diff --git a/reports/main/data.csv b/reports/main/data.csv index 068a1cb..f7dfd8b 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -98,9 +98,11 @@ https://github.com/NixOS/nixpkgs/pull/299125" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.23.4","1.23.4","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","0.6.3.0-r5.cabal","0.7.1.0","0.7.1.0","haskell:zlib","2023A0000045853","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262722 -https://github.com/NixOS/nixpkgs/pull/263083" +https://github.com/NixOS/nixpkgs/pull/263083 +https://github.com/NixOS/nixpkgs/pull/370353" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2023A0000045853","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262722 -https://github.com/NixOS/nixpkgs/pull/263083" +https://github.com/NixOS/nixpkgs/pull/263083 +https://github.com/NixOS/nixpkgs/pull/370353" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.23.4","1.23.4","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/262738 https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 @@ -261,12 +263,12 @@ https://github.com/NixOS/nixpkgs/pull/362304" https://github.com/NixOS/nixpkgs/pull/185613 https://github.com/NixOS/nixpkgs/pull/185693 https://github.com/NixOS/nixpkgs/pull/185754 -https://github.com/NixOS/nixpkgs/pull/186941" +https://github.com/NixOS/nixpkgs/pull/370353" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-37434","https://nvd.nist.gov/vuln/detail/CVE-2022-37434","zlib","9.8","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2022A0000037434","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/185554 https://github.com/NixOS/nixpkgs/pull/185613 https://github.com/NixOS/nixpkgs/pull/185693 https://github.com/NixOS/nixpkgs/pull/185754 -https://github.com/NixOS/nixpkgs/pull/186941" +https://github.com/NixOS/nixpkgs/pull/370353" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-37416","https://nvd.nist.gov/vuln/detail/CVE-2022-37416","libmpeg2","6.5","0.5.1","","","","2022A0000037416","True","NVD data issue: concerns Android only.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36884","https://nvd.nist.gov/vuln/detail/CVE-2022-36884","git","5.3","2.47.0","","","","2022A0000036884","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36883","https://nvd.nist.gov/vuln/detail/CVE-2022-36883","git","7.5","2.47.0","","","","2022A0000036883","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" @@ -515,7 +517,8 @@ https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2018-25032","https://nvd.nist.gov/vuln/detail/CVE-2018-25032","zlib","7.5","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2018A0000025032","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/165642 https://github.com/NixOS/nixpkgs/pull/166451 https://github.com/NixOS/nixpkgs/pull/167084 -https://github.com/NixOS/nixpkgs/pull/205374" +https://github.com/NixOS/nixpkgs/pull/205374 +https://github.com/NixOS/nixpkgs/pull/370353" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2018-18438","https://nvd.nist.gov/vuln/detail/CVE-2018-18438","qemu","5.5","9.1.1","","","","2018A0000018438","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2018-14628","https://nvd.nist.gov/vuln/detail/CVE-2018-14628","samba","4.3","4.20.4","4.20.4","4.21.2","samba","2018A0000014628","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/270419" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2018-13162","https://nvd.nist.gov/vuln/detail/CVE-2018-13162","alex","7.5","3.4.0.1","3.4.0.1","3.5.1.0","alex","2018A0000013162","False","","err_not_vulnerable_based_on_repology","" diff --git a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md index 51844ed..2059691 100644 --- a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md +++ b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md @@ -48,208 +48,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------------|------------|------------------|------------------|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [CVE-2024-47615](https://nvd.nist.gov/vuln/detail/CVE-2024-47615) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47613](https://nvd.nist.gov/vuln/detail/CVE-2024-47613) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47607](https://nvd.nist.gov/vuln/detail/CVE-2024-47607) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47606](https://nvd.nist.gov/vuln/detail/CVE-2024-47606) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47540](https://nvd.nist.gov/vuln/detail/CVE-2024-47540) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47539](https://nvd.nist.gov/vuln/detail/CVE-2024-47539) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47538](https://nvd.nist.gov/vuln/detail/CVE-2024-47538) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47537](https://nvd.nist.gov/vuln/detail/CVE-2024-47537) | gstreamer | 9.8 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | go | 9.8 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/319485), [PR](https://github.com/NixOS/nixpkgs/pull/331906), [PR](https://github.com/NixOS/nixpkgs/pull/361606)]* | -| [CVE-2024-23741](https://nvd.nist.gov/vuln/detail/CVE-2024-23741) | hyper | 9.8 | 1.5.0 | | | | -| [CVE-2024-23741](https://nvd.nist.gov/vuln/detail/CVE-2024-23741) | hyper | 9.8 | 1.4.1 | | | | -| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 0.6.3.0-r5.cabal | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083)]* | -| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083)]* | -| [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | -| [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) | zlib | 9.8 | 0.6.3.0-r5.cabal | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/185554), [PR](https://github.com/NixOS/nixpkgs/pull/185613), [PR](https://github.com/NixOS/nixpkgs/pull/185693), [PR](https://github.com/NixOS/nixpkgs/pull/185754), [PR](https://github.com/NixOS/nixpkgs/pull/186941)]* | -| [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) | zlib | 9.8 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/185554), [PR](https://github.com/NixOS/nixpkgs/pull/185613), [PR](https://github.com/NixOS/nixpkgs/pull/185693), [PR](https://github.com/NixOS/nixpkgs/pull/185754), [PR](https://github.com/NixOS/nixpkgs/pull/186941)]* | -| [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221) | curl | 9.8 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | -| [CVE-2021-35048](https://nvd.nist.gov/vuln/detail/CVE-2021-35048) | network | 9.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-35048](https://nvd.nist.gov/vuln/detail/CVE-2021-35048) | network | 9.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.10.0 | 0.10.0 | 0.10.0 | | -| [CVE-2024-47834](https://nvd.nist.gov/vuln/detail/CVE-2024-47834) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47777](https://nvd.nist.gov/vuln/detail/CVE-2024-47777) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47776](https://nvd.nist.gov/vuln/detail/CVE-2024-47776) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47775](https://nvd.nist.gov/vuln/detail/CVE-2024-47775) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47774](https://nvd.nist.gov/vuln/detail/CVE-2024-47774) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47600](https://nvd.nist.gov/vuln/detail/CVE-2024-47600) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47598](https://nvd.nist.gov/vuln/detail/CVE-2024-47598) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47597](https://nvd.nist.gov/vuln/detail/CVE-2024-47597) | gstreamer | 9.1 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-21524](https://nvd.nist.gov/vuln/detail/CVE-2024-21524) | stringbuilder | 9.1 | 0.5.1 | 0.5.1 | 0.5.1 | | -| [CVE-2022-28872](https://nvd.nist.gov/vuln/detail/CVE-2022-28872) | safe | 8.8 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-28872](https://nvd.nist.gov/vuln/detail/CVE-2022-28872) | safe | 8.8 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2022-24394](https://nvd.nist.gov/vuln/detail/CVE-2022-24394) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24394](https://nvd.nist.gov/vuln/detail/CVE-2022-24394) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24393](https://nvd.nist.gov/vuln/detail/CVE-2022-24393) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24393](https://nvd.nist.gov/vuln/detail/CVE-2022-24393) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24392](https://nvd.nist.gov/vuln/detail/CVE-2022-24392) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24392](https://nvd.nist.gov/vuln/detail/CVE-2022-24392) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24391](https://nvd.nist.gov/vuln/detail/CVE-2022-24391) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24391](https://nvd.nist.gov/vuln/detail/CVE-2022-24391) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