diff --git a/reports/main/data.csv b/reports/main/data.csv index 092716b..4a692f5 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -3,15 +3,15 @@ "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-pxg6-pf52-xh8x","https://osv.dev/GHSA-pxg6-pf52-xh8x","cookie","","0.4.6","0.5.0","0.5.0","haskell:cookie","2024A1728000000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-git-lfs-2024-53263","https://osv.dev/BIT-git-lfs-2024-53263","git-lfs","","3.6.0","3.6.0","3.6.1","git-lfs","2024A0000053263","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-git-2024-52006","https://osv.dev/BIT-git-2024-52006","git","","2.47.0","2.47.1","2.48.1","git","2024A0000052006","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-52006","https://nvd.nist.gov/vuln/detail/CVE-2024-52006","git","","2.47.0","2.47.1","2.48.1","git","2024A0000052006","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/372784 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-git-2024-52006","https://osv.dev/BIT-git-2024-52006","git","","2.47.1","2.47.1","2.48.1","git","2024A0000052006","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-52006","https://nvd.nist.gov/vuln/detail/CVE-2024-52006","git","","2.47.1","2.47.1","2.48.1","git","2024A0000052006","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/372784 https://github.com/NixOS/nixpkgs/pull/373801" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-52005","https://nvd.nist.gov/vuln/detail/CVE-2024-52005","git","","2.47.0","2.47.1","2.48.1","git","2024A0000052005","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-52005","https://nvd.nist.gov/vuln/detail/CVE-2024-52005","git","","2.47.1","2.47.1","2.48.1","git","2024A0000052005","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-50613","https://nvd.nist.gov/vuln/detail/CVE-2024-50613","libsndfile","6.5","1.2.2","1.2.2","1.2.2","libsndfile","2024A0000050613","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-50612","https://nvd.nist.gov/vuln/detail/CVE-2024-50612","libsndfile","5.5","1.2.2","1.2.2","1.2.2","libsndfile","2024A0000050612","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-50602","https://nvd.nist.gov/vuln/detail/CVE-2024-50602","python","5.9","2.7.18.8","3.13.1","3.13.1","python","2024A0000050602","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/354155" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-git-2024-50349","https://osv.dev/BIT-git-2024-50349","git","","2.47.0","2.47.1","2.48.1","git","2024A0000050349","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-50349","https://nvd.nist.gov/vuln/detail/CVE-2024-50349","git","","2.47.0","2.47.1","2.48.1","git","2024A0000050349","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/372784 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-git-2024-50349","https://osv.dev/BIT-git-2024-50349","git","","2.47.1","2.47.1","2.48.1","git","2024A0000050349","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-50349","https://nvd.nist.gov/vuln/detail/CVE-2024-50349","git","","2.47.1","2.47.1","2.48.1","git","2024A0000050349","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/372784 https://github.com/NixOS/nixpkgs/pull/373801" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-24790","https://nvd.nist.gov/vuln/detail/CVE-2024-24790","go","9.8","1.21.0-linux-amd64-bootstrap","1.24rc2","1.23.5","go","2024A0000024790","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/319485 https://github.com/NixOS/nixpkgs/pull/331906 @@ -31,7 +31,7 @@ https://github.com/NixOS/nixpkgs/pull/374494" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-9287","https://nvd.nist.gov/vuln/detail/CVE-2024-9287","python","","2.7.18.8","3.13.1","3.13.1","python","2024A0000009287","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","MAL-2024-9233","https://osv.dev/MAL-2024-9233","foldl","","1.4.17","1.4.18","1.4.18","haskell:foldl","2024A0000009233","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-9143","https://nvd.nist.gov/vuln/detail/CVE-2024-9143","openssl","4.3","3.3.2","3.3.2","3.4.0","openssl","2024A0000009143","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-8365","https://nvd.nist.gov/vuln/detail/CVE-2024-8365","vault","6.5","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2024A0000008365","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-8365","https://nvd.nist.gov/vuln/detail/CVE-2024-8365","vault","6.5","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2024A0000008365","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-8365","https://nvd.nist.gov/vuln/detail/CVE-2024-8365","vault","6.5","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2024A0000008365","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-8354","https://nvd.nist.gov/vuln/detail/CVE-2024-8354","qemu","5.5","9.2.0","9.2.0","9.2.0","qemu","2024A0000008354","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-8088","https://nvd.nist.gov/vuln/detail/CVE-2024-8088","python","","2.7.18.8","3.13.1","3.13.1","python","2024A0000008088","False","","err_not_vulnerable_based_on_repology","" @@ -52,7 +52,7 @@ https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1042","https://osv.dev/OSV-2024-1042","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001042","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-983","https://osv.dev/OSV-2024-983","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000000983","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-919","https://osv.dev/OSV-2024-919","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000919","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-914","https://osv.dev/OSV-2024-914","boost","","1.86.0","1.87.0","1.87.0","boost","2024A0000000914","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-914","https://osv.dev/OSV-2024-914","boost","","1.87.0","1.87.0","1.87.0","boost","2024A0000000914","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-861","https://osv.dev/OSV-2024-861","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000000861","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-853","https://osv.dev/OSV-2024-853","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000000853","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-831","https://osv.dev/OSV-2024-831","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000831","False","","err_not_vulnerable_based_on_repology","" @@ -71,7 +71,7 @@ https://github.com/NixOS/nixpkgs/pull/299125" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","RUSTSEC-2024-0379","https://osv.dev/RUSTSEC-2024-0379","fast-float","","7.0.0","7.0.0","7.0.0","fast-float","2024A0000000379","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-371","https://osv.dev/OSV-2024-371","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000371","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-330","https://osv.dev/OSV-2024-330","jq","","1.7.1","1.7.1","1.7.1","jq","2024A0000000330","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-112","https://osv.dev/OSV-2024-112","boost","","1.86.0","1.87.0","1.87.0","boost","2024A0000000112","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-112","https://osv.dev/OSV-2024-112","boost","","1.87.0","1.87.0","1.87.0","boost","2024A0000000112","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-vjrq-cg9x-rfjp","https://osv.dev/GHSA-vjrq-cg9x-rfjp","cookie","","0.4.6","0.5.0","0.5.0","haskell:cookie","2023A1686614400","False","","err_not_vulnerable_based_on_repology","" @@ -129,9 +129,9 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-27043","https://nvd.nist.gov/vuln/detail/CVE-2023-27043","python","5.3","2.7.18.8","3.13.1","3.13.1","python","2023A0000027043","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/243074 https://github.com/NixOS/nixpkgs/pull/349408" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-26044","https://nvd.nist.gov/vuln/detail/CVE-2023-26044","http","5.3","1.1.0","","","","2023A0000026044","False","","err_missing_repology_version","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-25000","https://nvd.nist.gov/vuln/detail/CVE-2023-25000","vault","4.7","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000025000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-25000","https://nvd.nist.gov/vuln/detail/CVE-2023-25000","vault","4.7","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000025000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-25000","https://nvd.nist.gov/vuln/detail/CVE-2023-25000","vault","4.7","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2023A0000025000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-24999","https://nvd.nist.gov/vuln/detail/CVE-2023-24999","vault","8.1","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000024999","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/221835 