Repo Status -
Overall Status
Page updated: 2025-09-09 23:37
| 2375005 | NEW | medium | CVE-2025-6442 rubygem-webrick: Ruby WEBrick Request Smuggling Vulnerability [epel-10] |
| 2375129 | NEW | low | CVE-2025-6750 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375487 | NEW | low | CVE-2025-6858 hdf5: HDF5 Null Pointer Dereference [epel-10] |
| 2375491 | NEW | low | CVE-2025-6857 hdf5: HDF5 Stack Buffer Overflow [epel-10] |
| 2375493 | NEW | low | CVE-2025-6856 hdf5: HDF5 Use-After-Free Vulnerability [epel-10] |
| 2375495 | NEW | low | CVE-2025-6818 hdf5: HDF5 Heap Overflow [epel-10] |
| 2375501 | NEW | low | CVE-2025-6817 hdf5: HDF5 Resource Consumption Vulnerability [epel-10] |
| 2375505 | NEW | low | CVE-2025-6816 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375950 | NEW | medium | CVE-2025-52891 mod_security: ModSecurity segmentation fault [epel-10] |
| 2376248 | NEW | high | CVE-2025-53367 djvulibre: DjVuLibre out of bounds write [epel-10] |
| 2376968 | NEW | low | CVE-2024-25178 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376975 | NEW | low | CVE-2024-25177 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376984 | NEW | low | CVE-2024-25176 luajit: From CVEorg collector [epel-10] |
| 2378816 | NEW | high | CVE-2025-48384 cgit: Git arbitrary code execution [epel-10] |
| 2378820 | NEW | medium | CVE-2025-48386 cgit: Git buffer overflow [epel-10] |
| 2378824 | NEW | high | CVE-2025-48385 cgit: Git arbitrary file writes [epel-10] |
| 2379614 | NEW | low | CVE-2025-48924 jakarta-mail1: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379615 | NEW | low | CVE-2025-48924 pdftk-java: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379636 | NEW | low | CVE-2025-48924 libphonenumber: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379820 | NEW | medium | CVE-2025-7545 radare2: Binutils: Heap Buffer Overflow [epel-10] |
| 2379821 | NEW | medium | CVE-2025-7545 rizin: Binutils: Heap Buffer Overflow [epel-10] |
| 2379824 | NEW | medium | CVE-2025-7546 radare2: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379826 | NEW | medium | CVE-2025-7546 rizin: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379953 | POST | medium | CVE-2025-51591 pandoc: Server-Side Request Forgery in Pandoc [epel-10] |
| 2379979 | NEW | low | CVE-2025-53014 ImageMagick: ImageMagick Heap Buffer Overflow [epel-10] |
| 2379980 | NEW | medium | CVE-2025-53101 ImageMagick: ImageMagick Stack Buffer Overflow [epel-10] |
| 2379981 | NEW | medium | CVE-2025-53015 ImageMagick: ImageMagick unbounded loop [epel-10] |
| 2379982 | NEW | low | CVE-2025-53019 ImageMagick: ImageMagick Memory Leak [epel-10] |
| 2380008 | NEW | low | CVE-2025-53643 python-aiohttp: AIOHTTP HTTP Request/Response Smuggling [epel-10] |
| 2381578 | NEW | medium | CVE-2025-7700 ffmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) [epel-10] |
| 2381811 | NEW | high | CVE-2025-53644 opencv: OpenCV use after free [epel-10] |
| 2381822 | NEW | medium | CVE-2025-53817 7zip: 7-Zip Null pointer array write [epel-10] |
| 2381825 | NEW | medium | CVE-2025-53816 7zip: 7-Zip heap buffer overflow [epel-10] |
| 2382273 | NEW | low | CVE-2025-54352 wordpress: WordPress Pingback Title Disclosure Vulnerability [epel-10] |
| 2383360 | NEW | medium | CVE-2025-46805 screen: Race Conditions when Sending Signals [epel-all] |
| 2384000 | NEW | medium | CVE-2025-8263 yarnpkg: prettier parseNestedCSS ReDoS [epel-10] |
| 2384060 | NEW | medium | CVE-2025-8194 asahi-installer: Cpython infinite loop when parsing a tarfile [epel-10] |
| 2385904 | NEW | medium | CVE-2025-45768 python-jwt: pyjwt Weak Encryption Vulnerability [epel-10] |
| 2386381 | ON_QA | medium | CVE-2025-43265 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [epel-all] |
| 2386402 | ON_QA | high | CVE-2025-31278 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [epel-all] |
| 2386407 | ON_QA | high | CVE-2025-31273 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [epel-all] |
| 2386412 | ON_QA | high | CVE-2025-24189 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [epel-all] |
| 2386418 | ON_QA | high | CVE-2025-6558 webkitgtk: Chromium insufficient validation [epel-all] |
| 2386573 | ON_QA | medium | CVE-2025-43228 webkitgtk: Visiting a malicious website may lead to address bar spoofing [epel-all] |
| 2386811 | NEW | medium | CVE-2025-54571 mod_security: ModSecurity Content-Type Override Vulnerability [epel-10] |
| 2387011 | NEW | low | CVE-2025-54798 yarnpkg: tmp Symbolic Link Write Vulnerability [epel-10] |