24390](https://nvd.nist.gov/vuln/detail/CVE-2022-24390) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24390](https://nvd.nist.gov/vuln/detail/CVE-2022-24390) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24389](https://nvd.nist.gov/vuln/detail/CVE-2022-24389) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24389](https://nvd.nist.gov/vuln/detail/CVE-2022-24389) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24388](https://nvd.nist.gov/vuln/detail/CVE-2022-24388) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-24388](https://nvd.nist.gov/vuln/detail/CVE-2022-24388) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-35049](https://nvd.nist.gov/vuln/detail/CVE-2021-35049) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-35049](https://nvd.nist.gov/vuln/detail/CVE-2021-35049) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-35047](https://nvd.nist.gov/vuln/detail/CVE-2021-35047) | network | 8.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-35047](https://nvd.nist.gov/vuln/detail/CVE-2021-35047) | network | 8.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-20240](https://nvd.nist.gov/vuln/detail/CVE-2021-20240) | gdk-pixbuf | 8.8 | 0.18.5 | 2.42.12 | 2.42.12 | *[[PR](https://github.com/NixOS/nixpkgs/pull/312036), [PR](https://github.com/NixOS/nixpkgs/pull/314686)]* | -| [CVE-2021-4276](https://nvd.nist.gov/vuln/detail/CVE-2021-4276) | hedgehog | 8.8 | 1.4-r8.cabal | 1.5 | 1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/192632)]* | -| [CVE-2021-4276](https://nvd.nist.gov/vuln/detail/CVE-2021-4276) | hedgehog | 8.8 | 1.4 | 1.5 | 1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/192632)]* | -| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | -| [CVE-2023-24999](https://nvd.nist.gov/vuln/detail/CVE-2023-24999) | vault | 8.1 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/221835), [PR](https://github.com/NixOS/nixpkgs/pull/221841)]* | -| [CVE-2023-24999](https://nvd.nist.gov/vuln/detail/CVE-2023-24999) | vault | 8.1 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/221835), [PR](https://github.com/NixOS/nixpkgs/pull/221841)]* | -| [CVE-2023-32643](https://nvd.nist.gov/vuln/detail/CVE-2023-32643) | glib | 7.8 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2023-3297](https://nvd.nist.gov/vuln/detail/CVE-2023-3297) | accountsservice | 7.8 | 23.13.9 | 23.13.9 | 23.13.9 | | -| [CVE-2022-45868](https://nvd.nist.gov/vuln/detail/CVE-2022-45868) | h2 | 7.8 | 0.4.6 | | | | -| [CVE-2022-27470](https://nvd.nist.gov/vuln/detail/CVE-2022-27470) | SDL_ttf | 7.8 | 2.0.11 | | | | -| [CVE-2022-0997](https://nvd.nist.gov/vuln/detail/CVE-2022-0997) | network | 7.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-0997](https://nvd.nist.gov/vuln/detail/CVE-2022-0997) | network | 7.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-0486](https://nvd.nist.gov/vuln/detail/CVE-2022-0486) | network | 7.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2022-0486](https://nvd.nist.gov/vuln/detail/CVE-2022-0486) | network | 7.8 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-46829](https://nvd.nist.gov/vuln/detail/CVE-2021-46829) | gdk-pixbuf | 7.8 | 0.18.5 | 2.42.12 | 2.42.12 | *[[PR](https://github.com/NixOS/nixpkgs/pull/312036), [PR](https://github.com/NixOS/nixpkgs/pull/314686)]* | -| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.5-r2.cabal | 2.2.5 | 2.2.5 | | -| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.5 | 2.2.5 | 2.2.5 | | -| [CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034) | polkit | 7.8 | 1.pam | 124 | 125 | *[[PR](https://github.com/NixOS/nixpkgs/pull/155725), [PR](https://github.com/NixOS/nixpkgs/pull/156750), [PR](https://github.com/NixOS/nixpkgs/pull/156822), [PR](https://github.com/NixOS/nixpkgs/pull/295087)]* | -| [CVE-2020-35457](https://nvd.nist.gov/vuln/detail/CVE-2020-35457) | glib | 7.8 