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-24999","https://nvd.nist.gov/vuln/detail/CVE-2023-24999","vault","8.1","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000024999","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/221835 https://github.com/NixOS/nixpkgs/pull/221841" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-24999","https://nvd.nist.gov/vuln/detail/CVE-2023-24999","vault","8.1","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2023A0000024999","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/221835 https://github.com/NixOS/nixpkgs/pull/221841" @@ -145,7 +145,7 @@ https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-6597","https://nvd.nist.gov/vuln/detail/CVE-2023-6597","python","7.8","2.7.18.8","3.13.1","3.13.1","python","2023A0000006597","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298006 https://github.com/NixOS/nixpkgs/pull/299123 https://github.com/NixOS/nixpkgs/pull/299125" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-6337","https://nvd.nist.gov/vuln/detail/CVE-2023-6337","vault","7.5","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000006337","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/272492 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-6337","https://nvd.nist.gov/vuln/detail/CVE-2023-6337","vault","7.5","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000006337","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/272492 https://github.com/NixOS/nixpkgs/pull/274068 https://github.com/NixOS/nixpkgs/pull/274071" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-6337","https://nvd.nist.gov/vuln/detail/CVE-2023-6337","vault","7.5","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2023A0000006337","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/272492 @@ -164,7 +164,7 @@ https://github.com/NixOS/nixpkgs/pull/368263" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-3297","https://nvd.nist.gov/vuln/detail/CVE-2023-3297","accountsservice","7.8","23.13.9","23.13.9","23.13.9","accountsservice","2023A0000003297","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-2754","https://nvd.nist.gov/vuln/detail/CVE-2023-2754","warp","6.8","3.3.31","3.4.7","3.4.7","haskell:warp","2023A0000002754","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","7.5","9.2.0","9.2.0","9.2.0","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/305402" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-2121","https://nvd.nist.gov/vuln/detail/CVE-2023-2121","vault","5.4","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000002121","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/236911 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-2121","https://nvd.nist.gov/vuln/detail/CVE-2023-2121","vault","5.4","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000002121","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/236911 https://github.com/NixOS/nixpkgs/pull/239559 https://github.com/NixOS/nixpkgs/pull/239571" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-2121","https://nvd.nist.gov/vuln/detail/CVE-2023-2121","vault","5.4","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2023A0000002121","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/236911 @@ -176,17 +176,17 @@ https://github.com/NixOS/nixpkgs/pull/239571" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","3.3","9.2.0","9.2.0","9.2.0","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1344","https://osv.dev/OSV-2023-1344","jq","","1.7.1","1.7.1","1.7.1","jq","2023A0000001344","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1329","https://osv.dev/OSV-2023-1329","jq","","1.7.1","1.7.1","1.7.1","jq","2023A0000001329","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.4.7","1.5.0","1.5.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.5.0","1.5.0","1.5.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1170","https://osv.dev/OSV-2023-1170","vulkan-loader","","1.3.296.0","1.3.296.0","1.4.306","vulkan-loader","2023A0000001170","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-1129","https://osv.dev/OSV-2023-1129","libheif","","1.18.2","1.18.2","1.19.5","libheif","2023A0000001129","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.4.7","1.5.0","1.5.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.5.0","1.5.0","1.5.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-862","https://osv.dev/OSV-2023-862","gstreamer","","1.24.10","1.24.10","1.24.11","gstreamer","2023A0000000862","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0665","https://nvd.nist.gov/vuln/detail/CVE-2023-0665","vault","6.5","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000000665","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0665","https://nvd.nist.gov/vuln/detail/CVE-2023-0665","vault","6.5","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000000665","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0665","https://nvd.nist.gov/vuln/detail/CVE-2023-0665","vault","6.5","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2023A0000000665","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0654","https://nvd.nist.gov/vuln/detail/CVE-2023-0654","warp","3.7","3.3.31","3.4.7","3.4.7","haskell:warp","2023A0000000654","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0652","https://nvd.nist.gov/vuln/detail/CVE-2023-0652","warp","7.8","3.3.31","3.4.7","3.4.7","haskell:warp","2023A0000000652","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0620","https://nvd.nist.gov/vuln/detail/CVE-2023-0620","vault","6.7","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000000620","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0620","https://nvd.nist.gov/vuln/detail/CVE-2023-0620","vault","6.7","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2023A0000000620","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-0620","https://nvd.nist.gov/vuln/detail/CVE-2023-0620","vault","6.7","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2023A0000000620","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/227692" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-395","https://osv.dev/OSV-2023-395","opensc","","0.26.0","0.26.0","0.26.1","opensc","2023A0000000395","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2023-390","https://osv.dev/OSV-2023-390","qemu","","9.2.0","9.2.0","9.2.0","qemu","2023A0000000390","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -218,7 +218,7 @@ https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.46","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-43410","https://nvd.nist.gov/vuln/detail/CVE-2022-43410","mercurial","5.3","6.8.2","6.9","6.9.1","mercurial","2022A0000043410","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-43410","https://nvd.nist.gov/vuln/detail/CVE-2022-43410","mercurial","5.3","6.9","6.9","6.9.1","mercurial","2022A0000043410","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726 https://github.com/NixOS/nixpkgs/pull/275599 https://github.com/NixOS/nixpkgs/pull/275878" @@ -234,13 +234,13 @@ https://github.com/NixOS/nixpkgs/pull/253430" https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-42010","https://nvd.nist.gov/vuln/detail/CVE-2022-42010","dbus","6.5","0.9.7","1.14.10","1.16.0","dbus","2022A0000042010","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/195264 https://github.com/NixOS/nixpkgs/pull/253430" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40898","https://nvd.nist.gov/vuln/detail/CVE-2022-40898","wheel","7.5","0.37.1-source","0.45.1","0.45.1","python:wheel","2022A0000040898","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/210565 https://github.com/NixOS/nixpkgs/pull/361930 