From b63930fa698520b623ff9634f3f2192b5cf85b33 Mon Sep 17 00:00:00 2001 From: henrirosten Date: Wed, 7 Feb 2024 03:59:27 +0000 Subject: [PATCH] Automatic vulnerability report update --- reports/ghaf-23.09/data.csv | 204 ++++++++++-------- ...ges.x86_64-linux.generic-x86_64-release.md | 96 ++++----- reports/ghaf-23.12/data.csv | 182 +++++++++------- ...ges.x86_64-linux.generic-x86_64-release.md | 186 ++++++++-------- reports/main/data.csv | 202 +++++++++-------- ...cv64-linux.microchip-icicle-kit-release.md | 38 ++-- ...ges.x86_64-linux.generic-x86_64-release.md | 188 ++++++++-------- 7 files changed, 592 insertions(+), 504 deletions(-) diff --git a/reports/ghaf-23.09/data.csv b/reports/ghaf-23.09/data.csv index c4223ae..b909260 100644 --- a/reports/ghaf-23.09/data.csv +++ b/reports/ghaf-23.09/data.csv @@ -36,8 +36,8 @@ https://github.com/NixOS/nixpkgs/pull/275587" https://github.com/NixOS/nixpkgs/pull/275399 https://github.com/NixOS/nixpkgs/pull/275587" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.7","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.7","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48795","https://nvd.nist.gov/vuln/detail/CVE-2023-48795","openssh","5.9","9.3p2","9.6p1","9.6p1","openssh","2023A0000048795","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275250 https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 @@ -53,21 +53,21 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.15","1.0.15","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 @@ -81,7 +81,7 @@ https://github.com/NixOS/nixpkgs/pull/271223" https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.5.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886 https://github.com/NixOS/nixpkgs/pull/285295" @@ -93,13 +93,16 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.12.3-unstable-2023-12-14","2.12.5","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.7","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.7","1.22rc2","1.21.7","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.7","1.22rc2","1.21.7","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.7","1.22rc2","1.21.7","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202211","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45236","https://nvd.nist.gov/vuln/detail/CVE-2023-45236","edk2","7.5","202211","202311","202311","edk2","2023A0000045236","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45235","https://nvd.nist.gov/vuln/detail/CVE-2023-45235","edk2","8.8","202211","202311","202311","edk2","2023A0000045235","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" @@ -119,12 +122,12 @@ https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 https://github.com/NixOS/nixpkgs/pull/286248" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.7","1.22rc2","1.21.7","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 https://github.com/NixOS/nixpkgs/pull/286248" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -162,16 +165,25 @@ https://github.com/NixOS/nixpkgs/pull/254541 https://github.com/NixOS/nixpkgs/pull/258619 https://github.com/NixOS/nixpkgs/pull/278267" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.7","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.7","1.21.6","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.7","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.20.7","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.20.7","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.7","1.22rc2","1.21.7","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.7","1.22rc2","1.21.7","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 +https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.7","1.22rc2","1.21.7","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.20.7","1.22rc2","1.21.7","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.20.7","1.22rc2","1.21.7","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -204,8 +216,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-30571","https://nvd.nist.gov/vuln/detail/CVE-2023-30571","libarchive","5.3","3.6.2","3.7.2","3.7.2","libarchive","2023A0000030571","False","No upstream fix available, see: https://github.com/libarchive/libarchive/issues/1876.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244713 https://github.com/NixOS/nixpkgs/pull/256930" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-30402","https://nvd.nist.gov/vuln/detail/CVE-2023-30402","yasm","5.5","1.3.0","","","","2023A0000030402","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 -https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 +https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29406","https://nvd.nist.gov/vuln/detail/CVE-2023-29406","go","6.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000029406","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29405","https://nvd.nist.gov/vuln/detail/CVE-2023-29405","go","9.8","1.17.13-linux-amd64-bootstrap","","","","2023A0000029405","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-29404","https://nvd.nist.gov/vuln/detail/CVE-2023-29404","go","9.8","1.17.13-linux-amd64-bootstrap","","","","2023A0000029404","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -257,9 +270,9 @@ https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.10","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.10","3.2.0","3.2.1","openssl","2023A0000005363","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619 @@ -267,7 +280,7 @@ https://github.com/NixOS/nixpkgs/pull/269450 https://github.com/NixOS/nixpkgs/pull/285019" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.10","3.2.0","3.2.0","ruby:openssl","2023A0000005363","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.0","1.13.1","1.14.0","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/257886 https://github.com/NixOS/nixpkgs/pull/259881 @@ -290,28 +303,28 @@ https://github.com/NixOS/nixpkgs/pull/285019" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","2.38-27","2.39","glibc","2023A0000004527","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/256887" @@ -338,11 +351,11 @@ https://github.com/NixOS/nixpkgs/pull/285002" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2861","https://nvd.nist.gov/vuln/detail/CVE-2023-2861","qemu","7.1","8.0.4","8.2.1","8.2.1","qemu","2023A0000002861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244827 https://github.com/NixOS/nixpkgs/pull/285002" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.4","8.2.1","8.2.1","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.4","8.2.1","8.2.1","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" @@ -553,23 +566,23 @@ https://github.com/NixOS/nixpkgs/pull/276799" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49465","https://nvd.nist.gov/vuln/detail/CVE-2023-49465","libde265","8.8","1.0.14","1.0.15","1.0.15","libde265","2023A0000049465","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 https://github.com/NixOS/nixpkgs/pull/276798 https://github.com/NixOS/nixpkgs/pull/276799" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -580,7 +593,7 @@ https://github.com/NixOS/nixpkgs/pull/271223" https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.5.