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2024-47835](https://nvd.nist.gov/vuln/detail/CVE-2024-47835) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47778](https://nvd.nist.gov/vuln/detail/CVE-2024-47778) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47603](https://nvd.nist.gov/vuln/detail/CVE-2024-47603) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47602](https://nvd.nist.gov/vuln/detail/CVE-2024-47602) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47601](https://nvd.nist.gov/vuln/detail/CVE-2024-47601) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47599](https://nvd.nist.gov/vuln/detail/CVE-2024-47599) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47596](https://nvd.nist.gov/vuln/detail/CVE-2024-47596) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47546](https://nvd.nist.gov/vuln/detail/CVE-2024-47546) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47545](https://nvd.nist.gov/vuln/detail/CVE-2024-47545) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47544](https://nvd.nist.gov/vuln/detail/CVE-2024-47544) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47543](https://nvd.nist.gov/vuln/detail/CVE-2024-47543) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47542](https://nvd.nist.gov/vuln/detail/CVE-2024-47542) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2024-47541](https://nvd.nist.gov/vuln/detail/CVE-2024-47541) | gstreamer | 7.5 | 1.24.7 | 1.24.10 | 1.24.10 | | -| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248), [PR](https://github.com/NixOS/nixpkgs/pull/298640)]* | -| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/300783)]* | -| [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322) | go | 7.5 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | -| [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321) | go | 7.5 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | -| [CVE-2023-32636](https://nvd.nist.gov/vuln/detail/CVE-2023-32636) | glib | 7.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2023-29499](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) | glib | 7.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | -| [CVE-2023-6337](https://nvd.nist.gov/vuln/detail/CVE-2023-6337) | vault | 7.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272492), [PR](https://github.com/NixOS/nixpkgs/pull/274068), [PR](https://github.com/NixOS/nixpkgs/pull/274071)]* | -| [CVE-2023-6337](https://nvd.nist.gov/vuln/detail/CVE-2023-6337) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272492), [PR](https://github.com/NixOS/nixpkgs/pull/274068), [PR](https://github.com/NixOS/nixpkgs/pull/274071)]* | -| [CVE-2022-40898](https://nvd.nist.gov/vuln/detail/CVE-2022-40898) | wheel | 7.5 | 0.37.1-source | 0.45.1 | 0.45.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/210565), [PR](https://github.com/NixOS/nixpkgs/pull/361930), [PR](https://github.com/NixOS/nixpkgs/pull/362304)]* | -| [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782) | curl | 7.5 | 0.4.46 | | | | -| [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781) | curl | 7.5 | 0.4.46 | | | | -| [CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | semver | 7.5 | 1.0.23 | 1.0.0 | 7.6.3 | | -| [CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | semver | 7.5 | 1.0.22 | 1.0.0 | 7.6.3 | | -| [CVE-2022-3064](https://nvd.nist.gov/vuln/detail/CVE-2022-3064) | yaml | 7.5 | 0.11.11.2-r2.cab | 0.11.11.2 | 0.11.11.2 | | -| [CVE-2022-3064](https://nvd.nist.gov/vuln/detail/CVE-2022-3064) | yaml | 7.5 | 0.11.11.2 | 0.11.11.2 | 0.11.11.2 | | -| [CVE-2021-35050](https://nvd.nist.gov/vuln/detail/CVE-2021-35050) | network | 7.5 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-35050](https://nvd.nist.gov/vuln/detail/CVE-2021-35050) | network | 7.5 | 3.1.4.0 | 3.2.4.0 | 3.2.7.0 | | -| [CVE-2021-27400](https://nvd.nist.gov/vuln/detail/CVE-2021-27400) | vault | 7.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/120155), [PR](https://github.com/NixOS/nixpkgs/pull/120157)]* | -| [CVE-2021-27400](https://nvd.nist.gov/vuln/detail/CVE-2021-27400) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/120155), [PR](https://github.com/NixOS/nixpkgs/pull/120157)]* | -| [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219) | glib | 7.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218) | glib | 7.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2020-27569](https://nvd.nist.gov/vuln/detail/CVE-2020-27569) | openvpn | 7.5 | 2.6.12 | 2.6.12 | 2.6.12 | | -| [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | -| [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | -| [CVE-2020-11021](https://nvd.nist.gov/vuln/detail/CVE-2020-11021) | http-client | 7.5 | 0.7.17 | 0.7.17 | 0.7.18 | | -| [CVE-2023-0620](https://nvd.nist.gov/vuln/detail/CVE-2023-0620) | vault | 6.7 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2023-0620](https://nvd.nist.gov/vuln/detail/CVE-2023-0620) | vault | 6.