse | 6.5 | 2.9.9 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 3.16.2 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 2.9.9-closefrom- | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 2.9.9 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. |
-| [CVE-2019-14587](https://nvd.nist.gov/vuln/detail/CVE-2019-14587) | edk2 | 6.5 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.1.5 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.3 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.7531 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). |
-| [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2023-31974](https://nvd.nist.gov/vuln/detail/CVE-2023-31974) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2023-31973](https://nvd.nist.gov/vuln/detail/CVE-2023-31973) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2023-31972](https://nvd.nist.gov/vuln/detail/CVE-2023-31972) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2023-30402](https://nvd.nist.gov/vuln/detail/CVE-2023-30402) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. |
-| [CVE-2021-33468](https://nvd.nist.gov/vuln/detail/CVE-2021-33468) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33467](https://nvd.nist.gov/vuln/detail/CVE-2021-33467) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33466](https://nvd.nist.gov/vuln/detail/CVE-2021-33466) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33465](https://nvd.nist.gov/vuln/detail/CVE-2021-33465) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33464](https://nvd.nist.gov/vuln/detail/CVE-2021-33464) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33463](https://nvd.nist.gov/vuln/detail/CVE-2021-33463) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33462](https://nvd.nist.gov/vuln/detail/CVE-2021-33462) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33461](https://nvd.nist.gov/vuln/detail/CVE-2021-33461) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33460](https://nvd.nist.gov/vuln/detail/CVE-2021-33460) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33459](https://nvd.nist.gov/vuln/detail/CVE-2021-33459) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33458](https://nvd.nist.gov/vuln/detail/CVE-2021-33458) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33457](https://nvd.nist.gov/vuln/detail/CVE-2021-33457) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33456](https://nvd.nist.gov/vuln/detail/CVE-2021-33456) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33455](https://nvd.nist.gov/vuln/detail/CVE-2021-33455) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-33454](https://nvd.nist.gov/vuln/detail/CVE-2021-33454) | yasm | 5.5 | 1.3.0 | Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'. |
-| [CVE-2021-26945](https://nvd.nist.gov/vuln/detail/CVE-2021-26945) | openexr | 5.5 | 2.5.8 | Fix patch [link](https://github.com/AcademySoftwareFoundation/openexr/pull/930/commits/b73ec53bd24ba116d7bf48ebdc868301c596706e) modifies a file that is not available in openexr 2. Thus, the fix doesn't apply to 2.5.8. |
-| [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. |
-| [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. |
-| [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.1.5 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. |
-| [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. |
-| [CVE-2019-20633](https://nvd.nist.gov/vuln/detail/CVE-2019-20633) | patch | 5.5 | 2.7.6 | Upstream patch is not merged: [link](https://savannah.gnu.org/bugs/index.php?56683). Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream. |
-| [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-6293](https://nvd.nist.gov/vuln/detail/CVE-2019-6293) | flex | 5.5 | 2.6.4 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.1.5 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4493](https://nvd.nist.gov/vuln/detail/CVE-2016-4493) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4491](https://nvd.nist.gov/vuln/detail/CVE-2016-4491) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4490](https://nvd.nist.gov/vuln/detail/CVE-2016-4490) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4489](https://nvd.nist.gov/vuln/detail/CVE-2016-4489) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4488](https://nvd.nist.gov/vuln/detail/CVE-2016-4488) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4487](https://nvd.nist.gov/vuln/detail/CVE-2016-4487) | libiberty | 5.5 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2015-7313](https://nvd.nist.gov/vuln/detail/CVE-2015-7313) | libtiff | 5.5 | 4.6.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2022-36884](https://nvd.nist.gov/vuln/detail/CVE-2022-36884) | git | 5.3 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2022-3341](https://nvd.nist.gov/vuln/detail/CVE-2022-3341) | ffmpeg | 5.3 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/c513bd48039a718dabf6d7a829efb6732693c04b). |
-| [CVE-2020-16194](https://nvd.nist.gov/vuln/detail/CVE-2020-16194) | quote | 5.3 | 1.0.33 | Incorrect package: Issue concerns prestashop product: [link](https://prestashop.com/), whereas, nixpkgs "quote" refers rust package 'quote': [link](https://docs.rs/quote/latest/quote/). |
-| [CVE-2019-14553](https://nvd.nist.gov/vuln/detail/CVE-2019-14553) | edk2 | 4.9 | 202402 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2016-4492](https://nvd.nist.gov/vuln/detail/CVE-2016-4492) | libiberty | 4.4 | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2019-1003010](https://nvd.nist.gov/vuln/detail/CVE-2019-1003010) | git | 4.3 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |
-| [CVE-2023-31975](https://nvd.nist.gov/vuln/detail/CVE-2023-31975) | yasm | 3.3 | 1.3.0 | Memory leak in CLI tool, no security impact. |
-| [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.4 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). |
-| [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217) | unzip | 3.3 | 6.0 | Ignored by other distribution as 'no security impact', e.g. Debian: [link](https://security-tracker.debian.org/tracker/CVE-2021-4217). |
-| [GHSA-6898-wx94-8jq8](https://osv.dev/GHSA-6898-wx94-8jq8) | libnotify | | 0.8.3 | Incorrect package: Issue refers node-libnotify [link](https://github.com/mytrile/node-libnotify), whereas nixpkgs refers gnome-libnotify [link](https://gitlab.gnome.org/GNOME/libnotify). |
-| [OSV-2023-137](https://osv.dev/OSV-2023-137) | harfbuzz | | 7.3.0 | Based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2), the issue is fixed in range [link](https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc) all of which have been merged in 7.1.0. |
-| [PYSEC-2022-42969](https://osv.dev/PYSEC-2022-42969) | py | | 1.11.0 | Same as CVE-2022-42969. |
-| [MAL-2022-4301](https://osv.dev/MAL-2022-4301) | libidn2 | | 2.3.4 | Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 [link](https://gitlab.com/libidn/libidn2). |
-| [OSV-2022-183](https://osv.dev/OSV-2022-183) | binutils | | 2.40 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44864#c2). |
-| [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.1.5 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). |
-| [OSV-2021-777](https://osv.dev/OSV-2021-777) | libxml2 | | 2.11.7 | Fixed by [link](https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325), which went to 2.9.13. Therefore, this issue is fixed in 2.10.4. |
-| [CVE-2014-9157](https://nvd.nist.gov/vuln/detail/CVE-2014-9157) | graphviz | | 9.0.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2012-3509](https://nvd.nist.gov/vuln/detail/CVE-2012-3509) | libiberty | | 12.3.0 | NVD data issue: CPE entry does not correctly state the version numbers. |
-| [CVE-2010-4226](https://nvd.nist.gov/vuln/detail/CVE-2010-4226) | cpio | | 2.14 | NVD data issue: concerns OpenSuSE, not cpio. |
-
-