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886 https://github.com/NixOS/nixpkgs/pull/285295" @@ -592,13 +605,16 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.12.3-unstable-2023-12-14","2.12.5","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.8","1.22rc2","1.21.7","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.22rc2","1.21.7","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.22rc2","1.21.7","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202211","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45236","https://nvd.nist.gov/vuln/detail/CVE-2023-45236","edk2","7.5","202211","202311","202311","edk2","2023A0000045236","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45235","https://nvd.nist.gov/vuln/detail/CVE-2023-45235","edk2","8.8","202211","202311","202311","edk2","2023A0000045235","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" @@ -613,12 +629,12 @@ https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 https://github.com/NixOS/nixpkgs/pull/286248" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.20.8","1.22rc2","1.21.7","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 https://github.com/NixOS/nixpkgs/pull/286248" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -632,14 +648,21 @@ https://github.com/NixOS/nixpkgs/pull/286248" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.8","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.8","1.21.6","1.21.6","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 -https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.8","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.20.8","1.22rc2","1.21.7","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.20.8","1.22rc2","1.21.7","go","2023A0000039325","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262713 +https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.20.8","1.22rc2","1.21.7","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -668,8 +691,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-30571","https://nvd.nist.gov/vuln/detail/CVE-2023-30571","libarchive","5.3","3.6.2","3.7.2","3.7.2","libarchive","2023A0000030571","False","No upstream fix available, see: https://github.com/libarchive/libarchive/issues/1876.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244713 https://github.com/NixOS/nixpkgs/pull/256930" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-30402","https://nvd.nist.gov/vuln/detail/CVE-2023-30402","yasm","5.5","1.3.0","","","","2023A0000030402","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 -https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29409","https://nvd.nist.gov/vuln/detail/CVE-2023-29409","go","5.3","1.17.13-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000029409","False","See: https://github.com/golang/go/issues/61580, fixed by update to go 1.20.7: nixpkgs PR https://github.com/NixOS/nixpkgs/pull/246663.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247034 +https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29406","https://nvd.nist.gov/vuln/detail/CVE-2023-29406","go","6.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000029406","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29405","https://nvd.nist.gov/vuln/detail/CVE-2023-29405","go","9.8","1.17.13-linux-amd64-bootstrap","","","","2023A0000029405","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-29404","https://nvd.nist.gov/vuln/detail/CVE-2023-29404","go","9.8","1.17.13-linux-amd64-bootstrap","","","","2023A0000029404","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -722,36 +746,36 @@ https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000005678","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","2.38-27","2.39","glibc","2023A0000005156","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7.0","8.0.5","8.2.1","8.2.1","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","2.38-27","2.39","glibc","2023A0000004527","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/256887" @@ -767,11 +791,11 @@ https://github.com/NixOS/nixpkgs/pull/285002" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2861","https://nvd.nist.gov/vuln/detail/CVE-2023-2861","qemu","7.1","8.0.5","8.2.1","8.2.1","qemu","2023A0000002861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/244827 https://github.com/NixOS/nixpkgs/pull/285002" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.2.1","8.2.1","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0076","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.1.0004","9.1.0080","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.2.1","8.2.1","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.3.0","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" diff --git a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md index a6424e3..7ea2d55 100644 --- a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md @@ -50,10 +50,10 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -117,8 +117,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) | libwebp | 8.8 | 1.3.1 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255786), [PR](https://github.com/NixOS/nixpkgs/pull/255959), [PR](https://github.com/NixOS/nixpkgs/pull/258217), [PR](https://github.com/NixOS/nixpkgs/pull/258430), [PR](https://github.com/NixOS/nixpkgs/pull/261876)]* | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.4 | 8.2.1 | 8.2.1 | | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.8 | 21.1.11 | 21.1.11 | | @@ -127,18 +127,18 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-42915](https://nvd.nist.gov/vuln/detail/CVE-2023-42915) | curl | 7.8 | 8.1.1 | 8.5.0 | 8.6.0 | | | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.37-8 | 2.38-27 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587), [PR](https://github.com/NixOS/nixpkgs/pull/285588)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/285019)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.4 | 8.2.1 | 8.2.1 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2022-36765](https://nvd.nist.gov/vuln/detail/CVE-2022-36765) | edk2 | 7.8 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2022-36764](https://nvd.nist.gov/vuln/detail/CVE-2022-36764) | edk2 | 7.8 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | @@ -149,25 +149,25 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.0 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2023-52356](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | libtiff | 7.5 | 4.5.1 | 4.6.0 | 4.6.0 | | | [CVE-2023-52355](https://nvd.nist.gov/vuln/detail/CVE-2023-52355) | libtiff | 7.5 | 4.5.1 | 4.6.0 | 4.6.0 | | -| [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | | -| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | +| [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.7 | 1.22rc2 | 1.21.7 | | +| [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | | | [CVE-2023-45237](https://nvd.nist.gov/vuln/detail/CVE-2023-45237) | edk2 | 7.5 | 202211 | 202311 | 202311 | | | [CVE-2023-45236](https://nvd.nist.gov/vuln/detail/CVE-2023-45236) | edk2 | 7.5 | 202211 | 202311 | 202311 | | | [CVE-2023-45233](https://nvd.nist.gov/vuln/detail/CVE-2023-45233) | edk2 | 7.5 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45232](https://nvd.nist.gov/vuln/detail/CVE-2023-45232) | edk2 | 7.5 | 202211 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/283362)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.59.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | -| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | +| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.59.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619), [PR](https://github.com/NixOS/nixpkgs/pull/269450), [PR](https://github.com/NixOS/nixpkgs/pull/285019)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | 2.38-27 | 2.39 | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.21 | 9.18.