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2024-50613](https://nvd.nist.gov/vuln/detail/CVE-2024-50613) | libsndfile | 6.5 | 1.2.2 | 1.2.2 | 1.2.2 | | -| [CVE-2024-8365](https://nvd.nist.gov/vuln/detail/CVE-2024-8365) | vault | 6.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2024-8365](https://nvd.nist.gov/vuln/detail/CVE-2024-8365) | vault | 6.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2023-0665](https://nvd.nist.gov/vuln/detail/CVE-2023-0665) | vault | 6.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2023-0665](https://nvd.nist.gov/vuln/detail/CVE-2023-0665) | vault | 6.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012) | dbus | 6.5 | 1 | 1.14.10 | 1.16.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012) | dbus | 6.5 | 0.9.7 | 1.14.10 | 1.16.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011) | dbus | 6.5 | 1 | 1.14.10 | 1.16.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011) | dbus | 6.5 | 0.9.7 | 1.14.10 | 1.16.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010) | dbus | 6.5 | 1 | 1.14.10 | 1.16.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010) | dbus | 6.5 | 0.9.7 | 1.14.10 | 1.16.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | -| [CVE-2022-38164](https://nvd.nist.gov/vuln/detail/CVE-2022-38164) | safe | 6.5 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-38164](https://nvd.nist.gov/vuln/detail/CVE-2022-38164) | safe | 6.5 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206) | curl | 6.5 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/179314), [PR](https://github.com/NixOS/nixpkgs/pull/180021)]* | -| [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776) | curl | 6.5 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/170654), [PR](https://github.com/NixOS/nixpkgs/pull/170659)]* | -| [CVE-2020-27748](https://nvd.nist.gov/vuln/detail/CVE-2020-27748) | xdg-utils | 6.5 | 1.2.1 | 1.2.1 | 1.2.1 | | -| [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | -| [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | -| [CVE-2020-35669](https://nvd.nist.gov/vuln/detail/CVE-2020-35669) | http | 6.1 | 0.2.12 | 0.3-0 | 0.4 | | -| [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | -| [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | -| [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | -| [CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897) | setuptools | 5.9 | 44.0.0-source | 75.3.0 | 75.6.0 | | -| [CVE-2021-3572](https://nvd.nist.gov/vuln/detail/CVE-2021-3572) | pip | 5.7 | 20.3.4-source | 24.0 | 24.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/368263)]* | -| [CVE-2024-50612](https://nvd.nist.gov/vuln/detail/CVE-2024-50612) | libsndfile | 5.5 | 1.2.2 | 1.2.2 | 1.2.2 | | -| [CVE-2024-24789](https://nvd.nist.gov/vuln/detail/CVE-2024-24789) | go | 5.5 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/319485), [PR](https://github.com/NixOS/nixpkgs/pull/361606)]* | -| [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | -| [CVE-2023-32665](https://nvd.nist.gov/vuln/detail/CVE-2023-32665) | glib | 5.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2023-32611](https://nvd.nist.gov/vuln/detail/CVE-2023-32611) | glib | 5.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.3.1 | 1.3.1 | 1.3.1 | | -| [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 0.6.3.0-r5.cabal | 0.7.1.0 | 0.7.1.0 | | -| [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | | -| [CVE-2021-4235](https://nvd.nist.gov/vuln/detail/CVE-2021-4235) | yaml | 5.5 | 0.11.11.2-r2.cab | 0.11.11.2 | 0.11.11.2 | | -| [CVE-2021-4235](https://nvd.nist.gov/vuln/detail/CVE-2021-4235) | yaml | 5.5 | 0.11.11.2 | 0.11.11.2 | 0.11.11.2 | | -| [CVE-2021-3800](https://nvd.nist.gov/vuln/detail/CVE-2021-3800) | glib | 5.