Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-1584In all versions of Unity8 a running but not active application on a la ...check proper tracking update
CVE-2018-25246Wikipedia 12.0 contains a denial of service vulnerability that allows ...check
CVE-2018-25305librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ...check
CVE-2018-25306PDFunite 0.41.0 contains a buffer overflow vulnerability that allows l ...check
CVE-2019-25485R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ...check
CVE-2019-25683FileZilla 3.40.0 contains a denial of service vulnerability in the loc ...check
CVE-2020-37182Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ...check details
CVE-2021-47793Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...check status upstream
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-45795A cross-site scripting vulnerability in the Builder Component of Pilz ...check
CVE-2023-45796A stored cross-site scripting vulnerability in the Runtime component o ...check
CVE-2023-47268In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...check
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-47091Privilege escalation in the mk_mysql agent plugin on Windows in Checkm ...check
CVE-2024-54192An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-4994The SafeLine SL6 and SL6+ devices integrated into elevator emergency i ...check
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes
CVE-2025-11010A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...clarifying with reporter and Eduard Bloch on the issue.
CVE-2025-14575An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS b ...check
CVE-2025-15569A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...check
CVE-2025-33221NVIDIA Display Driver for Windows and Linux contains a vulnerability i ...check
CVE-2025-56814A code injection vulnerability in the wxExecute() function of OpenCPN ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...check, possibly not reported upstream
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...check, possibly not reported upstream
CVE-2025-61018An issue in the sqlo_place_dt_set component of openlink virtuoso-opens ...check
CVE-2025-61019An issue in the sqlo_key_part_best component of openlink virtuoso-open ...check
CVE-2025-61020An issue in the sqlo_strip_in_join component of openlink virtuoso-open ...check
CVE-2025-61021An issue in the sqlo_natural_join_cond component of openlink virtuoso- ...check
CVE-2025-61022An issue in the sqlo_tb_col_preds component of openlink virtuoso-opens ...check
CVE-2025-61023An issue in the st_compare component of openlink virtuoso-opensource v ...check
CVE-2025-61024An issue in the sqlo_try_in_loop component of openlink virtuoso-openso ...check
CVE-2025-61025An issue in the sslr_qst_get component of openlink virtuoso-opensource ...check
CVE-2025-61027An issue in the t_set_push component of openlink virtuoso-opensource v ...check
CVE-2025-61028An issue in the time_t_to_dt component of openlink virtuoso-opensource ...check
CVE-2025-61029An issue in the sqlo_untry component of openlink virtuoso-opensource v ...check
CVE-2025-61261A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ...check
CVE-2025-61982An arbitrary code execution vulnerability exists in the Code Stream di ...check upstream status
CVE-2025-65865An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream
CVE-2025-66389GitHub Copilot 1.372.0 allows filesystem access outside of a workspace ...check
CVE-2025-66578xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream
CVE-2025-69534Python-Markdown version 3.8 contain a vulnerability where malformed HT ...Asking whether it really needs a backport: https://bugs.debian.org/1131896
CVE-2025-69720The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ...check upstream status
CVE-2025-69969A lack of authentication and authorization mechanisms in the Bluetooth ...check
CVE-2025-70887An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ...check
CVE-2025-71332Flowise through 2.2.7 contains a SQL injection vulnerability in the im ...check
CVE-2025-71354picklescan before 0.0.29 fails to detect malicious pickle files that e ...check
CVE-2025-71361picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Cal ...check
CVE-2025-71382MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerabili ...check
CVE-2026-0708A flaw was found in libucl. A remote attacker could exploit this by pr ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2026-0864When using the "configparser" module to write configuration files cont ...check
CVE-2026-1703When pip is installing and extracting a maliciously crafted wheel arch ...check as well pipenv
CVE-2026-3650A memory leak exists in the Grassroots DICOM library (GDCM). The bug o ...check, vague report from Red Hat, no upstream details
CVE-2026-4833A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...check libtext-markdown-discount-perl, ruby-rdiscount, cantor, embedding discount; check if security impact present
CVE-2026-7701A security vulnerability has been detected in Telegram Desktop up to 6 ...check
CVE-2026-7790Uncontrolled Resource Consumption vulnerability in ninenines cowlib (c ...check if embedded copy in rabbitmq-server is problematic
CVE-2026-8484A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" ...double-check source packages, as there is not much details from cert.pl post