https://github.com/NixOS/nixpkgs/pull/362304" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","75.3.0","75.8.0","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.47.0","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.47.1","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38163","https://nvd.nist.gov/vuln/detail/CVE-2022-38163","safe","3.5","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000038163","False","","err_not_vulnerable_based_on_repology","" @@ -256,9 +256,9 @@ https://github.com/NixOS/nixpkgs/pull/185693 https://github.com/NixOS/nixpkgs/pull/185754 https://github.com/NixOS/nixpkgs/pull/370838" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-37416","https://nvd.nist.gov/vuln/detail/CVE-2022-37416","libmpeg2","6.5","0.5.1","","","","2022A0000037416","True","NVD data issue: concerns Android only.","err_missing_repology_version","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36884","https://nvd.nist.gov/vuln/detail/CVE-2022-36884","git","5.3","2.47.0","","","","2022A0000036884","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36883","https://nvd.nist.gov/vuln/detail/CVE-2022-36883","git","7.5","2.47.0","","","","2022A0000036883","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36882","https://nvd.nist.gov/vuln/detail/CVE-2022-36882","git","8.8","2.47.0","","","","2022A0000036882","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36884","https://nvd.nist.gov/vuln/detail/CVE-2022-36884","git","5.3","2.47.1","","","","2022A0000036884","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36883","https://nvd.nist.gov/vuln/detail/CVE-2022-36883","git","7.5","2.47.1","","","","2022A0000036883","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36882","https://nvd.nist.gov/vuln/detail/CVE-2022-36882","git","8.8","2.47.1","","","","2022A0000036882","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36073","https://nvd.nist.gov/vuln/detail/CVE-2022-36073","rubygems","8.8","3.5.22","","","","2022A0000036073","True","Latest impacted version in 3.x is 3.0.4.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-36032","https://nvd.nist.gov/vuln/detail/CVE-2022-36032","http","5.3","1.1.0","","","","2022A0000036032","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-35252","https://nvd.nist.gov/vuln/detail/CVE-2022-35252","curl","3.7","0.4.46","","","","2022A0000035252","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/189083 @@ -267,7 +267,7 @@ https://github.com/NixOS/nixpkgs/pull/198730" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-32221","https://nvd.nist.gov/vuln/detail/CVE-2022-32221","curl","9.8","0.4.46","","","","2022A0000032221","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/198730" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-32206","https://nvd.nist.gov/vuln/detail/CVE-2022-32206","curl","6.5","0.4.46","","","","2022A0000032206","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/179314 https://github.com/NixOS/nixpkgs/pull/180021" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-30947","https://nvd.nist.gov/vuln/detail/CVE-2022-30947","git","7.5","2.47.0","","","","2022A0000030947","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-30947","https://nvd.nist.gov/vuln/detail/CVE-2022-30947","git","7.5","2.47.1","","","","2022A0000030947","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-28873","https://nvd.nist.gov/vuln/detail/CVE-2022-28873","safe","4.3","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000028873","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-28873","https://nvd.nist.gov/vuln/detail/CVE-2022-28873","safe","4.3","0.3.21","0.3.21","0.3.21","haskell:safe","2022A0000028873","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-28872","https://nvd.nist.gov/vuln/detail/CVE-2022-28872","safe","8.8","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000028872","False","","err_not_vulnerable_based_on_repology","" @@ -306,7 +306,6 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-3512","https://nvd.nist.gov/vuln/detail/CVE-2022-3512","warp","8.8","3.3.31","3.4.7","3.4.7","haskell:warp","2022A0000003512","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-3341","https://nvd.nist.gov/vuln/detail/CVE-2022-3341","ffmpeg","5.3","4.4.5","","","","2022A0000003341","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/c513bd48039a718dabf6d7a829efb6732693c04b.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-3320","https://nvd.nist.gov/vuln/detail/CVE-2022-3320","warp","9.8","3.3.31","3.4.7","3.4.7","haskell:warp","2022A0000003320","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-3219","https://nvd.nist.gov/vuln/detail/CVE-2022-3219","gnupg","3.3","2.4.5","","","","2022A0000003219","True","Fix patch is not accepted upstream: https://dev.gnupg.org/D556.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-3109","https://nvd.nist.gov/vuln/detail/CVE-2022-3109","ffmpeg","7.5","4.4.5","","","","2022A0000003109","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-3064","https://nvd.nist.gov/vuln/detail/CVE-2022-3064","yaml","7.5","0.11.11.2-r2.cabal","0.11.11.2","0.11.11.2","haskell:yaml","2022A0000003064","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-3064","https://nvd.nist.gov/vuln/detail/CVE-2022-3064","yaml","7.5","0.11.11.2","0.11.11.2","0.11.11.2","haskell:yaml","2022A0000003064","False","","err_not_vulnerable_based_on_repology","" @@ -340,6 +339,7 @@ https://github.com/NixOS/nixpkgs/pull/203428 https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-312","https://osv.dev/OSV-2022-312","dnsmasq","","2.90","2.90","2.90","dnsmasq","2022A0000000312","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-193","https://osv.dev/OSV-2022-193","w3m","","0.5.3+git20230121","0.5.3+git20230121","0.5.3+git20230121","w3m","2022A0000000193","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-126","https://osv.dev/OSV-2022-126","md4c","","0.5.2","0.5.2","0.5.2","md4c","2022A0000000126","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2022-73","https://osv.dev/OSV-2022-73","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2022A0000000073","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-rjvj-673q-4hfw","https://osv.dev/GHSA-rjvj-673q-4hfw","traceroute","","2.1.6","","","","2021A1633305600","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-m75h-cghq-c8h5","https://osv.dev/GHSA-m75h-cghq-c8h5","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2021A1632355200","False","","err_not_vulnerable_based_on_repology","" @@ -355,16 +355,16 @@ https://github.com/NixOS/nixpkgs/pull/314686" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-lua-2021-43519","https://osv.dev/BIT-lua-2021-43519","lua","","5.2.4","5.4.7","5.4.7","lua","2021A0000043519","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-43519","https://nvd.nist.gov/vuln/detail/CVE-2021-43519","lua","5.5","5.2.4","5.4.7","5.4.7","lua","2021A0000043519","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/195329 https://github.com/NixOS/nixpkgs/pull/195788" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-43138","https://nvd.nist.gov/vuln/detail/CVE-2021-43138","async","7.8","2.2.5-r2.cabal","2.2.5","2.2.5","haskell:async","2021A0000043138","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-43138","https://nvd.nist.gov/vuln/detail/CVE-2021-43138","async","7.8","2.2.5-r3.cabal","2.2.5","2.2.5","haskell:async","2021A0000043138","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-43138","https://nvd.nist.gov/vuln/detail/CVE-2021-43138","async","7.8","2.2.5","2.2.5","2.2.5","haskell:async","2021A0000043138","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-41802","https://nvd.nist.gov/vuln/detail/CVE-2021-41802","vault","5.4","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000041802","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-41802","https://nvd.nist.gov/vuln/detail/CVE-2021-41802","vault","5.4","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000041802","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-41802","https://nvd.nist.gov/vuln/detail/CVE-2021-41802","vault","5.4","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000041802","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-40835","https://nvd.nist.gov/vuln/detail/CVE-2021-40835","safe","4.3","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2021A0000040835","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-40835","https://nvd.nist.gov/vuln/detail/CVE-2021-40835","safe","4.3","0.3.21","0.3.21","0.3.21","haskell:safe","2021A0000040835","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-40834","https://nvd.nist.gov/vuln/detail/CVE-2021-40834","safe","4.3","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2021A0000040834","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-40834","https://nvd.nist.gov/vuln/detail/CVE-2021-40834","safe","4.3","0.3.21","0.3.21","0.3.21","haskell:safe","2021A0000040834","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-39205","https://nvd.nist.gov/vuln/detail/CVE-2021-39205","jitsi-meet","6.1","1.0.8043","","","","2021A0000039205","True","Does