| Bug | Description | Note |
|---|
| CVE-2016-1584 | In all versions of Unity8 a running but not active application on a la ... | check proper tracking update |
| CVE-2016-20023 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users c ... | check |
| CVE-2020-36968 | M/Monit 3.7.4 contains an authentication vulnerability that allows aut ... | check, unclear upstream status |
| CVE-2020-36969 | M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ... | check, unclear upstream status |
| CVE-2020-37011 | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ... | check, unclear upstream status. Doesn't reproduce with the version in trixie |
| CVE-2020-37038 | Code Blocks 20.03 contains a denial of service vulnerability that allo ... | check, possibly just DoS of application and unimportant |
| CVE-2020-37040 | Code Blocks 17.12 contains a local buffer overflow vulnerability that ... | check, might be Windows specific issue |
| CVE-2021-26381 | Improper system call parameter validation in the Trusted OS may allow ... | check |
| CVE-2021-26410 | Improper syscall input validation in ASP (AMD Secure Processor) may fo ... | check |
| CVE-2021-47793 | Telegram Desktop 2.9.2 contains a denial of service vulnerability that ... | check |
| CVE-2022-23538 | github.com/sylabs/scs-library-client is the Go client for the Singular ... | check details, might as well affect golang-github-apptainer-container-library-client |
| CVE-2022-50942 | Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ... | check status upstream |
| CVE-2023-26044 | react/http is an event-driven, streaming HTTP client and server implem ... | check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected |
| CVE-2023-49316 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ... | check if affecting ldap-account-manager or unused path |
| CVE-2023-50251 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50252 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50262 | Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ... | check sources embedding php-dompdf if affected |
| CVE-2024-4027 | A flaw was found in Undertow. Servlets using a method that calls HttpS ... | check details |
| CVE-2024-21953 | Improper input validation in IOMMU could allow a malicious hypervisor ... | check |
| CVE-2024-22420 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-22421 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-36310 | Improper input validation in the SMM communications buffer could allow ... | check |
| CVE-2024-36311 | A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ... | check |
| CVE-2024-36355 | Improper input validation in the SMM handler could allow an attacker w ... | check |
| CVE-2024-54192 | An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ... | check |
| CVE-2025-0012 | Improper handling of overlap between the segmented reverse map table ( ... | check |
| CVE-2025-0029 | Improper handling of error condition during host-induced faults can al ... | check |
| CVE-2025-0031 | A use after free in the SEV firmware could allow a malicous hypervisor ... | check |
| CVE-2025-4382 | A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ... | double check if vulnerability only considered present after grub_is_cli_disabled is introduced |
| CVE-2025-6499 | A vulnerability classified as problematic was found in vstakhov libucl ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-8671 | A mismatch caused by client-triggered server-sent stream resets betwee ... | check, some projects will assign own CVEs and should then be covered under that specific CVE instead |
| CVE-2025-8941 | A flaw was found in linux-pam. The pam_namespace module may improperly ... | check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes |
| CVE-2025-11010 | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-11147 | Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | clarifying with reporter and Eduard Bloch on the issue. |
| CVE-2025-11242 | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer ... | check |
| CVE-2025-15569 | A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ... | check |
| CVE-2025-15570 | A vulnerability was found in ckolivas lrzip up to 0.651. This impacts ... | check |
| CVE-2025-15571 | A security vulnerability has been detected in ckolivas lrzip up to 0.6 ... | check |
| CVE-2025-15572 | A vulnerability has been found in wasm3 up to 0.5.0. The affected elem ... | check |
| CVE-2025-20070 | Improper conditions check for the Intel(R) Optane(TM) PMem management ... | check |
| CVE-2025-20080 | Null pointer dereference in the firmware for some Intel(R) AMT and Int ... | check |
| CVE-2025-20106 | Uncontrolled search path in some software installer for some VTune(TM) ... | check |
| CVE-2025-22453 | Improper input validation for some Server Firmware Update Utility(SysF ... | check |
| CVE-2025-22849 | Incorrect default permissions for the Intel(R) Optane(TM) PMem managem ... | check |
| CVE-2025-22885 | Improper buffer restrictions in the firmware for the TDX Module may al ... | check |
