Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-1584In all versions of Unity8 a running but not active application on a la ...check proper tracking update
CVE-2018-25246Wikipedia 12.0 contains a denial of service vulnerability that allows ...check
CVE-2018-25305librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ...check
CVE-2018-25306PDFunite 0.41.0 contains a buffer overflow vulnerability that allows l ...check
CVE-2019-25485R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ...check
CVE-2019-25683FileZilla 3.40.0 contains a denial of service vulnerability in the loc ...check
CVE-2020-37182Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ...check details
CVE-2021-26381Improper system call parameter validation in the Trusted OS may allow ...check
CVE-2021-26410Improper syscall input validation in ASP (AMD Secure Processor) may fo ...check
CVE-2021-47793Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...check status upstream
CVE-2023-20514Improper handling of parameters in the AMD Secure Processor (ASP) coul ...check
CVE-2023-20548A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-20585Insufficient checks of the RMP on host buffer access in IOMMU may allo ...check
CVE-2023-20601Improper input validation within RAS TA Driver can allow a local attac ...check
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-31313An unintended proxy or intermediary in the AMD power management firmwa ...check
CVE-2023-31324A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-31364Improper handling of direct memory writes in the input-output memory m ...check
CVE-2023-47268In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...check
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-21953Improper input validation in IOMMU could allow a malicious hypervisor ...check
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-36310Improper input validation in the SMM communications buffer could allow ...check
CVE-2024-36311A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ...check
CVE-2024-36316The integer overflow vulnerability within AMD Graphics driver could al ...check
CVE-2024-36324Improper input validation in AMD Graphics Driver could allow an attack ...check
CVE-2024-54192An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...check
CVE-2025-0012Improper handling of overlap between the segmented reverse map table ( ...check
CVE-2025-0029Improper handling of error condition during host-induced faults can al ...check
CVE-2025-0031A use after free in the SEV firmware could allow a malicous hypervisor ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes
CVE-2025-11010A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...clarifying with reporter and Eduard Bloch on the issue.
CVE-2025-15569A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...check
CVE-2025-29939Improper access control in secure encrypted virtualization (SEV) could ...check
CVE-2025-29946Insufficient or Incomplete Data Removal in Hardware Component in SEV f ...check
CVE-2025-29948Improper access control in AMD Secure Encrypted Virtualization (SEV) f ...check
CVE-2025-29952Improper Initialization within the AMD Secure Encrypted Virtualization ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...check, possibly not reported upstream
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...check, possibly not reported upstream
CVE-2025-61261A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ...check
CVE-2025-61305A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_fi ...check
CVE-2025-61306A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_co ...check
CVE-2025-61307A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pa ...check
CVE-2025-61308A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_ma ...check
CVE-2025-61309A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_de ...check
CVE-2025-61310A reflected cross-site scripted (XSS) vulnerability in the acc-menu_bi ...check
CVE-2025-61311A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_al ...check
CVE-2025-61312A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pr ...check
CVE-2025-61313A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_ma ...check
CVE-2025-61314A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_or ...check
CVE-2025-61982An arbitrary code execution vulnerability exists in the Code Stream di ...check upstream status
CVE-2025-65415docuFORM Managed Print Service Client 11.11c is vulnerable to a sessio ...check
CVE-2025-65416docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrar ...check
CVE-2025-65417docuFORM Managed Print Service Client 11.11c is vulnerable to a reflec ...check
CVE-2025-65418docuFORM Managed Print Service Client 11.11c is vulnerable to a direct ...check
CVE-2025-65865An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream
CVE-2025-66442In Mbed TLS through 4.0.0, there is a compiler-induced timing side cha ...No fix is available for this issue, check if it will be considered upstream
CVE-2025-66578xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream
CVE-2025-69534Python-Markdown version 3.8 contain a vulnerability where malformed HT ...Asking whether it really needs a backport: https://bugs.debian.org/1131896
CVE-2025-69720The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ...check upstream status
CVE-2025-69969A lack of authentication and authorization mechanisms in the Bluetooth ...check
CVE-2025-70887An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ...check
CVE-2026-0708A flaw was found in libucl. A remote attacker could exploit this by pr ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2026-1703When pip is installing and extracting a maliciously crafted wheel arch ...check as well pipenv
CVE-2026-2950Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...check fixing commit details
CVE-2026-3319Reflected Cross-Site Scripting (XSS) in the latest demo version of the ...check
CVE-2026-3320Reflected Cross-Site Scripting (XSS) in the latest demo version of the ...check
CVE-2026-3609Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vu ...check
CVE-2026-3650A memory leak exists in the Grassroots DICOM library (GDCM). The bug o ...check, vague report from Red Hat, no upstream details
CVE-2026-4833A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...check libtext-markdown-discount-perl, ruby-rdiscount, cantor, embedding discount; check if security impact present
CVE-2026-7210`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entro ...check
CVE-2026-7701A security vulnerability has been detected in Telegram Desktop up to 6 ...check
CVE-2026-7790Uncontrolled Resource Consumption vulnerability in ninenines cowlib (c ...check
CVE-2026-8212A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by thi ...check
CVE-2026-8213A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affect ...check
CVE-2026-22739Vulnerability in Spring Cloud when substituting the profile parameter ...check
CVE-2026-23479Redis is an in-memory data structure store. In redis-server from 7.2.0 ...check
CVE-2026-23631Redis is an in-memory data structure store. In all versions of redis-s ...check
CVE-2026-23870A denial of service vulnerability could be triggered by sending specia ...check
CVE-2026-23926An authenticated (non-super) administrator can create a maintenance pe ...check