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/275800)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.4 | 8.2.1 | 8.2.1 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/285002)]* | @@ -205,10 +205,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010) | dbus | 6.5 | 1 | 1.14.10 | 1.14.10 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | | [CVE-2021-46312](https://nvd.nist.gov/vuln/detail/CVE-2021-46312) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | | [CVE-2021-46310](https://nvd.nist.gov/vuln/detail/CVE-2021-46310) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -220,7 +220,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | @@ -243,35 +243,35 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.42 | | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.2.13 | 1.3 | 1.3.1 | | | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.5.1 | 4.6.0 | 4.6.0 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-3164](https://nvd.nist.gov/vuln/detail/CVE-2023-3164) | libtiff | 5.5 | 4.5.1 | 4.6.0 | 4.6.0 | | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0076 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.1.0004 | 9.1.0080 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | -| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.7 | 1.21.6 | 1.21.6 | | -| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.7 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.7 | 1.22rc2 | 1.21.7 | | +| [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.7 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | -| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.0.4 | 8.2.1 | 8.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.10 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450), [PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.7 | 1.21.6 | 1.21.6 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.21.6 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.7 | 1.22rc2 | 1.21.7 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.22rc2 | 1.21.7 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 13.2.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.2 | 4.14.3 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/264349), [PR](https://github.com/NixOS/nixpkgs/pull/276559), [PR](https://github.com/NixOS/nixpkgs/pull/281318)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.3.1 | 24.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | diff --git a/reports/ghaf-23.12/data.csv b/reports/ghaf-23.12/data.csv index 2d2f842..5684c5d 100644 --- a/reports/ghaf-23.12/data.csv +++ b/reports/ghaf-23.12/data.csv @@ -7,49 +7,64 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0755","https://nvd.nist.gov/vuln/detail/CVE-2024-0755","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000755","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0754","https://nvd.nist.gov/vuln/detail/CVE-2024-0754","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000754","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0753","https://nvd.nist.gov/vuln/detail/CVE-2024-0753","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000753","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0752","https://nvd.nist.gov/vuln/detail/CVE-2024-0752","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0751","https://nvd.nist.gov/vuln/detail/CVE-2024-0751","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000751","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0750","https://nvd.nist.gov/vuln/detail/CVE-2024-0750","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000750","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0749","https://nvd.nist.gov/vuln/detail/CVE-2024-0749","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2024A0000000749","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0748","https://nvd.nist.gov/vuln/detail/CVE-2024-0748","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2024A0000000748","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0747","https://nvd.nist.gov/vuln/detail/CVE-2024-0747","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000747","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0746","https://nvd.nist.gov/vuln/detail/CVE-2024-0746","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000746","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0745","https://nvd.nist.gov/vuln/detail/CVE-2024-0745","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000745","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0744","https://nvd.nist.gov/vuln/detail/CVE-2024-0744","firefox","7.5","120.0.1","122.0","122.0.1","firefox","2024A0000000744","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0743","https://nvd.nist.gov/vuln/detail/CVE-2024-0743","firefox","7.5","120.0.1","122.0","122.0.1","firefox","2024A0000000743","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0742","https://nvd.nist.gov/vuln/detail/CVE-2024-0742","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2024A0000000742","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0741","https://nvd.nist.gov/vuln/detail/CVE-2024-0741","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000741","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.1","openssl","2024A0000000727","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2024A0000000727","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 @@ -78,8 +93,8 @@ https://github.com/NixOS/nixpkgs/pull/275587" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-50268","https://nvd.nist.gov/vuln/detail/CVE-2023-50268","jq","5.5","1.7","1.7.1","1.7.1","jq","2023A0000050268","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-50246","https://nvd.nist.gov/vuln/detail/CVE-2023-50246","jq","5.5","1.7","1.7.1","1.7.1","jq","2023A0000050246","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48795","https://nvd.nist.gov/vuln/detail/CVE-2023-48795","openssh","5.9","9.5p1","9.6p1","9.6p1","openssh","2023A0000048795","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275250 https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 @@ -95,21 +110,21 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.15","1.0.15","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 @@ -124,7 +139,7 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886 https://github.com/NixOS/nixpkgs/pull/285295" @@ -136,7 +151,8 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.12.3-unstable-2023-12-14","2.12.5","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.21.4","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.21.4","1.22rc2","1.21.7","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202311","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45236","https://nvd.nist.gov/vuln/detail/CVE-2023-45236","edk2","7.5","202311","202311","202311","edk2","2023A0000045236","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45235","https://nvd.nist.gov/vuln/detail/CVE-2023-45235","edk2","8.8","202311","202311","202311","edk2","2023A0000045235","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" @@ -146,7 +162,7 @@ https://github.com/NixOS/nixpkgs/pull/283888" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -163,14 +179,15 @@ https://github.com/NixOS/nixpkgs/pull/276799" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.21.4","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.21.4","1.22rc2","1.21.7","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -203,49 +220,63 @@ https://github.com/NixOS/nixpkgs/pull/275603 https://github.com/NixOS/nixpkgs/pull/275604" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6873","https://nvd.nist.gov/vuln/detail/CVE-2023-6873","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006873","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6872","https://nvd.nist.gov/vuln/detail/CVE-2023-6872","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006872","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6871","https://nvd.nist.gov/vuln/detail/CVE-2023-6871","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006871","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6870","https://nvd.nist.gov/vuln/detail/CVE-2023-6870","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006870","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6869","https://nvd.nist.gov/vuln/detail/CVE-2023-6869","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006869","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6868","https://nvd.nist.gov/vuln/detail/CVE-2023-6868","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006868","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6867","https://nvd.nist.gov/vuln/detail/CVE-2023-6867","firefox","6.1","120.0.1","122.0","122.0.1","firefox","2023A0000006867","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6866","https://nvd.nist.gov/vuln/detail/CVE-2023-6866","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006866","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6865","https://nvd.nist.gov/vuln/detail/CVE-2023-6865","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006865","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6864","https://nvd.nist.gov/vuln/detail/CVE-2023-6864","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006864","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6863","https://nvd.nist.gov/vuln/detail/CVE-2023-6863","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006863","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6861","https://nvd.nist.gov/vuln/detail/CVE-2023-6861","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6860","https://nvd.nist.gov/vuln/detail/CVE-2023-6860","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6859","https://nvd.nist.gov/vuln/detail/CVE-2023-6859","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006859","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6858","https://nvd.nist.gov/vuln/detail/CVE-2023-6858","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6857","https://nvd.nist.gov/vuln/detail/CVE-2023-6857","firefox","5.3","120.0.1","122.0","122.0.1","firefox","2023A0000006857","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6856","https://nvd.nist.gov/vuln/detail/CVE-2023-6856","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006856","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6816","https://nvd.nist.gov/vuln/detail/CVE-2023-6816","xorg-server","9.8","21.1.9","21.1.11","21.1.11","xorg-server","2023A0000006816","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6693","https://nvd.nist.gov/vuln/detail/CVE-2023-6693","qemu","5.3","8.1.3","8.2.1","8.2.1","qemu","2023A0000006693","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/284249 https://github.com/NixOS/nixpkgs/pull/284489" @@ -263,7 +294,8 @@ https://github.com/NixOS/nixpkgs/pull/285588" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6135","https://nvd.nist.gov/vuln/detail/CVE-2023-6135","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006135","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275441 https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.1","openssl","2023A0000006129","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000006129","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 @@ -447,7 +479,7 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","120.0.1","122.0","122.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.2","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.3","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.3","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-21","7.1.1-27","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" @@ -587,9 +619,9 @@ https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-52355","https://nvd.nist.gov/vuln/detail/CVE-2023-52355","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052355","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","6.0","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -616,7 +648,7 @@ https://github.com/NixOS/nixpkgs/pull/283888" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -628,13 +660,13 @@ https://github.com/NixOS/nixpkgs/pull/286248" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -854,7 +886,7 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","122.0","122.0","122.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.2","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.3","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.3","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-26","7.1.1-27","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" @@ -991,8 +1023,8 @@ https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-52355","https://nvd.nist.gov/vuln/detail/CVE-2023-52355","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052355","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.6","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.6","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -1009,7 +1041,7 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -1021,13 +1053,13 @@ https://github.com/NixOS/nixpkgs/pull/286248" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.43.0","0.43.0","0.43.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -1235,7 +1267,7 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","122.0","122.0","122.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.2","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.4","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.4","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-27","7.1.1-27","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" diff --git a/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md index 645384e..4d9aec7 100644 --- a/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md @@ -33,39 +33,39 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-6816](https://nvd.nist.gov/vuln/detail/CVE-2023-6816) | xorg-server | 9.8 | 21.1.9 | 21.1.11 | 21.1.11 | | -| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | -| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -73,25 +73,25 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | -| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | ## Vulnerabilities Fixed in nix-unstable @@ -127,7 +127,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | @@ -161,7 +161,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* | -| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2023-6816](https://nvd.nist.gov/vuln/detail/CVE-2023-6816) | xorg-server | 9.