| CVE-2025-24851 | Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet C ... | check |
| CVE-2025-25058 | Improper initialization for some ESXi kernel mode driver for the Intel ... | check |
| CVE-2025-25210 | Improper input validation for some Server Firmware Update Utility(SysF ... | check |
| CVE-2025-27243 | Out-of-bounds write in the firmware for some Intel(R) Ethernet Control ... | check |
| CVE-2025-27535 | Exposed ioctl with insufficient access control in the firmware for som ... | check |
| CVE-2025-27560 | Loop with unreachable exit condition ('infinite loop') for some Intel( ... | check |
| CVE-2025-27572 | Exposure of sensitive information during transient execution for some ... | check |
| CVE-2025-27708 | Out-of-bounds read in the firmware for some Intel(R) Converged Securit ... | check |
| CVE-2025-27940 | Out-of-bounds read for some TDX Module before version tdx1.5 within Ri ... | check |
| CVE-2025-29939 | Improper access control in secure encrypted virtualization (SEV) could ... | check |
| CVE-2025-29946 | Insufficient or Incomplete Data Removal in Hardware Component in SEV f ... | check |
| CVE-2025-29948 | Improper access control in AMD Secure Encrypted Virtualization (SEV) f ... | check |
| CVE-2025-29949 | Insufficient input parameter sanitization in AMD Secure Processor (ASP ... | check |
| CVE-2025-29950 | Improper input validation in system management mode (SMM) could allow ... | check |
| CVE-2025-29951 | A buffer overflow in the AMD Secure Processor (ASP) bootloader could a ... | check |
| CVE-2025-29952 | Improper Initialization within the AMD Secure Encrypted Virtualization ... | check |
| CVE-2025-30508 | Improper authorization in the Intel(R) Quick Assist Technology for som ... | check |
| CVE-2025-30513 | Race condition for some TDX Module within Ring 0: Hypervisor may allow ... | check |
| CVE-2025-31648 | Improper handling of values in the microcode flow for some Intel(R) Pr ... | check |
| CVE-2025-31655 | Incorrect default permissions for some Intel(R) Battery Life Diagnosti ... | check |
| CVE-2025-31944 | Race condition for some TDX Module before version tdx1.5 within Ring 0 ... | check |
| CVE-2025-32003 | Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet N ... | check |
| CVE-2025-32007 | Out-of-bounds read for some TDX before version tdx module 1.5.24 withi ... | check |
| CVE-2025-32008 | Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) ... | check |
| CVE-2025-32092 | Insecure inherited permissions for some Intel(R) Graphics Software bef ... | check |
| CVE-2025-32453 | Incorrect default permissions for some Intel(R) Graphics Driver softwa ... | check |
| CVE-2025-32467 | Use of uninitialized variable for some TDX Module before version tdx1. ... | check |
| CVE-2025-32735 | Improper conditions check in some firmware for some Intel(R) NPU Drive ... | check |
| CVE-2025-32739 | Improper conditions check in some firmware for some Intel(R) Graphics ... | check |
| CVE-2025-33030 | Improper conditions check in some firmware for some Intel(R) NPU Drive ... | check |
| CVE-2025-35992 | Improper conditions check in some firmware for some Intel(R) NPU Drive ... | check |
| CVE-2025-35998 | Missing protection mechanism for alternate hardware interface in the I ... | check |
| CVE-2025-58064 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2025-60796 | phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ... | check, possibly not reported upstream |
| CVE-2025-60797 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60798 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60799 | phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ... | check, possibly not reported upstream |
| CVE-2025-61261 | A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ... | check |
| CVE-2025-65102 | PJSIP is a free and open source multimedia communication library. Prio ... | check, might affect asterisk and ring |
| CVE-2025-65865 | An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ... | check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream |
| CVE-2025-66412 | Angular is a development platform for building mobile and desktop web ... | check, might not impact the 1.x versions of Angular |
| CVE-2025-66567 | The ruby-saml library is for implementing the client side of a SAML au ... | check |
| CVE-2025-66568 | The ruby-saml library implements the client side of an SAML authorizat ... | check |
| CVE-2025-66578 | xmlseclibs is a library written in PHP for working with XML Encryption ... | check |
| CVE-2025-67108 | eProsima Fast-DDS v3.3 was discovered to contain improper validation f ... | check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream |
| CVE-2026-0671 | Improper Neutralization of Input During Web Page Generation (XSS or 'C ... | check |
| CVE-2026-0708 | | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2026-1703 | When pip is installing and extracting a maliciously crafted wheel arch ... | check as well pipenv |