not impact the version in nixpkgs as mentioned in https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845.","err_missing_repology_version","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-38554","https://nvd.nist.gov/vuln/detail/CVE-2021-38554","vault","5.3","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000038554","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-38554","https://nvd.nist.gov/vuln/detail/CVE-2021-38554","vault","5.3","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000038554","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-38554","https://nvd.nist.gov/vuln/detail/CVE-2021-38554","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000038554","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-35050","https://nvd.nist.gov/vuln/detail/CVE-2021-35050","network","7.5","3.1.4.0-r1.cabal","3.2.7.0","3.2.7.0","haskell:network","2021A0000035050","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-35050","https://nvd.nist.gov/vuln/detail/CVE-2021-35050","network","7.5","3.1.4.0","3.2.7.0","3.2.7.0","haskell:network","2021A0000035050","False","","err_not_vulnerable_based_on_repology","" @@ -397,9 +397,10 @@ https://github.com/NixOS/nixpkgs/pull/195788" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-33455","https://nvd.nist.gov/vuln/detail/CVE-2021-33455","yasm","5.5","1.3.0","","","","2021A0000033455","True","Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-33454","https://nvd.nist.gov/vuln/detail/CVE-2021-33454","yasm","5.5","1.3.0","","","","2021A0000033454","True","Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-30499","https://nvd.nist.gov/vuln/detail/CVE-2021-30499","libcaca","7.8","0.99.beta20","","","","2021A0000030499","True","NVD data issue: CPE entry does not correctly state the version numbers. Issue is fixed in v0.99.beta20: https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-28794","https://nvd.nist.gov/vuln/detail/CVE-2021-28794","ShellCheck","9.8","0.10.0-r1.cabal","0.10.0","0.10.0","shellcheck","2021A0000028794","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-28794","https://nvd.nist.gov/vuln/detail/CVE-2021-28794","ShellCheck","9.8","0.10.0","0.10.0","0.10.0","shellcheck","2021A0000028794","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-28153","https://nvd.nist.gov/vuln/detail/CVE-2021-28153","glib","5.3","0.18.5","0.13.11.0","0.13.11.0","haskell:glib","2021A0000028153","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-27400","https://nvd.nist.gov/vuln/detail/CVE-2021-27400","vault","7.5","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000027400","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/120155 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-27400","https://nvd.nist.gov/vuln/detail/CVE-2021-27400","vault","7.5","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000027400","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/120155 https://github.com/NixOS/nixpkgs/pull/120157" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-27400","https://nvd.nist.gov/vuln/detail/CVE-2021-27400","vault","7.5","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000027400","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/120155 https://github.com/NixOS/nixpkgs/pull/120157" @@ -415,7 +416,7 @@ https://github.com/NixOS/nixpkgs/pull/173833 https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-23215","https://nvd.nist.gov/vuln/detail/CVE-2021-23215","openexr","5.5","2.5.10","","","","2021A0000023215","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-23169","https://nvd.nist.gov/vuln/detail/CVE-2021-23169","openexr","8.8","2.5.10","","","","2021A0000023169","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-21684","https://nvd.nist.gov/vuln/detail/CVE-2021-21684","git","6.1","2.47.0","","","","2021A0000021684","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-21684","https://nvd.nist.gov/vuln/detail/CVE-2021-21684","git","6.1","2.47.1","","","","2021A0000021684","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-20255","https://nvd.nist.gov/vuln/detail/CVE-2021-20255","qemu","5.5","9.2.0","","","","2021A0000020255","True","Upstream patch not merged: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html. No point fixing this in nixpkgs as long as it is not fixed upstream.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-20240","https://nvd.nist.gov/vuln/detail/CVE-2021-20240","gdk-pixbuf","8.8","0.18.5","2.42.12","2.42.12","gdk-pixbuf","2021A0000020240","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/312036 https://github.com/NixOS/nixpkgs/pull/314686" @@ -442,7 +443,7 @@ https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.10","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3572","https://nvd.nist.gov/vuln/detail/CVE-2021-3572","pip","5.7","20.3.4-source","24.0","25.0","pip","2021A0000003572","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/368263" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3177","https://nvd.nist.gov/vuln/detail/CVE-2021-3177","python","9.8","2.7.18.8","3.13.1","3.13.1","python","2021A0000003177","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/201859" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-1157","https://osv.dev/OSV-2021-1157","espeak-ng","","1.51.1","","","","2021A0000001157","False","Unclear if this is still valid.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2021-1141","https://osv.dev/OSV-2021-1141","espeak-ng","","1.51.1","","","","2021A0000001141","False","Unclear if this is still valid.","err_missing_repology_version","" @@ -464,13 +465,14 @@ https://github.com/NixOS/nixpkgs/pull/314686" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-27748","https://nvd.nist.gov/vuln/detail/CVE-2020-27748","xdg-utils","6.5","1.2.1","1.2.1","1.2.1","xdg-utils","2020A0000027748","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-27569","https://nvd.nist.gov/vuln/detail/CVE-2020-27569","openvpn","7.5","2.6.12","2.6.13","2.6.13","openvpn","2020A0000027569","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-26304","https://nvd.nist.gov/vuln/detail/CVE-2020-26304","foundation","7.5","0.0.30","0.0.30","0.0.30","haskell:foundation","2020A0000026304","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-25594","https://nvd.nist.gov/vuln/detail/CVE-2020-25594","vault","5.3","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2020A0000025594","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-25594","https://nvd.nist.gov/vuln/detail/CVE-2020-25594","vault","5.3","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2020A0000025594","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-25594","https://nvd.nist.gov/vuln/detail/CVE-2020-25594","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2020A0000025594","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-24490","https://nvd.nist.gov/vuln/detail/CVE-2020-24490","bluez","6.5","5.79","","","","2020A0000024490","True","Fixed in linux kernel (5.8) with: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-18781","https://nvd.nist.gov/vuln/detail/CVE-2020-18781","audiofile","5.5","0.3.6","0.3.6","0.3.6","audiofile","2020A0000018781","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.37","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.36","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-13223","https://nvd.nist.gov/vuln/detail/CVE-2020-13223","vault","7.5","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2020A0000013223","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/91898 