CVE-2026-8851SOGo versions 5.12.7 and prior contains a SQL injection vulnerability ...check correctness
CVE-2026-8863Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to Secu ...check
CVE-2026-9595Impact: When a user-configured proxy on webpack-dev-server has a broad ...check
CVE-2026-10521An high privileged remote attacker can access a hidden configuration m ...check
CVE-2026-11972When using the "tarfile" module with a file opened in "streaming mode" ...check
CVE-2026-12249An issue was discovered in Canonical ADSys upstream versions through v ...check
CVE-2026-12318Incorrect boundary conditions in the Libraries component in NSS. This ...check/clarify for src:nss
CVE-2026-12479A path traversal vulnerability exists in keras-team/keras version 3.14 ...check
CVE-2026-12537Improper Neutralization used in an OS Command in the container launche ...check
CVE-2026-12602Incorrect default permissions in ArubaSign, affecting versions prior t ...check
CVE-2026-12681Improper Validation of Specified Index, Position, or Offset in Input v ...check
CVE-2026-12866All versions of the package expr-eval are vulnerable to Code Execution ...check
CVE-2026-12888An HTML injection vulnerability exists in the Google Chat webhook noti ...check
CVE-2026-13006ACE vulnerability in conditional configuration file processing by QOS ...check
CVE-2026-13007Tenable Identity Exposure contains multiple unauthenticated API endpoi ...check
CVE-2026-13140Stored Cross-Site Scripting in the exposed AWS API key store ofThinkst ...check
CVE-2026-13150Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation end ...check
CVE-2026-13163Open redirect vulnerability (CWE-601) in the _safe_redirect function o ...check
CVE-2026-13164Missing Authentication for Critical Function (CWE-306) in the Register ...check
CVE-2026-22739Vulnerability in Spring Cloud when substituting the profile parameter ...check
CVE-2026-23479Redis is an in-memory data structure store. In redis-server from 7.2.0 ...check redict and valkey
CVE-2026-23631Redis is an in-memory data structure store. In all versions of redis-s ...check redict and valkey
CVE-2026-24182NVIDIA Display Driver for Windows and Linux contains a vulnerability w ...check
CVE-2026-24187NVIDIA Display Driver for Linux contains a vulnerability where an atta ...check
CVE-2026-24190NVIDIA Display Driver for Windows and Linux contains a vulnerability i ...check
CVE-2026-24191NVIDIA Display Driver for Windows contains a vulnerability where an at ...check
CVE-2026-24192NVIDIA Display Driver for Linux contains a vulnerability where an atta ...check
CVE-2026-24193NVIDIA Display Driver for Windows and Linux contains a vulnerability w ...check
CVE-2026-24194NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ...check
CVE-2026-24195NVIDIA Display Driver for Linux contains a vulnerability in UVM, where ...check
CVE-2026-24196NVIDIA Display Driver for Linux contains a vulnerability where a user ...check
CVE-2026-24197NVIDIA Display Driver for Linux contains a vulnerability in the Multi- ...check
CVE-2026-24198NVIDIA GPU Display Driver for Linux contains a vulnerability where an ...check
CVE-2026-24199NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ...check
CVE-2026-25243Redis is an in-memory data structure store. In versions of redis-serve ...check redict and valkey
CVE-2026-25701An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ...check
CVE-2026-25702A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ...check
CVE-2026-27586Caddy is an extensible server platform that uses TLS by default. Prior ...check, introducing version
CVE-2026-27704The Dart and Flutter SDKs provide software development kits for the Da ...check
CVE-2026-27738The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27739The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27970Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-28343CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2026-28381The Snowflake datasource allows for GET/PUT commands, which can allow ...check
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-29022dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ...qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact
CVE-2026-30478A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer ...check
CVE-2026-30479A Dynamic-link Library Injection vulnerability in OSGeo Project MapSer ...check
CVE-2026-31053A double free vulnerability exists in librz/bin/format/le/le.c in the ...check
CVE-2026-32148Insufficient Verification of Data Authenticity vulnerability in hexpm ...check
CVE-2026-32313xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2026-32600xml-security is a library that implements XML signatures and encryptio ...check
CVE-2026-32635Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-33397The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-34240JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...check
CVE-2026-36189Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrust ...check
CVE-2026-36499A missing upper-bound check in the udpif_set_threads() function of Ope ...check, unclear status/validity
CVE-2026-39860Nix is a package manager for Linux and other Unix systems. A bug in th ...check, potentially affecting guix if same issue in backporting fix for CVE-2024-2729
CVE-2026-40033FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in ...unclear fixing commit references, incorrect reference in CVE entry?