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2020-29385](https://nvd.nist.gov/vuln/detail/CVE-2020-29385) | gdk-pixbuf | 5.5 | 0.18.5 | 2.42.12 | 2.42.12 | *[[PR](https://github.com/NixOS/nixpkgs/pull/106302), [PR](https://github.com/NixOS/nixpkgs/pull/111542), [PR](https://github.com/NixOS/nixpkgs/pull/312036), [PR](https://github.com/NixOS/nixpkgs/pull/314686)]* | -| [CVE-2024-21485](https://nvd.nist.gov/vuln/detail/CVE-2024-21485) | dash | 5.4 | 0.5.12 | | | | -| [CVE-2023-41940](https://nvd.nist.gov/vuln/detail/CVE-2023-41940) | tap | 5.4 | 1.0.1 | 0.77 | 0.77 | | -| [CVE-2023-2121](https://nvd.nist.gov/vuln/detail/CVE-2023-2121) | vault | 5.4 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236911), [PR](https://github.com/NixOS/nixpkgs/pull/239559), [PR](https://github.com/NixOS/nixpkgs/pull/239571)]* | -| [CVE-2023-2121](https://nvd.nist.gov/vuln/detail/CVE-2023-2121) | vault | 5.4 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236911), [PR](https://github.com/NixOS/nixpkgs/pull/239559), [PR](https://github.com/NixOS/nixpkgs/pull/239571)]* | -| [CVE-2022-47524](https://nvd.nist.gov/vuln/detail/CVE-2022-47524) | safe | 5.4 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-47524](https://nvd.nist.gov/vuln/detail/CVE-2022-47524) | safe | 5.4 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.47.0 | 2.47.0 | 2.47.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2023-33955](https://nvd.nist.gov/vuln/detail/CVE-2023-33955) | console | 5.3 | 0.15.8 | 0.1.0-unstable-2 | | | -| [CVE-2023-26044](https://nvd.nist.gov/vuln/detail/CVE-2023-26044) | http | 5.3 | 1.1.0 | | | | -| [CVE-2022-43410](https://nvd.nist.gov/vuln/detail/CVE-2022-43410) | mercurial | 5.3 | 6.8.2 | 6.8.2 | 6.9 | | -| [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2022-36032](https://nvd.nist.gov/vuln/detail/CVE-2022-36032) | http | 5.3 | 1.1.0 | | | | -| [CVE-2021-44751](https://nvd.nist.gov/vuln/detail/CVE-2021-44751) | safe | 5.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2021-44751](https://nvd.nist.gov/vuln/detail/CVE-2021-44751) | safe | 5.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-38554](https://nvd.nist.gov/vuln/detail/CVE-2021-38554) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2021-38554](https://nvd.nist.gov/vuln/detail/CVE-2021-38554) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153) | glib | 5.3 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2021-3024](https://nvd.nist.gov/vuln/detail/CVE-2021-3024) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | -| [CVE-2021-3024](https://nvd.nist.gov/vuln/detail/CVE-2021-3024) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | -| [CVE-2020-25594](https://nvd.nist.gov/vuln/detail/CVE-2020-25594) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | -| [CVE-2020-25594](https://nvd.nist.gov/vuln/detail/CVE-2020-25594) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.23.3 | 1.23.4 | 1.23.4 | | -| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | -| [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 13.3.0 | | | | -| [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2022-28870](https://nvd.nist.gov/vuln/detail/CVE-2022-28870) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-28870](https://nvd.nist.gov/vuln/detail/CVE-2022-28870) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2022-28869](https://nvd.nist.gov/vuln/detail/CVE-2022-28869) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-28869](https://nvd.nist.gov/vuln/detail/CVE-2022-28869) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2022-28868](https://nvd.nist.gov/vuln/detail/CVE-2022-28868) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-28868](https://nvd.nist.gov/vuln/detail/CVE-2022-28868) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-40835](https://nvd.nist.gov/vuln/detail/CVE-2021-40835) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2021-40835](https://nvd.nist.gov/vuln/detail/CVE-2021-40835) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | -| [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | -| [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* | -| [CVE-2022-38163](https://nvd.nist.gov/vuln/detail/CVE-2022-38163) | safe | 3.5 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2022-38163](https://nvd.nist.gov/vuln/detail/CVE-2022-38163) | safe | 3.5 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-33595](https://nvd.nist.gov/vuln/detail/CVE-2021-33595) | safe | 3.5 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2021-33595](https://nvd.nist.gov/vuln/detail/CVE-2021-33595) | safe | 3.5 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-33594](https://nvd.nist.gov/vuln/detail/CVE-2021-33594) | safe | 3.5 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | -| [CVE-2021-33594](https://nvd.nist.gov/vuln/detail/CVE-2021-33594) | safe | 3.5 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 20.3.4-source | 24.0 | 24.