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-13529","https://nvd.nist.gov/vuln/detail/CVE-2020-13529","systemd","","257.2","257.2","257.2","systemd","2020A0000013529","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/127461" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-13223","https://nvd.nist.gov/vuln/detail/CVE-2020-13223","vault","7.5","0.3.1.5-r9.cabal","0.3.1.5","0.3.1.5","haskell:vault","2020A0000013223","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/91898 https://github.com/NixOS/nixpkgs/pull/92641" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-13223","https://nvd.nist.gov/vuln/detail/CVE-2020-13223","vault","7.5","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2020A0000013223","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/91898 https://github.com/NixOS/nixpkgs/pull/92641" @@ -480,7 +482,7 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-11021","https://nvd.nist.gov/vuln/detail/CVE-2020-11021","http-client","7.5","0.7.17","0.7.18","0.7.18","haskell:http-client","2020A0000011021","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.46","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.18.2","1.18.2","1.19.5","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.47.0","2.47.1","2.48.1","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.47.1","2.47.1","2.48.1","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2020-1420","https://osv.dev/OSV-2020-1420","libsass","","3.6.6","3.6.6","3.6.6","libsass","2020A0000001420","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2020-862","https://osv.dev/OSV-2020-862","libsass","","3.6.6","3.6.6","3.6.6","libsass","2020A0000000862","False","","err_not_vulnerable_based_on_repology","" @@ -568,6 +570,7 @@ https://github.com/NixOS/nixpkgs/pull/373737" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-6954","https://nvd.nist.gov/vuln/detail/CVE-2013-6954","libpng","","1.2.59","1.6.43","1.6.46","libpng","2013A0000006954","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253 https://github.com/NixOS/nixpkgs/pull/373737" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-6393","https://nvd.nist.gov/vuln/detail/CVE-2013-6393","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2013A0000006393","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-4392","https://nvd.nist.gov/vuln/detail/CVE-2013-4392","systemd","","257.2","257.2","257.2","systemd","2013A0000004392","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","14-20241116","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2011-3045","https://nvd.nist.gov/vuln/detail/CVE-2011-3045","libpng","","1.2.59","1.6.43","1.6.46","libpng","2011A0000003045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253 https://github.com/NixOS/nixpkgs/pull/373737" diff --git a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md index 09fd0ff..8786e0f 100644 --- a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md +++ b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/9fcf786a5b8ce50e68290e303892130bdd437bc5. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/fc435a07c3f73b9068a169916490fac5c1ff8f2e. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -48,7 +48,15 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -```No vulnerabilities``` + +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|------------|------------|-----------------|----------------|------------|--------------------------------------------------------| +| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.10.0-r1.cabal | 0.10.0 | 0.10.0 | | +| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.10.0 | 0.10.0 | 0.10.0 | | +| [OSV-2022-126](https://osv.dev/OSV-2022-126) | md4c | | 0.5.2 | 0.5.2 | 0.5.2 | | +| [CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529) | systemd | | 257.2 | 257.2 | 257.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/127461)]* | +| [CVE-2013-4392](https://nvd.nist.gov/vuln/detail/CVE-2013-4392) | systemd | | 257.2 | 257.2 | 257.2 | | + ## All Vulnerabilities Impacting Ghaf @@ -75,6 +83,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-3320](https://nvd.nist.gov/vuln/detail/CVE-2022-3320) | warp | 9.8 | 3.3.31 | 3.4.7 | 3.4.7 | | | [CVE-2021-35048](https://nvd.nist.gov/vuln/detail/CVE-2021-35048) | network | 9.8 | 3.1.4.0-r1.cabal | 3.2.7.0 | 3.2.7.0 | | | [CVE-2021-35048](https://nvd.nist.gov/vuln/detail/CVE-2021-35048) | network | 9.8 | 3.1.4.0 | 3.2.7.0 | 3.2.7.0 | | +| [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.10.0-r1.cabal | 0.10.0 | 0.10.0 | | | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.10.0 | 0.10.0 | 0.10.0 | | | [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177) | python | 9.8 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/201859)]* | | [CVE-2020-11105](https://nvd.nist.gov/vuln/detail/CVE-2020-11105) | cereal | 9.8 | 0.5.8.3 | 0.5.8.3 | 0.5.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/121574), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | @@ -112,7 +121,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-4276](https://nvd.nist.gov/vuln/detail/CVE-2021-4276) | hedgehog | 8.8 | 1.4 | 1.5 | 1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/192632)]* | | [CVE-2017-17522](https://nvd.nist.gov/vuln/detail/CVE-2017-17522) | python | 8.8 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.24rc2 | 1.23.5 | | -| [CVE-2023-24999](https://nvd.nist.gov/vuln/detail/CVE-2023-24999) | vault | 8.1 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/221835), [PR](https://github.com/NixOS/nixpkgs/pull/221841)]* | +| [CVE-2023-24999](https://nvd.nist.gov/vuln/detail/CVE-2023-24999) | vault | 8.1 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/221835), [PR](https://github.com/NixOS/nixpkgs/pull/221841)]* | | [CVE-2023-24999](https://nvd.nist.gov/vuln/detail/CVE-2023-24999) | vault | 8.1 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/221835), [PR](https://github.com/NixOS/nixpkgs/pull/221841)]* | | [CVE-2022-4428](https://nvd.nist.gov/vuln/detail/CVE-2022-4428) | warp | 8.0 | 3.3.31 | 3.4.7 | 3.4.7 | | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.5 | | | | @@ -130,7 +139,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-0486](https://nvd.nist.gov/vuln/detail/CVE-2022-0486) | network | 7.8 | 3.1.4.0-r1.cabal | 3.2.7.0 | 3.2.7.0 | | | [CVE-2022-0486](https://nvd.nist.gov/vuln/detail/CVE-2022-0486) | network | 7.8 | 3.1.4.0 | 3.2.7.0 | 3.2.7.0 | | | [CVE-2021-46829](https://nvd.nist.gov/vuln/detail/CVE-2021-46829) | gdk-pixbuf | 7.8 | 0.18.5 | 2.42.12 | 2.42.12 | *[[PR](https://github.com/NixOS/nixpkgs/pull/312036), [PR](https://github.com/NixOS/nixpkgs/pull/314686)]* | -| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.5-r2.cabal | 2.2.5 | 2.2.5 | | +| [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.5-r3.cabal | 2.2.5 | 2.2.5 | | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.5 | 2.2.5 | 2.2.5 | | | [CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034) | polkit | 7.8 | 1.pam | 124 | 126 | *[[PR](https://github.com/NixOS/nixpkgs/pull/155725), [PR](https://github.com/NixOS/nixpkgs/pull/156750), [PR](https://github.com/NixOS/nixpkgs/pull/156822), [PR](https://github.com/NixOS/nixpkgs/pull/295087)]* | | [CVE-2020-35457](https://nvd.nist.gov/vuln/detail/CVE-2020-35457) | glib | 7.8 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | @@ -152,7 +161,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-29499](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) | glib | 7.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | | [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329) | python | 7.5 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/236448), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | -| [CVE-2023-6337](https://nvd.nist.gov/vuln/detail/CVE-2023-6337) | vault | 7.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272492), [PR](https://github.com/NixOS/nixpkgs/pull/274068), [PR](https://github.com/NixOS/nixpkgs/pull/274071)]* | +| [CVE-2023-6337](https://nvd.nist.gov/vuln/detail/CVE-2023-6337) | vault | 7.5 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272492), [PR](https://github.com/NixOS/nixpkgs/pull/274068), [PR](https://github.com/NixOS/nixpkgs/pull/274071)]* | | [CVE-2023-6337](https://nvd.nist.gov/vuln/detail/CVE-2023-6337) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272492), [PR](https://github.com/NixOS/nixpkgs/pull/274068), [PR](https://github.com/NixOS/nixpkgs/pull/274071)]* | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 7.5 | 9.2.0 | 9.2.0 | 9.