| Bug | Description | Note |
|---|
| CVE-2022-23538 | github.com/sylabs/scs-library-client is the Go client for the Singular ... | check details, might as well affect golang-github-apptainer-container-library-client |
| CVE-2023-26044 | react/http is an event-driven, streaming HTTP client and server implem ... | check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected |
| CVE-2023-49316 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ... | check if affecting ldap-account-manager or unused path |
| CVE-2023-50251 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50252 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50262 | Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ... | check sources embedding php-dompdf if affected |
| CVE-2024-22420 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-22421 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2025-4382 | A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ... | double check if vulnerability only considered present after grub_is_cli_disabled is introduced |
| CVE-2025-4690 | A regular expression used by AngularJS' linky https://docs.angularjs.o ... | check |
| CVE-2025-4953 | A flaw was found in Podman. In a Containerfile or Podman, data written ... | check details |
| CVE-2025-6499 | A vulnerability classified as problematic was found in vstakhov libucl ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-8671 | A mismatch caused by client-triggered server-sent stream resets betwee ... | check, some projects will assign own CVEs and should then be covered under that specific CVE instead |
| CVE-2025-8941 | A flaw was found in linux-pam. The pam_namespace module may improperly ... | check if RedHat specific incomplete fix for CVE-2025-6020 |
| CVE-2025-10360 | In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key ... | check |
| CVE-2025-11010 | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-11146 | Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | check |
| CVE-2025-11147 | Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | check |
| CVE-2025-11494 | A vulnerability was found in GNU Binutils 2.45. Impacted is the functi ... | check |
| CVE-2025-11495 | A vulnerability was determined in GNU Binutils 2.45. The affected elem ... | check |
| CVE-2025-43960 | Adminer 4.8.1, when using Monolog for logging, allows a Denial of Serv ... | check, does not seem to be fixed in 4.8.2 and later versions |
| CVE-2025-45091 | Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable ... | check |
| CVE-2025-46205 | A heap-use-after free in the PdfTokenizer::ReadDictionary function of ... | check, no actionable data in CVE report, unclear upstream reporting status |
| CVE-2025-53881 | A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate co ... | check |
| CVE-2025-58064 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2025-59728 | When calculating the content path in handling of MPEG-DASH manifests, ... | check |
| CVE-2025-59729 | When parsing the header for a DHAV file, there's an integer underflow ... | check |
| CVE-2025-59730 | When decoding a frame for a SANM file (ANIM v0 variant), the decoded d ... | check |
| CVE-2025-59731 | When decoding an OpenEXR file that uses DWAA or DWAB compression, the ... | check |
| CVE-2025-59732 | When decoding an OpenEXR file that uses DWAA or DWAB compression, ther ... | check |
| CVE-2025-59733 | When decoding an OpenEXR file that uses DWAA or DWAB compression, ther ... | check |
| CVE-2025-59734 | It is possible to cause an use-after-free write in SANM decoding with ... | check |
| CVE-2025-59830 | Rack is a modular Ruby web server interface. Prior to version 2.2.18, ... | check, might be fixed in upper versions due to refactoring, e.g. f904fff079c7 ("Add `Rack::Request#form_pairs` (#2351)") in v3.2.0 |
| CVE-2025-61672 | Synapse is an open source Matrix homeserver implementation. Lack of va ... | check |