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221) | curl | 9.8 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0-r1.cabal | 0.9.0 | 0.9.0 | | @@ -172,21 +172,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | -| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-45235](https://nvd.nist.gov/vuln/detail/CVE-2023-45235) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45234](https://nvd.nist.gov/vuln/detail/CVE-2023-45234) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45230](https://nvd.nist.gov/vuln/detail/CVE-2023-45230) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | -| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | @@ -194,7 +194,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.1.3 | 8.2.1 | 8.2.1 | | | [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | @@ -221,21 +221,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | -| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2023-52356](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-52355](https://nvd.nist.gov/vuln/detail/CVE-2023-52355) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-45237](https://nvd.nist.gov/vuln/detail/CVE-2023-45237) | edk2 | 7.5 | 202311 | 202311 | 202311 | | | [CVE-2023-45236](https://nvd.nist.gov/vuln/detail/CVE-2023-45236) | edk2 | 7.5 | 202311 | 202311 | 202311 | | | [CVE-2023-45233](https://nvd.nist.gov/vuln/detail/CVE-2023-45233) | edk2 | 7.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45232](https://nvd.nist.gov/vuln/detail/CVE-2023-45232) | edk2 | 7.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | -| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713)]* | -| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | -| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | +| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713)]* | +| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | +| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2023-28450](https://nvd.nist.gov/vuln/detail/CVE-2023-28450) | dnsmasq | 7.5 | 2.89 | 2.89 | 2.89 | | | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27-source-u | 2.38-27 | 2.39 | | @@ -252,12 +252,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.42 | | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.3 | 8.2.1 | 8.2.1 | | -| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | @@ -267,10 +267,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.0 | 0.43.2 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | -| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.3 | 8.2.1 | 8.2.1 | | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-6129](https://nvd.nist.gov/vuln/detail/CVE-2023-6129) | openssl | 6.5 | 3.0.12 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | @@ -316,9 +316,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2007-5967](https://nvd.nist.gov/vuln/detail/CVE-2007-5967) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | -| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | +| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2020-35669](https://nvd.nist.gov/vuln/detail/CVE-2020-35669) | http | 6.1 | 0.2.11 | 0.3-0 | 0.4 | | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -335,7 +335,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -355,7 +355,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2023-3164](https://nvd.nist.gov/vuln/detail/CVE-2023-3164) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | -| [CVE-2017-8806](https://nvd.nist.gov/vuln/detail/CVE-2017-8806) | postgresql | 5.5 | 15.5 | 16.1 | 16.1 | | +| [CVE-2017-8806](https://nvd.nist.gov/vuln/detail/CVE-2017-8806) | postgresql | 5.5 | 15.5 | 16.1 | 16.2 | | | [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | @@ -374,7 +374,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.1 | 8.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489)]* | @@ -382,26 +382,26 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.21.6 | 1.21.6 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.22rc2 | 1.21.7 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* | diff --git a/reports/main/data.csv b/reports/main/data.csv index e0dbdb5..7711b5e 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -7,49 +7,64 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0755","https://nvd.nist.gov/vuln/detail/CVE-2024-0755","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000755","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0754","https://nvd.nist.gov/vuln/detail/CVE-2024-0754","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000754","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0753","https://nvd.nist.gov/vuln/detail/CVE-2024-0753","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000753","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0752","https://nvd.nist.gov/vuln/detail/CVE-2024-0752","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0751","https://nvd.nist.gov/vuln/detail/CVE-2024-0751","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000751","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0750","https://nvd.nist.gov/vuln/detail/CVE-2024-0750","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000750","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0749","https://nvd.nist.gov/vuln/detail/CVE-2024-0749","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2024A0000000749","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0748","https://nvd.nist.gov/vuln/detail/CVE-2024-0748","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2024A0000000748","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0747","https://nvd.nist.gov/vuln/detail/CVE-2024-0747","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000747","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0746","https://nvd.nist.gov/vuln/detail/CVE-2024-0746","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000746","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0745","https://nvd.nist.gov/vuln/detail/CVE-2024-0745","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2024A0000000745","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0744","https://nvd.nist.gov/vuln/detail/CVE-2024-0744","firefox","7.5","120.0.1","122.0","122.0.1","firefox","2024A0000000744","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0743","https://nvd.nist.gov/vuln/detail/CVE-2024-0743","firefox","7.5","120.0.1","122.0","122.0.1","firefox","2024A0000000743","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0742","https://nvd.nist.gov/vuln/detail/CVE-2024-0742","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2024A0000000742","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0741","https://nvd.nist.gov/vuln/detail/CVE-2024-0741","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2024A0000000741","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.1","openssl","2024A0000000727","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2024A0000000727","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 @@ -78,8 +93,8 @@ https://github.com/NixOS/nixpkgs/pull/275587" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-50268","https://nvd.nist.gov/vuln/detail/CVE-2023-50268","jq","5.5","1.7","1.7.1","1.7.1","jq","2023A0000050268","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-50246","https://nvd.nist.gov/vuln/detail/CVE-2023-50246","jq","5.5","1.7","1.7.1","1.7.1","jq","2023A0000050246","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48795","https://nvd.nist.gov/vuln/detail/CVE-2023-48795","openssh","5.9","9.5p1","9.6p1","9.6p1","openssh","2023A0000048795","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275250 https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 @@ -95,21 +110,21 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.15","1.0.15","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275720 @@ -124,7 +139,7 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886 https://github.com/NixOS/nixpkgs/pull/285295" @@ -136,7 +151,8 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.12.3-unstable-2023-12-14","2.12.5","libxml2","2023A0000045322","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/277555 https://github.com/NixOS/nixpkgs/pull/282347 https://github.com/NixOS/nixpkgs/pull/283888" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.21.4","1.21.6","1.21.6","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.21.4","1.22rc2","1.21.7","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45237","https://nvd.nist.gov/vuln/detail/CVE-2023-45237","edk2","7.5","202311","202311","202311","edk2","2023A0000045237","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45236","https://nvd.nist.gov/vuln/detail/CVE-2023-45236","edk2","7.5","202311","202311","202311","edk2","2023A0000045236","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45235","https://nvd.nist.gov/vuln/detail/CVE-2023-45235","edk2","8.8","202311","202311","202311","edk2","2023A0000045235","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" @@ -146,7 +162,7 @@ https://github.com/NixOS/nixpkgs/pull/283888" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -163,14 +179,15 @@ https://github.com/NixOS/nixpkgs/pull/276799" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.21.4","1.21.6","1.21.6","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/279903" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39326","https://nvd.nist.gov/vuln/detail/CVE-2023-39326","go","5.3","1.21.4","1.22rc2","1.21.7","go","2023A0000039326","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283548 +https://github.com/NixOS/nixpkgs/pull/286849" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -203,49 +220,63 @@ https://github.com/NixOS/nixpkgs/pull/275603 https://github.com/NixOS/nixpkgs/pull/275604" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6873","https://nvd.nist.gov/vuln/detail/CVE-2023-6873","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006873","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6872","https://nvd.nist.gov/vuln/detail/CVE-2023-6872","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006872","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6871","https://nvd.nist.gov/vuln/detail/CVE-2023-6871","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006871","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6870","https://nvd.nist.gov/vuln/detail/CVE-2023-6870","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006870","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6869","https://nvd.nist.gov/vuln/detail/CVE-2023-6869","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006869","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6868","https://nvd.nist.gov/vuln/detail/CVE-2023-6868","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006868","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6867","https://nvd.nist.gov/vuln/detail/CVE-2023-6867","firefox","6.1","120.0.1","122.0","122.0.1","firefox","2023A0000006867","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6866","https://nvd.nist.gov/vuln/detail/CVE-2023-6866","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006866","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6865","https://nvd.nist.gov/vuln/detail/CVE-2023-6865","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006865","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6864","https://nvd.nist.gov/vuln/detail/CVE-2023-6864","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006864","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6863","https://nvd.nist.gov/vuln/detail/CVE-2023-6863","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006863","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6861","https://nvd.nist.gov/vuln/detail/CVE-2023-6861","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6860","https://nvd.nist.gov/vuln/detail/CVE-2023-6860","firefox","6.5","120.0.1","122.0","122.0.1","firefox","2023A0000006860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6859","https://nvd.nist.gov/vuln/detail/CVE-2023-6859","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006859","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6858","https://nvd.nist.gov/vuln/detail/CVE-2023-6858","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6857","https://nvd.nist.gov/vuln/detail/CVE-2023-6857","firefox","5.3","120.0.1","122.0","122.0.1","firefox","2023A0000006857","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6856","https://nvd.nist.gov/vuln/detail/CVE-2023-6856","firefox","8.8","120.0.1","122.0","122.0.1","firefox","2023A0000006856","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6816","https://nvd.nist.gov/vuln/detail/CVE-2023-6816","xorg-server","9.8","21.1.9","21.1.11","21.1.11","xorg-server","2023A0000006816","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6693","https://nvd.nist.gov/vuln/detail/CVE-2023-6693","qemu","5.3","8.1.3","8.2.1","8.2.1","qemu","2023A0000006693","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/284249 https://github.com/NixOS/nixpkgs/pull/284489" @@ -263,7 +294,8 @@ https://github.com/NixOS/nixpkgs/pull/285588" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6135","https://nvd.nist.gov/vuln/detail/CVE-2023-6135","firefox","4.3","120.0.1","122.0","122.0.1","firefox","2023A0000006135","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/275441 https://github.com/NixOS/nixpkgs/pull/283010 https://github.com/NixOS/nixpkgs/pull/283600 -https://github.com/NixOS/nixpkgs/pull/286601" +https://github.com/NixOS/nixpkgs/pull/286601 +https://github.com/NixOS/nixpkgs/pull/286735" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.1","openssl","2023A0000006129","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2023A0000006129","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 @@ -447,7 +479,7 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","120.0.1","122.0","122.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.2","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.3","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.3","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-21","7.1.1-27","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" @@ -587,9 +619,9 @@ https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-52355","https://nvd.nist.gov/vuln/detail/CVE-2023-52355","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052355","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","6.0","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -616,7 +648,7 @@ https://github.com/NixOS/nixpkgs/pull/283888" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -628,13 +660,13 @@ https://github.com/NixOS/nixpkgs/pull/286248" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.11.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" @@ -854,7 +886,7 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","122.0","122.0","122.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.2","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.3","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.3","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-26","7.1.1-27","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" @@ -991,8 +1023,8 @@ https://github.com/NixOS/nixpkgs/pull/285027" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-52355","https://nvd.nist.gov/vuln/detail/CVE-2023-52355","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052355","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.6","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.6","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.1","6.1.