CVE-2026-23927A user able to connect to Agent 2 can inject an Oracle TNS connection ...check
CVE-2026-23928The Item history widget (in Zabbix 7.0+) or the Plain text widget (in ...check
CVE-2026-25243Redis is an in-memory data structure store. In versions of redis-serve ...check
CVE-2026-25701An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ...check
CVE-2026-25702A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ...check
CVE-2026-27586Caddy is an extensible server platform that uses TLS by default. Prior ...check, introducing version
CVE-2026-27704The Dart and Flutter SDKs provide software development kits for the Da ...check
CVE-2026-27738The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27739The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27970Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-28343CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-29022dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ...qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact
CVE-2026-30478A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer ...check
CVE-2026-30479A Dynamic-link Library Injection vulnerability in OSGeo Project MapSer ...check
CVE-2026-30635Command injection vulnerability in automagik-genie 2.5.27 MCP Server a ...check
CVE-2026-31053A double free vulnerability exists in librz/bin/format/le/le.c in the ...check
CVE-2026-31192Insufficient validation of Chrome extension identifiers in Raindrop.io ...check
CVE-2026-31246GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-0 ...check
CVE-2026-31247Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) ...check
CVE-2026-31248Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) ...check
CVE-2026-31249CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31250CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31251CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31252CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31253The flash-attention training framework thru commit e724e2588cbe754beb9 ...check
CVE-2026-31254The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e ...check
CVE-2026-32148Insufficient Verification of Data Authenticity vulnerability in hexpm ...check
CVE-2026-32313xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2026-32600xml-security is a library that implements XML signatures and encryptio ...check
CVE-2026-32635Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-32836dr_libsdr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, ...check
CVE-2026-33356In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authe ...check
CVE-2026-33357In Meari client applications embedding "com.meari.sdk" (including Clou ...check
CVE-2026-33359In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed ...check
CVE-2026-33361In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudE ...check
CVE-2026-33362In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arent ...check
CVE-2026-33397The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-34240JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...check
CVE-2026-36906Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remo ...check
CVE-2026-36962SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated a ...check
CVE-2026-38566HireFlow v1.2 does not implement CSRF token validation on any state-ch ...check
CVE-2026-38567HireFlow v1.2 is vulnerable to SQL injection in the /login and /search ...check
CVE-2026-38568HireFlow v1.2 is vulnerable to Incorrect Access Control. The applicati ...check
CVE-2026-38569HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate ...check
CVE-2026-39860Nix is a package manager for Linux and other Unix systems. A bug in th ...check, potentially affecting guix if same issue in backporting fix for CVE-2024-2729
CVE-2026-40171In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions ...check
CVE-2026-40968When an authenticated user is denied access to a gRPC method, their au ...check
CVE-2026-40969The raw message of every server-side AuthenticationException is return ...check
CVE-2026-40981When using Google Secrets Manager as a backend for the Spring Cloud Co ...check
CVE-2026-40982Spring Cloud Config allows applications to serve arbitrary text and bi ...check
CVE-2026-41002The base directory (`spring.cloud.config.server.git.basedir`) used by ...check
CVE-2026-41004When enabling trace logging in Spring Cloud Config Server sensitive in ...check
CVE-2026-41018The Elasticsearch logging provider, when configured with a `host` URL ...check
CVE-2026-41250Taiga is a project management platform for startups and agile develope ...check
CVE-2026-41423Angular is a development platform for building mobile and desktop web ...check
CVE-2026-41431Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a ...check
CVE-2026-41889pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...check the other golang-github-jackc-pgx* sources
CVE-2026-41951Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which ...check
CVE-2026-42185People is an application to handle users and teams, and distribute per ...check
CVE-2026-42199Grid is a data structure grid for rust. From version 0.17.0 to before ...check
CVE-2026-42245Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42246Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42256Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42257Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42258Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42308Pillow is a Python imaging library. Prior to version 12.2.0, if a font ...research fixing commit(s), maybe https://github.com/python-pillow/Pillow/pull/9518/changes
CVE-2026-42311Pillow is a Python imaging library. From version 10.3.0 to before vers ...check, identify commit in 10.3.0 introducing the issue
CVE-2026-42316kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft ...check
CVE-2026-42349Clerk JavaScript is the official JavaScript repository for Clerk authe ...check
CVE-2026-42503gopls by default communicates via pipe. However, -port and -listen fla ...check
CVE-2026-42560auth provides authentication via oauth2, direct and email. From versio ...check
CVE-2026-42571Pelican is a platform for creating data federations. From versions 7.2 ...check
CVE-2026-42603OWASP BLT is a QA testing and vulnerability disclosure platform that e ...check
CVE-2026-42778The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X bran ...check
CVE-2026-42779The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X bran ...check
CVE-2026-42859Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication ...check
CVE-2026-42860The Open edx Enterprise Service app provides enterprise features to th ...check
CVE-2026-42866Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix ...check
CVE-2026-42994Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, wh ...check
CVE-2026-43826The OpenSearch logging provider, when configured with a `host` URL tha ...check
CVE-2026-43968Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...check
CVE-2026-43969Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...check
CVE-2026-44643Angular Expressions provides expressions for the Angular.JS web framew ...check
Search for package or bug name: Reporting problems