CVE-2026-40034gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0 ...check
CVE-2026-40968When an authenticated user is denied access to a gRPC method, their au ...check
CVE-2026-40969The raw message of every server-side AuthenticationException is return ...check
CVE-2026-41045A time-to-check-time-of-use in polkit authentication of qSnapper befor ...check
CVE-2026-41046A path traversal attack when using a "configName" parameter in qSnappe ...check
CVE-2026-41047Lack of authentication when using the "snapshot diff" functions in qSn ...check
CVE-2026-41048Incorrect caching of authentication between different polkit methods i ...check
CVE-2026-41049Incorrect caching of authentication between different users of the qSn ...check
CVE-2026-41889pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...check the other golang-github-jackc-pgx* sources
CVE-2026-42127The public dashboard query endpoint does not limit request body size b ...check
CVE-2026-42199Grid is a data structure grid for rust. From version 0.17.0 to before ...check
CVE-2026-42308Pillow is a Python imaging library. Prior to version 12.2.0, if a font ...research fixing commit(s), maybe https://github.com/python-pillow/Pillow/pull/9518/changes
CVE-2026-42450OpenColorIO is a color management framework for visual effects and ani ...check
CVE-2026-42503gopls by default communicates via pipe. However, -port and -listen fla ...check impact on golang-golang-x-tools
CVE-2026-44016Docling simplifies document processing by parsing diverse formats and ...check
CVE-2026-44017Docling simplifies document processing by parsing diverse formats and ...check
CVE-2026-44020Docling simplifies document processing by parsing diverse formats and ...check
CVE-2026-44022Docling simplifies document processing by parsing diverse formats and ...check
CVE-2026-44437The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-44933`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot ...check
CVE-2026-45388In OCaml-TLS before 2.1.0, the client implementation does insufficient ...check
CVE-2026-45389In OCaml-TLS before 2.1.0, the server implementation does insufficient ...check
CVE-2026-45390In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in ...check
CVE-2026-46727An issue was discovered in Ruby 4 before 4.0.5. A race condition leadi ...check
CVE-2026-47240Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-47241Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-47242Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-48703Warp is an agentic development environment. From 0.2025.04.09.08.11.st ...check
CVE-2026-48704Warp is an agentic development environment. From 0.2023.10.24.08.03.st ...check
CVE-2026-48719Warp is an agentic development environment. From 0.2025.08.06.08.12.st ...check
CVE-2026-48720Warp is an agentic development environment. From 0.2025.03.05.08.02.st ...check
CVE-2026-48721Warp is an agentic development environment. From 0.2025.10.08.08.12.st ...check
CVE-2026-48725Warp is an agentic development environment. From 0.2021.04.25.23.05.st ...check
CVE-2026-48731Warp is an agentic development environment. From 0.2024.02.20.08.01.st ...check
CVE-2026-48732Warp is an agentic development environment. From 0.2023.03.21.08.02.st ...check
CVE-2026-48789AnythingLLM is an application that turns pieces of content into contex ...check
CVE-2026-48793Jellyfin is an open source self hosted media server. Prior to 10.11.10 ...check
CVE-2026-49220Jellyfin is an open source self hosted media server. Prior to 10.11.9, ...check
CVE-2026-49241The Angular Language Service VS Code Extension provides a rich editing ...check
CVE-2026-49246Jellyfin is an open source self hosted media server. Prior to 10.11.10 ...check
CVE-2026-49247Jellyfin is an open source self hosted media server. From 10.9.0 until ...check
CVE-2026-49269Apple M1 GPUs retain register file data between compute shader dispatc ...check
CVE-2026-49294Valhalla is an open source routing engine and accompanying libraries f ...check
CVE-2026-49356Babel is a compiler for writing next generation JavaScript. Prior to 8 ...check
CVE-2026-50178The Angular Language Service VS Code Extension provides a rich editing ...check
CVE-2026-54892Inefficient algorithmic complexity in Plug's nested-parameter decoder ...check
CVE-2026-55653A flaw was found in OpenSSH. A malicious SSH server can exploit a doub ...check details, AI generated report
CVE-2026-55654A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds ...check details, AI generated report
CVE-2026-55655A flaw was found in OpenSSH. A local unprivileged attacker on a Linux ...check details, AI generated report
Search for package or bug name: Reporting problems