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905" @@ -1009,7 +1041,7 @@ https://github.com/NixOS/nixpkgs/pull/283179" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45231","https://nvd.nist.gov/vuln/detail/CVE-2023-45231","edk2","6.5","202311","202311","202311","edk2","2023A0000045231","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45230","https://nvd.nist.gov/vuln/detail/CVE-2023-45230","edk2","8.8","202311","202311","202311","edk2","2023A0000045230","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45229","https://nvd.nist.gov/vuln/detail/CVE-2023-45229","edk2","6.5","202311","202311","202311","edk2","2023A0000045229","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/281405" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -1021,13 +1053,13 @@ https://github.com/NixOS/nixpkgs/pull/286248" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.21.6","1.21.6","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39325","https://nvd.nist.gov/vuln/detail/CVE-2023-39325","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039325","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262713" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","8.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039323","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39322","https://nvd.nist.gov/vuln/detail/CVE-2023-39322","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039322","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39321","https://nvd.nist.gov/vuln/detail/CVE-2023-39321","go","7.5","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039321","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39320","https://nvd.nist.gov/vuln/detail/CVE-2023-39320","go","9.8","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039320","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039319","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.21.0-linux-amd64-bootstrap","1.22rc2","1.21.7","go","2023A0000039318","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.43.0","0.43.0","0.43.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" @@ -1235,7 +1267,7 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","122.0","122.0","122.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.7","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.1","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.5","16.1","16.2","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.4","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.4","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-27","7.1.1-27","7.1.1.27","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" @@ -1393,26 +1425,26 @@ https://github.com/NixOS/nixpkgs/pull/275641 https://github.com/NixOS/nixpkgs/pull/276242 https://github.com/NixOS/nixpkgs/pull/276504 https://github.com/NixOS/nixpkgs/pull/276505" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47100","https://nvd.nist.gov/vuln/detail/CVE-2023-47100","perl","9.8","5.38.0","5.38.2","5.38.2","perl","2023A0000047100","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269996 https://github.com/NixOS/nixpkgs/pull/271223" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0076","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0004","9.1.0080","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886 https://github.com/NixOS/nixpkgs/pull/285295" @@ -1574,7 +1606,7 @@ https://github.com/NixOS/nixpkgs/pull/285027" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-52355","https://nvd.nist.gov/vuln/detail/CVE-2023-52355","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052355","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0076","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0004","9.1.0080","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276595 https://github.com/NixOS/nixpkgs/pull/284984" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.5.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272886 diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index 61abbad..849fc34 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/e81ccfb41d75eda0488b6b4325aeccb8385ce960. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/58f01bc052369575faa6366cd388f7331b6ca3f6. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -40,14 +40,14 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | ## Vulnerabilities Fixed in nix-unstable @@ -66,7 +66,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.3-unstable- | 2.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/277555), [PR](https://github.com/NixOS/nixpkgs/pull/282347), [PR](https://github.com/NixOS/nixpkgs/pull/283888)]* | | [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.1 | 3.2.1 | | @@ -130,7 +130,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -148,14 +148,14 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450), [PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index 7d76643..c133410 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/e81ccfb41d75eda0488b6b4325aeccb8385ce960. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/58f01bc052369575faa6366cd388f7331b6ca3f6. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -33,39 +33,39 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-6816](https://nvd.nist.gov/vuln/detail/CVE-2023-6816) | xorg-server | 9.8 | 21.1.9 | 21.1.11 | 21.1.11 | | -| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | -| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh | 5.9 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -73,25 +73,25 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | -| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | ## Vulnerabilities Fixed in nix-unstable @@ -127,7 +127,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | @@ -161,7 +161,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0-env | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* | -| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2023-6816](https://nvd.nist.gov/vuln/detail/CVE-2023-6816) | xorg-server | 9.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221) | curl | 9.8 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0-r1.cabal | 0.9.0 | 0.9.0 | | @@ -172,21 +172,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | -| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0755](https://nvd.nist.gov/vuln/detail/CVE-2024-0755) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0751](https://nvd.nist.gov/vuln/detail/CVE-2024-0751) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0750](https://nvd.nist.gov/vuln/detail/CVE-2024-0750) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0745](https://nvd.nist.gov/vuln/detail/CVE-2024-0745) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-45235](https://nvd.nist.gov/vuln/detail/CVE-2023-45235) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45234](https://nvd.nist.gov/vuln/detail/CVE-2023-45234) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45230](https://nvd.nist.gov/vuln/detail/CVE-2023-45230) | edk2 | 8.8 