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/305402)]* | | [CVE-2022-48560](https://nvd.nist.gov/vuln/detail/CVE-2022-48560) | python | 7.5 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | @@ -169,13 +178,13 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-45810](https://nvd.nist.gov/vuln/detail/CVE-2021-45810) | globalprotect-openconnect | 7.5 | 1.4.9 | 1.4.9 | 2.3.9 | | | [CVE-2021-35050](https://nvd.nist.gov/vuln/detail/CVE-2021-35050) | network | 7.5 | 3.1.4.0-r1.cabal | 3.2.7.0 | 3.2.7.0 | | | [CVE-2021-35050](https://nvd.nist.gov/vuln/detail/CVE-2021-35050) | network | 7.5 | 3.1.4.0 | 3.2.7.0 | 3.2.7.0 | | -| [CVE-2021-27400](https://nvd.nist.gov/vuln/detail/CVE-2021-27400) | vault | 7.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/120155), [PR](https://github.com/NixOS/nixpkgs/pull/120157)]* | +| [CVE-2021-27400](https://nvd.nist.gov/vuln/detail/CVE-2021-27400) | vault | 7.5 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/120155), [PR](https://github.com/NixOS/nixpkgs/pull/120157)]* | | [CVE-2021-27400](https://nvd.nist.gov/vuln/detail/CVE-2021-27400) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/120155), [PR](https://github.com/NixOS/nixpkgs/pull/120157)]* | | [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219) | glib | 7.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | | [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218) | glib | 7.5 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | | [CVE-2020-27569](https://nvd.nist.gov/vuln/detail/CVE-2020-27569) | openvpn | 7.5 | 2.6.12 | 2.6.13 | 2.6.13 | | | [CVE-2020-26304](https://nvd.nist.gov/vuln/detail/CVE-2020-26304) | foundation | 7.5 | 0.0.30 | 0.0.30 | 0.0.30 | | -| [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | +| [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | | [CVE-2020-13223](https://nvd.nist.gov/vuln/detail/CVE-2020-13223) | vault | 7.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/91898), [PR](https://github.com/NixOS/nixpkgs/pull/92641)]* | | [CVE-2020-11021](https://nvd.nist.gov/vuln/detail/CVE-2020-11021) | http-client | 7.5 | 0.7.17 | 0.7.18 | 0.7.18 | | | [CVE-2019-9674](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) | python | 7.5 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | @@ -188,16 +197,16 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-26488](https://nvd.nist.gov/vuln/detail/CVE-2022-26488) | python | 7.0 | 2.7.18.8 | 3.13.1 | 3.13.1 | | | [CVE-2024-6505](https://nvd.nist.gov/vuln/detail/CVE-2024-6505) | qemu | 6.8 | 9.2.0 | 9.2.0 | 9.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/351100)]* | | [CVE-2023-2754](https://nvd.nist.gov/vuln/detail/CVE-2023-2754) | warp | 6.8 | 3.3.31 | 3.4.7 | 3.4.7 | | -| [CVE-2023-0620](https://nvd.nist.gov/vuln/detail/CVE-2023-0620) | vault | 6.7 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | +| [CVE-2023-0620](https://nvd.nist.gov/vuln/detail/CVE-2023-0620) | vault | 6.7 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2023-0620](https://nvd.nist.gov/vuln/detail/CVE-2023-0620) | vault | 6.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2024-50613](https://nvd.nist.gov/vuln/detail/CVE-2024-50613) | libsndfile | 6.5 | 1.2.2 | 1.2.2 | 1.2.2 | | -| [CVE-2024-8365](https://nvd.nist.gov/vuln/detail/CVE-2024-8365) | vault | 6.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | +| [CVE-2024-8365](https://nvd.nist.gov/vuln/detail/CVE-2024-8365) | vault | 6.5 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2024-8365](https://nvd.nist.gov/vuln/detail/CVE-2024-8365) | vault | 6.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | | [CVE-2024-5642](https://nvd.nist.gov/vuln/detail/CVE-2024-5642) | python | 6.5 | 2.7.18.8 | 3.13.1 | 3.13.1 | | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.44.2 | 0.44.2 | 0.44.2 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.7.0 | 4.7.0 | 4.7.0 | | -| [CVE-2023-0665](https://nvd.nist.gov/vuln/detail/CVE-2023-0665) | vault | 6.5 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | +| [CVE-2023-0665](https://nvd.nist.gov/vuln/detail/CVE-2023-0665) | vault | 6.5 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2023-0665](https://nvd.nist.gov/vuln/detail/CVE-2023-0665) | vault | 6.5 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2022-48564](https://nvd.nist.gov/vuln/detail/CVE-2022-48564) | python | 6.5 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | | [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012) | dbus | 6.5 | 1 | 1.14.10 | 1.16.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/195264), [PR](https://github.com/NixOS/nixpkgs/pull/253430)]* | @@ -255,37 +264,37 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2024-21485](https://nvd.nist.gov/vuln/detail/CVE-2024-21485) | dash | 5.4 | 0.5.12 | | | | | [CVE-2023-41940](https://nvd.nist.gov/vuln/detail/CVE-2023-41940) | tap | 5.4 | 1.0.1 | 0.77 | 0.77 | | -| [CVE-2023-2121](https://nvd.nist.gov/vuln/detail/CVE-2023-2121) | vault | 5.4 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236911), [PR](https://github.com/NixOS/nixpkgs/pull/239559), [PR](https://github.com/NixOS/nixpkgs/pull/239571)]* | +| [CVE-2023-2121](https://nvd.nist.gov/vuln/detail/CVE-2023-2121) | vault | 5.4 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236911), [PR](https://github.com/NixOS/nixpkgs/pull/239559), [PR](https://github.com/NixOS/nixpkgs/pull/239571)]* | | [CVE-2023-2121](https://nvd.nist.gov/vuln/detail/CVE-2023-2121) | vault | 5.4 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/236911), [PR](https://github.com/NixOS/nixpkgs/pull/239559), [PR](https://github.com/NixOS/nixpkgs/pull/239571)]* | | [CVE-2022-47524](https://nvd.nist.gov/vuln/detail/CVE-2022-47524) | safe | 5.4 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2022-47524](https://nvd.nist.gov/vuln/detail/CVE-2022-47524) | safe | 5.4 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | +| [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | -| [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.47.0 | 2.47.1 | 2.48.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | +| [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.47.1 | 2.47.1 | 2.48.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217) | python | 5.3 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* | | [CVE-2023-33955](https://nvd.nist.gov/vuln/detail/CVE-2023-33955) | console | 5.3 | 0.15.8 | 0.1.0-unstable-2 | | | | [CVE-2023-27043](https://nvd.nist.gov/vuln/detail/CVE-2023-27043) | python | 5.3 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243074), [PR](https://github.com/NixOS/nixpkgs/pull/349408)]* | | [CVE-2023-26044](https://nvd.nist.gov/vuln/detail/CVE-2023-26044) | http | 5.3 | 1.1.0 | | | | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.15 | 2.15 | 2.15 | | -| [CVE-2022-43410](https://nvd.nist.gov/vuln/detail/CVE-2022-43410) | mercurial | 5.3 | 6.8.2 | 6.9 | 6.9.1 | | -| [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | +| [CVE-2022-43410](https://nvd.nist.gov/vuln/detail/CVE-2022-43410) | mercurial | 5.3 | 6.9 | 6.9 | 6.9.1 | | +| [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | | [CVE-2022-36032](https://nvd.nist.gov/vuln/detail/CVE-2022-36032) | http | 5.3 | 1.1.0 | | | | | [CVE-2021-44751](https://nvd.nist.gov/vuln/detail/CVE-2021-44751) | safe | 5.