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928), [PR](https://github.com/NixOS/nixpkgs/pull/368263)]* | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -272,12 +71,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | go | 9.8 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/319485), [PR](https://github.com/NixOS/nixpkgs/pull/331906), [PR](https://github.com/NixOS/nixpkgs/pull/361606)]* | | [CVE-2024-23741](https://nvd.nist.gov/vuln/detail/CVE-2024-23741) | hyper | 9.8 | 1.5.0 | | | | | [CVE-2024-23741](https://nvd.nist.gov/vuln/detail/CVE-2024-23741) | hyper | 9.8 | 1.4.1 | | | | -| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 0.6.3.0-r5.cabal | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083)]* | -| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083)]* | +| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 0.6.3.0-r5.cabal | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/370353)]* | +| [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/370353)]* | | [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320) | go | 9.8 | 1.21.0-linux-amd | 1.23.4 | 1.23.4 | | | [CVE-2022-48565](https://nvd.nist.gov/vuln/detail/CVE-2022-48565) | python | 9.8 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | -| [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) | zlib | 9.8 | 0.6.3.0-r5.cabal | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/185554), [PR](https://github.com/NixOS/nixpkgs/pull/185613), [PR](https://github.com/NixOS/nixpkgs/pull/185693), [PR](https://github.com/NixOS/nixpkgs/pull/185754), [PR](https://github.com/NixOS/nixpkgs/pull/186941)]* | -| [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) | zlib | 9.8 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/185554), [PR](https://github.com/NixOS/nixpkgs/pull/185613), [PR](https://github.com/NixOS/nixpkgs/pull/185693), [PR](https://github.com/NixOS/nixpkgs/pull/185754), [PR](https://github.com/NixOS/nixpkgs/pull/186941)]* | +| [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) | zlib | 9.8 | 0.6.3.0-r5.cabal | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/185554), [PR](https://github.com/NixOS/nixpkgs/pull/185613), [PR](https://github.com/NixOS/nixpkgs/pull/185693), [PR](https://github.com/NixOS/nixpkgs/pull/185754), [PR](https://github.com/NixOS/nixpkgs/pull/370353)]* | +| [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) | zlib | 9.8 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/185554), [PR](https://github.com/NixOS/nixpkgs/pull/185613), [PR](https://github.com/NixOS/nixpkgs/pull/185693), [PR](https://github.com/NixOS/nixpkgs/pull/185754), [PR](https://github.com/NixOS/nixpkgs/pull/370353)]* | | [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221) | curl | 9.8 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2022-3320](https://nvd.nist.gov/vuln/detail/CVE-2022-3320) | warp | 9.8 | 3.3.31 | 3.4.3 | 3.4.7 | | | [CVE-2021-35048](https://nvd.nist.gov/vuln/detail/CVE-2021-35048) | network | 9.8 | 3.1.4.0-r1.cabal | 3.2.4.0 | 3.2.7.0 | | @@ -405,7 +204,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | | [CVE-2020-11021](https://nvd.nist.gov/vuln/detail/CVE-2020-11021) | http-client | 7.5 | 0.7.17 | 0.7.17 | 0.7.18 | | | [CVE-2019-9674](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) | python | 7.5 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | -| [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) | zlib | 7.5 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/165642), [PR](https://github.com/NixOS/nixpkgs/pull/166451), [PR](https://github.com/NixOS/nixpkgs/pull/167084), [PR](https://github.com/NixOS/nixpkgs/pull/205374)]* | +| [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) | zlib | 7.5 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/165642), [PR](https://github.com/NixOS/nixpkgs/pull/166451), [PR](https://github.com/NixOS/nixpkgs/pull/167084), [PR](https://github.com/NixOS/nixpkgs/pull/205374), [PR](https://github.com/NixOS/nixpkgs/pull/370353)]* | | [CVE-2018-13162](https://nvd.nist.gov/vuln/detail/CVE-2018-13162) | alex | 7.5 | 3.4.0.1 | 3.4.0.1 | 3.5.1.0 | | | [CVE-2017-18589](https://nvd.nist.gov/vuln/detail/CVE-2017-18589) | cookie | 7.5 | 0.4.6 | 0.5.0 | 0.5.0 | | | [CVE-2024-0397](https://nvd.nist.gov/vuln/detail/CVE-2024-0397) | python | 7.4 | 2.7.18.8 | 3.13.1 | 3.13.1 | |