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | -| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6873](https://nvd.nist.gov/vuln/detail/CVE-2023-6873) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6866](https://nvd.nist.gov/vuln/detail/CVE-2023-6866) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6864](https://nvd.nist.gov/vuln/detail/CVE-2023-6864) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6863](https://nvd.nist.gov/vuln/detail/CVE-2023-6863) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6861](https://nvd.nist.gov/vuln/detail/CVE-2023-6861) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6859](https://nvd.nist.gov/vuln/detail/CVE-2023-6859) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6858](https://nvd.nist.gov/vuln/detail/CVE-2023-6858) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6856](https://nvd.nist.gov/vuln/detail/CVE-2023-6856) | firefox | 8.8 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | @@ -194,7 +194,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.1.3 | 8.2.1 | 8.2.1 | | | [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | @@ -221,21 +221,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | -| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0744](https://nvd.nist.gov/vuln/detail/CVE-2024-0744) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | firefox | 7.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553) | gnutls | 7.5 | 3.8.2 | 3.8.3 | 3.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281471), [PR](https://github.com/NixOS/nixpkgs/pull/281775)]* | | [CVE-2023-52356](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-52355](https://nvd.nist.gov/vuln/detail/CVE-2023-52355) | libtiff | 7.5 | 4.6.0 | 4.6.0 | 4.6.0 | | -| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-45237](https://nvd.nist.gov/vuln/detail/CVE-2023-45237) | edk2 | 7.5 | 202311 | 202311 | 202311 | | | [CVE-2023-45236](https://nvd.nist.gov/vuln/detail/CVE-2023-45236) | edk2 | 7.5 | 202311 | 202311 | 202311 | | | [CVE-2023-45233](https://nvd.nist.gov/vuln/detail/CVE-2023-45233) | edk2 | 7.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-45232](https://nvd.nist.gov/vuln/detail/CVE-2023-45232) | edk2 | 7.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | -| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713)]* | -| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | -| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | +| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713)]* | +| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | +| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2023-28450](https://nvd.nist.gov/vuln/detail/CVE-2023-28450) | dnsmasq | 7.5 | 2.89 | 2.89 | 2.89 | | | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27-source-u | 2.38-27 | 2.39 | | @@ -252,12 +252,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.42 | | | [CVE-2023-51767](https://nvd.nist.gov/vuln/detail/CVE-2023-51767) | openssh | 7.0 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.3 | 8.2.1 | 8.2.1 | | -| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2024-0754](https://nvd.nist.gov/vuln/detail/CVE-2024-0754) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0753](https://nvd.nist.gov/vuln/detail/CVE-2024-0753) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0752](https://nvd.nist.gov/vuln/detail/CVE-2024-0752) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0747](https://nvd.nist.gov/vuln/detail/CVE-2024-0747) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0746](https://nvd.nist.gov/vuln/detail/CVE-2024-0746) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0741](https://nvd.nist.gov/vuln/detail/CVE-2024-0741) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | @@ -267,10 +267,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202311 | 202311 | *[[PR](https://github.com/NixOS/nixpkgs/pull/281405)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.0 | 0.43.2 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | -| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6872](https://nvd.nist.gov/vuln/detail/CVE-2023-6872) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6869](https://nvd.nist.gov/vuln/detail/CVE-2023-6869) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6865](https://nvd.nist.gov/vuln/detail/CVE-2023-6865) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-6860](https://nvd.nist.gov/vuln/detail/CVE-2023-6860) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.3 | 8.2.1 | 8.2.1 | | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-6129](https://nvd.nist.gov/vuln/detail/CVE-2023-6129) | openssl | 6.5 | 3.0.12 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | @@ -316,9 +316,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2007-5967](https://nvd.nist.gov/vuln/detail/CVE-2007-5967) | firefox | 6.5 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | -| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | +| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | +| [CVE-2023-6867](https://nvd.nist.gov/vuln/detail/CVE-2023-6867) | firefox | 6.1 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2020-35669](https://nvd.nist.gov/vuln/detail/CVE-2020-35669) | http | 6.1 | 0.2.11 | 0.3-0 | 0.4 | | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | openssh | 5.9 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276242), [PR](https://github.com/NixOS/nixpkgs/pull/276504), [PR](https://github.com/NixOS/nixpkgs/pull/276505)]* | @@ -335,7 +335,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -355,7 +355,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2023-3164](https://nvd.nist.gov/vuln/detail/CVE-2023-3164) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | -| [CVE-2017-8806](https://nvd.nist.gov/vuln/detail/CVE-2017-8806) | postgresql | 5.5 | 15.5 | 16.1 | 16.1 | | +| [CVE-2017-8806](https://nvd.nist.gov/vuln/detail/CVE-2017-8806) | postgresql | 5.5 | 15.5 | 16.1 | 16.2 | | | [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | | [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-27 | 7.1.1.27 | | @@ -374,7 +374,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* | -| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.6 | 1.21.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/279903)]* | +| [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22rc2 | 1.21.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283548), [PR](https://github.com/NixOS/nixpkgs/pull/286849)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.1 | 8.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489)]* | @@ -382,26 +382,26 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.21.6 | 1.21.6 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.21.6 | 1.21.6 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.22rc2 | 1.21.7 | | +| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.22rc2 | 1.21.7 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0076 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | -| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0004 | 9.1.0080 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* | +| [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | | -| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601)]* | +| [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 122.0 | 122.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/283010), [PR](https://github.com/NixOS/nixpkgs/pull/283600), [PR](https://github.com/NixOS/nixpkgs/pull/286601), [PR](https://github.com/NixOS/nixpkgs/pull/286735)]* | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* |