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2021-44751](https://nvd.nist.gov/vuln/detail/CVE-2021-44751) | safe | 5.3 | 0.3.21 | 0.3.21 | 0.3.21 | | -| [CVE-2021-38554](https://nvd.nist.gov/vuln/detail/CVE-2021-38554) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | | +| [CVE-2021-38554](https://nvd.nist.gov/vuln/detail/CVE-2021-38554) | vault | 5.3 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2021-38554](https://nvd.nist.gov/vuln/detail/CVE-2021-38554) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | | [CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153) | glib | 5.3 | 0.18.5 | 0.13.11.0 | 0.13.11.0 | | -| [CVE-2021-3024](https://nvd.nist.gov/vuln/detail/CVE-2021-3024) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | +| [CVE-2021-3024](https://nvd.nist.gov/vuln/detail/CVE-2021-3024) | vault | 5.3 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | | [CVE-2021-3024](https://nvd.nist.gov/vuln/detail/CVE-2021-3024) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | -| [CVE-2020-25594](https://nvd.nist.gov/vuln/detail/CVE-2020-25594) | vault | 5.3 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | +| [CVE-2020-25594](https://nvd.nist.gov/vuln/detail/CVE-2020-25594) | vault | 5.3 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | | [CVE-2020-25594](https://nvd.nist.gov/vuln/detail/CVE-2020-25594) | vault | 5.3 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/112146)]* | | [CVE-2020-11104](https://nvd.nist.gov/vuln/detail/CVE-2020-11104) | cereal | 5.3 | 0.5.8.3 | 0.5.8.3 | 0.5.8.3 | | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.23.4 | 1.24rc2 | 1.23.5 | | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.24rc2 | 1.23.5 | | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 14-20241116 | | | | | [CVE-2024-10041](https://nvd.nist.gov/vuln/detail/CVE-2024-10041) | linux-pam | 4.7 | 1.6.1 | | | | -| [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5-r8.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | +| [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5-r9.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2024-9143](https://nvd.nist.gov/vuln/detail/CVE-2024-9143) | openssl | 4.3 | 3.3.2 | 3.3.2 | 3.4.0 | | | [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | @@ -320,11 +329,11 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [GHSA-pxg6-pf52-xh8x](https://osv.dev/GHSA-pxg6-pf52-xh8x) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.5 | 2.2.5 | 2.2.5 | | | [BIT-git-lfs-2024-53263](https://osv.dev/BIT-git-lfs-2024-53263) | git-lfs | | 3.6.0 | 3.6.0 | 3.6.1 | | -| [CVE-2024-52006](https://nvd.nist.gov/vuln/detail/CVE-2024-52006) | git | | 2.47.0 | 2.47.1 | 2.48.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/372784), [PR](https://github.com/NixOS/nixpkgs/pull/373801)]* | -| [BIT-git-2024-52006](https://osv.dev/BIT-git-2024-52006) | git | | 2.47.0 | 2.47.1 | 2.48.1 | | -| [CVE-2024-52005](https://nvd.nist.gov/vuln/detail/CVE-2024-52005) | git | | 2.47.0 | 2.47.1 | 2.48.1 | | -| [CVE-2024-50349](https://nvd.nist.gov/vuln/detail/CVE-2024-50349) | git | | 2.47.0 | 2.47.1 | 2.48.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/372784), [PR](https://github.com/NixOS/nixpkgs/pull/373801)]* | -| [BIT-git-2024-50349](https://osv.dev/BIT-git-2024-50349) | git | | 2.47.0 | 2.47.1 | 2.48.1 | | +| [CVE-2024-52006](https://nvd.nist.gov/vuln/detail/CVE-2024-52006) | git | | 2.47.1 | 2.47.1 | 2.48.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/372784), [PR](https://github.com/NixOS/nixpkgs/pull/373801)]* | +| [BIT-git-2024-52006](https://osv.dev/BIT-git-2024-52006) | git | | 2.47.1 | 2.47.1 | 2.48.1 | | +| [CVE-2024-52005](https://nvd.nist.gov/vuln/detail/CVE-2024-52005) | git | | 2.47.1 | 2.47.1 | 2.48.1 | | +| [CVE-2024-50349](https://nvd.nist.gov/vuln/detail/CVE-2024-50349) | git | | 2.47.1 | 2.47.1 | 2.48.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/372784), [PR](https://github.com/NixOS/nixpkgs/pull/373801)]* | +| [BIT-git-2024-50349](https://osv.dev/BIT-git-2024-50349) | git | | 2.47.1 | 2.47.1 | 2.48.1 | | | [CVE-2024-13176](https://nvd.nist.gov/vuln/detail/CVE-2024-13176) | openssl | | 3.3.2 | 3.3.2 | 3.4.0 | | | [CVE-2024-9287](https://nvd.nist.gov/vuln/detail/CVE-2024-9287) | python | | 2.7.18.8 | 3.13.1 | 3.13.1 | | | [MAL-2024-9233](https://osv.dev/MAL-2024-9233) | foldl | | 1.4.17 | 1.4.18 | 1.4.18 | | @@ -336,7 +345,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2024-1042](https://osv.dev/OSV-2024-1042) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | | [OSV-2024-983](https://osv.dev/OSV-2024-983) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | | [OSV-2024-919](https://osv.dev/OSV-2024-919) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | -| [OSV-2024-914](https://osv.dev/OSV-2024-914) | boost | | 1.86.0 | 1.87.0 | 1.87.0 | | +| [OSV-2024-914](https://osv.dev/OSV-2024-914) | boost | | 1.87.0 | 1.87.0 | 1.87.0 | | | [OSV-2024-861](https://osv.dev/OSV-2024-861) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | | [OSV-2024-853](https://osv.dev/OSV-2024-853) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | | [OSV-2024-831](https://osv.dev/OSV-2024-831) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | @@ -351,17 +360,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [RUSTSEC-2024-0379](https://osv.dev/RUSTSEC-2024-0379) | fast-float | | 7.0.0 | 7.0.0 | 7.0.0 | | | [OSV-2024-371](https://osv.dev/OSV-2024-371) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | | [OSV-2024-330](https://osv.dev/OSV-2024-330) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | -| [OSV-2024-112](https://osv.dev/OSV-2024-112) | boost | | 1.86.0 | 1.87.0 | 1.87.0 | | +| [OSV-2024-112](https://osv.dev/OSV-2024-112) | boost | | 1.87.0 | 1.87.0 | 1.87.0 | | | [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | | | [GHSA-vjrq-cg9x-rfjp](https://osv.dev/GHSA-vjrq-cg9x-rfjp) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | | | [GHSA-9cp3-fh5x-xfcj](https://osv.dev/GHSA-9cp3-fh5x-xfcj) | charset | | 0.3.10 | 0.3.11 | 0.3.11 | | | [OSV-2023-1398](https://osv.dev/OSV-2023-1398) | file | | 5.46 | 5.46 | 5.46 | | | [OSV-2023-1344](https://osv.dev/OSV-2023-1344) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | | [OSV-2023-1329](https://osv.dev/OSV-2023-1329) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | -| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.4.7 | 1.5.0 | 1.5.0 | | +| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.5.0 | 1.5.0 | 1.5.0 | | | [OSV-2023-1170](https://osv.dev/OSV-2023-1170) | vulkan-loader | | 1.3.296.0 | 1.3.296.0 | 1.4.306 | | | [OSV-2023-1129](https://osv.dev/OSV-2023-1129) | libheif | | 1.18.2 | 1.18.2 | 1.19.5 | | -| [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.4.7 | 1.5.0 | 1.5.0 | | +| [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.5.0 | 1.5.0 | 1.5.0 | | | [OSV-2023-862](https://osv.dev/OSV-2023-862) | gstreamer | | 1.24.10 | 1.24.10 | 1.24.11 | | | [OSV-2023-675](https://osv.dev/OSV-2023-675) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | | | [OSV-2023-395](https://osv.dev/OSV-2023-395) | opensc | | 0.26.0 | 0.26.0 | 0.26.1 | | @@ -391,6 +400,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2022-462](https://osv.dev/OSV-2022-462) | espeak-ng | | 1.51.1 | | | Unclear if this is still valid. | | [OSV-2022-312](https://osv.dev/OSV-2022-312) | dnsmasq | | 2.90 | 2.90 | 2.90 | | | [OSV-2022-193](https://osv.dev/OSV-2022-193) | w3m | | 0.5.3+git2023012 | 0.5.3+git2023012 | 0.5.3+git2023012 | Unclear if this is still valid. | +| [OSV-2022-126](https://osv.dev/OSV-2022-126) | md4c | | 0.5.2 | 0.5.2 | 0.5.2 | | | [OSV-2022-73](https://osv.dev/OSV-2022-73) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | | [GHSA-rjvj-673q-4hfw](https://osv.dev/GHSA-rjvj-673q-4hfw) | traceroute | | 2.1.6 | | | | | [GHSA-m75h-cghq-c8h5](https://osv.dev/GHSA-m75h-cghq-c8h5) | libyaml | | 0.1.4 | 0.1.4 | 0.1.4 | | @@ -405,6 +415,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2021-787](https://osv.dev/OSV-2021-787) | espeak-ng | | 1.51.1 | | | Unclear if this is still valid. | | [OSV-2021-765](https://osv.dev/OSV-2021-765) | espeak-ng | | 1.51.1 | | | Unclear if this is still valid. | | [OSV-2021-508](https://osv.dev/OSV-2021-508) | libsass | | 3.6.6 | 3.6.6 | 3.6.6 | Unclear if this is still valid. | +| [CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529) | systemd | | 257.2 | 257.2 | 257.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/127461)]* | | [OSV-2020-2308](https://osv.dev/OSV-2020-2308) | libheif | | 1.18.2 | 1.18.2 | 1.19.5 | | | [OSV-2020-1420](https://osv.dev/OSV-2020-1420) | libsass | | 3.6.6 | 3.6.6 | 3.6.6 | | | [OSV-2020-862](https://osv.dev/OSV-2020-862) | libsass | | 3.6.6 | 3.6.6 | 3.6.6 | | @@ -420,6 +431,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2013-7353](https://nvd.nist.gov/vuln/detail/CVE-2013-7353) | libpng | | 1.2.59 | 1.6.43 | 1.6.46 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253), [PR](https://github.com/NixOS/nixpkgs/pull/373737)]* | | [CVE-2013-6954](https://nvd.nist.gov/vuln/detail/CVE-2013-6954) | libpng | | 1.2.59 | 1.6.43 | 1.6.46 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253), [PR](https://github.com/NixOS/nixpkgs/pull/373737)]* | | [CVE-2013-6393](https://nvd.nist.gov/vuln/detail/CVE-2013-6393) | libyaml | | 0.1.4 | 0.1.4 | 0.1.4 | | +| [CVE-2013-4392](https://nvd.nist.gov/vuln/detail/CVE-2013-4392) | systemd | | 257.2 | 257.2 | 257.2 | | | [CVE-2011-3045](https://nvd.nist.gov/vuln/detail/CVE-2011-3045) | libpng | | 1.2.59 | 1.6.43 | 1.6.46 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253), [PR](https://github.com/NixOS/nixpkgs/pull/373737)]* | | [CVE-2011-2411](https://nvd.nist.gov/vuln/detail/CVE-2011-2411) | samba | | 4.20.4 | 4.20.4 | 4.21.3 | | | [CVE-1999-0475](https://nvd.nist.gov/vuln/detail/CVE-1999-0475) | procmail | | 3.24 | 3.24 | 3.24 | | @@ -443,7 +455,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2016-10141](https://nvd.nist.gov/vuln/detail/CVE-2016-10141) | mujs | 9.8 | 1.3.5 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-10133](https://nvd.nist.gov/vuln/detail/CVE-2016-10133) | mujs | 9.8 | 1.3.5 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-7504](https://nvd.nist.gov/vuln/detail/CVE-2016-7504) | mujs | 9.8 | 1.3.5 | NVD data issue: CPE entry does not correctly state the version numbers. | -| [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.47.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | +| [CVE-2022-36882](https://nvd.nist.gov/vuln/detail/CVE-2022-36882) | git | 8.8 | 2.47.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-36073](https://nvd.nist.gov/vuln/detail/CVE-2022-36073) | rubygems | 8.8 | 3.5.22 | Latest impacted version in 3.x is 3.0.4. | | [CVE-2021-23169](https://nvd.nist.gov/vuln/detail/CVE-2021-23169) | openexr | 8.8 | 2.5.10 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2018-6553](https://nvd.nist.gov/vuln/detail/CVE-2018-6553) | cups | 8.8 | 2.4.11 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -457,8 +469,8 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2017-5628](https://nvd.nist.gov/vuln/detail/CVE-2017-5628) | mujs | 7.8 | 1.3.5 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2017-5627](https://nvd.nist.gov/vuln/detail/CVE-2017-5627) | mujs | 7.8 | 1.3.5 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-2226](https://nvd.nist.gov/vuln/detail/CVE-2016-2226) | libiberty | 7.8 | 14-20241116 | NVD data issue: CPE entry does not correctly state the version numbers. | -| [CVE-2022-36883](https://nvd.nist.gov/vuln/detail/CVE-2022-36883) | git | 7.5 | 2.47.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | -| [CVE-2022-30947](https://nvd.nist.gov/vuln/detail/CVE-2022-30947) | git | 7.5 | 2.47.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | +| [CVE-2022-36883](https://nvd.nist.gov/vuln/detail/CVE-2022-36883) | git | 7.5 | 2.47.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | +| [CVE-2022-30947](https://nvd.nist.gov/vuln/detail/CVE-2022-30947) | git | 7.5 | 2.47.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-3109](https://nvd.nist.gov/vuln/detail/CVE-2022-3109) | ffmpeg | 7.5 | 4.4.5 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2). | | [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.8043 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | | [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202411 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -475,7 +487,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2014-4860](https://nvd.nist.gov/vuln/detail/CVE-2014-4860) | edk2 | 6.8 | 202411 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2014-4859](https://nvd.nist.gov/vuln/detail/CVE-2014-4859) | edk2 | 6.8 | 202411 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2022-26691](https://nvd.nist.gov/vuln/detail/CVE-2022-26691) | cups | 6.7 | 2.4.11 | Fixed in nixpkgs with PR: [link](https://github.com/NixOS/nixpkgs/pull/174898). | -| [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.47.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | +| [CVE-2022-38663](https://nvd.nist.gov/vuln/detail/CVE-2022-38663) | git | 6.5 | 2.47.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-37416](https://nvd.nist.gov/vuln/detail/CVE-2022-37416) | libmpeg2 | 6.5 | 0.5.1 | NVD data issue: concerns Android only. | | [CVE-2022-0856](https://nvd.nist.gov/vuln/detail/CVE-2022-0856) | libcaca | 6.5 | 0.99.beta20 | Crash in CLI tool, no security impact. | | [CVE-2020-24490](https://nvd.nist.gov/vuln/detail/CVE-2020-24490) | bluez | 6.5 | 5.79 | Fixed in linux kernel (5.8) with: [link](https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e). | @@ -484,7 +496,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 6.5 | 9.18.28 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). | | [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.5 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.8043 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). | -| [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.47.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | +| [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.47.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2023-31974](https://nvd.nist.gov/vuln/detail/CVE-2023-31974) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. | | [CVE-2023-31973](https://nvd.nist.gov/vuln/detail/CVE-2023-31973) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. | | [CVE-2023-31972](https://nvd.nist.gov/vuln/detail/CVE-2023-31972) | yasm | 5.5 | 1.3.0 | Crash in CLI tool, no security impact. | @@ -520,14 +532,13 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2016-4488](https://nvd.nist.gov/vuln/detail/CVE-2016-4488) | libiberty | 5.5 | 14-20241116 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4487](https://nvd.nist.gov/vuln/detail/CVE-2016-4487) | libiberty | 5.5 | 14-20241116 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2015-7313](https://nvd.nist.gov/vuln/detail/CVE-2015-7313) | libtiff | 5.5 | 4.7.0 | NVD data issue: CPE entry does not correctly state the version numbers. | -| [CVE-2022-36884](https://nvd.nist.gov/vuln/detail/CVE-2022-36884) | git | 5.3 | 2.47.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | +| [CVE-2022-36884](https://nvd.nist.gov/vuln/detail/CVE-2022-36884) | git | 5.3 | 2.47.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2022-3341](https://nvd.nist.gov/vuln/detail/CVE-2022-3341) | ffmpeg | 5.3 | 4.4.5 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/c513bd48039a718dabf6d7a829efb6732693c04b). | | [CVE-2020-16194](https://nvd.nist.gov/vuln/detail/CVE-2020-16194) | quote | 5.3 | 1.0.37 | Incorrect package: Issue concerns prestashop product: [link](https://prestashop.com/), whereas, nixpkgs "quote" refers rust package 'quote': [link](https://docs.rs/quote/latest/quote/). | | [CVE-2020-16194](https://nvd.nist.gov/vuln/detail/CVE-2020-16194) | quote | 5.3 | 1.0.36 | Incorrect package: Issue concerns prestashop product: [link](https://prestashop.com/), whereas, nixpkgs "quote" refers rust package 'quote': [link](https://docs.rs/quote/latest/quote/). | | [CVE-2019-14553](https://nvd.nist.gov/vuln/detail/CVE-2019-14553) | edk2 | 4.9 | 202411 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4492](https://nvd.nist.gov/vuln/detail/CVE-2016-4492) | libiberty | 4.4 | 14-20241116 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2023-31975](https://nvd.nist.gov/vuln/detail/CVE-2023-31975) | yasm | 3.3 | 1.3.0 | Memory leak in CLI tool, no security impact. | -| [CVE-2022-3219](https://nvd.nist.gov/vuln/detail/CVE-2022-3219) | gnupg | 3.3 | 2.4.5 | Fix patch is not accepted upstream: [link](https://dev.gnupg.org/D556). | | [GHSA-6898-wx94-8jq8](https://osv.dev/GHSA-6898-wx94-8jq8) | libnotify | | 0.8.3 | Incorrect package: Issue refers node-libnotify [link](https://github.com/mytrile/node-libnotify), whereas nixpkgs refers gnome-libnotify [link](https://gitlab.gnome.org/GNOME/libnotify). | | [OSV-2023-137](https://osv.dev/OSV-2023-137) | harfbuzz | | 10.1.0 | Based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2), the issue is fixed in range [link](https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc) all of which have been merged in 7.1.0. | | [MAL-2022-4301](https://osv.dev/MAL-2022-4301) | libidn2 | | 2.3.7 | Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 [link](https://gitlab.com/libidn/libidn2). |