| 2387643 | NEW | low | CVE-2025-55188 7zip: 7-Zip Symbolic Link Extraction Vulnerability [epel-10] |
| 2388022 | NEW | medium | CVE-2025-8885 canl-java: Bouncy Castle denial of service parsing ASN.1 Object Identifiers [epel-10] |
| 2388023 | NEW | medium | CVE-2025-8885 pdftk-java: Bouncy Castle denial of service parsing ASN.1 Object Identifiers [epel-10] |
| 2388024 | NEW | medium | CVE-2025-8885 voms-api-java: Bouncy Castle denial of service parsing ASN.1 Object Identifiers [epel-10] |
| 2388276 | NEW | medium | CVE-2025-8916 canl-java: BouncyCastle denial of service [epel-10] |
| 2388277 | NEW | medium | CVE-2025-8916 pdftk-java: BouncyCastle denial of service [epel-10] |
| 2388278 | NEW | medium | CVE-2025-8916 voms-api-java: BouncyCastle denial of service [epel-10] |
| 2388308 | NEW | medium | CVE-2025-55160 ImageMagick: ImageMagick: Undefined Behavior [epel-10] |
| 2388309 | NEW | low | CVE-2025-55005 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2388311 | NEW | high | CVE-2025-55154 ImageMagick: ImageMagick: integer overflows in MNG magnification [epel-10] |
| 2388312 | NEW | high | CVE-2025-55004 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2388882 | NEW | high | CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [epel-10] |
| 2389222 | NEW | low | CVE-2025-9092 canl-java: Bouncycastle Resource Exhaustion [epel-10] |
| 2389223 | NEW | low | CVE-2025-9092 pdftk-java: Bouncycastle Resource Exhaustion [epel-10] |
| 2389224 | NEW | low | CVE-2025-9092 voms-api-java: Bouncycastle Resource Exhaustion [epel-10] |
| 2389810 | ON_QA | medium | CVE-2025-54881 forgejo: Mermaid cross site scripting [epel-10] |
| 2389811 | ON_QA | medium | CVE-2025-54880 forgejo: Mermaid cross site scripting [epel-10] |
| 2389812 | NEW | medium | CVE-2025-54881 jupyterlab: Mermaid cross site scripting [epel-10] |
| 2389813 | NEW | medium | CVE-2025-54880 jupyterlab: Mermaid cross site scripting [epel-10] |
| 2389814 | NEW | medium | CVE-2025-54881 nextcloud: Mermaid cross site scripting [epel-10] |
| 2389815 | NEW | medium | CVE-2025-54880 nextcloud: Mermaid cross site scripting [epel-10] |
| 2389960 | NEW | high | CVE-2025-9287 yarnpkg: Cipher-base hash manipulation [epel-10] |
| 2389999 | NEW | high | CVE-2025-9288 yarnpkg: Missing type checks leading to hash rewind and passing on crafted data [epel-10] |
| 2390167 | NEW | low | CVE-2025-9308 yarnpkg: yarnpkg regular expression denial of service [epel-10] |
| 2391120 | NEW | high | CVE-2025-55298 ImageMagick: ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution [epel-all] |
| 2391123 | NEW | low | CVE-2025-55212 ImageMagick: ImageMagick crash on crafted input [epel-10] |
| 2391600 | NEW | medium | CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391601 | ON_QA | medium | CVE-2025-58058 forgejo: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391603 | NEW | medium | CVE-2025-58058 image-builder: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391604 | NEW | medium | CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391605 | NEW | medium | CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391606 | NEW | medium | CVE-2025-58058 prometheus-podman-exporter: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391607 | NEW | medium | CVE-2025-58058 singularity-ce: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391888 | ON_QA | medium | CVE-2025-55763 civetweb: CivetWeb buffer overflow [epel-10] |
| 2391972 | ON_QA | low | CVE-2025-58160 maturin: Tracing log pollution [epel-10] |
| 2391973 | ON_QA | low | CVE-2025-58160 ruff: Tracing log pollution [epel-10] |
| 2391976 | NEW | low | CVE-2025-58160 vaultwarden: Tracing log pollution [epel-10] |
| 2392351 | NEW | medium | CVE-2025-9732 dcmtk: DCMTK dcm2img diybrpxt.h memory corruption [epel-10] |
| 2392573 | NEW | medium | CVE-2025-9810 keydb: TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes [epel-10] |
| 2392632 | NEW | high | CVE-2025-49794 qt6-qtwebengine: Heap use after free (UAF) leads to Denial of service (DoS) [epel-all] |
| 2392637 | NEW | high | CVE-2025-49796 qt6-qtwebengine: Type confusion leads to Denial of service (DoS) [epel-all] |
| 2392665 | NEW | medium | CVE-2025-9375 python-xmltodict: xmltodict XML Injection [epel-10] |
| 2392771 | NEW | high | CVE-2025-57803 ImageMagick: ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow [epel-10] |
| 2392945 | NEW | high | CVE-2025-57052 cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings [epel-all] |
| 2393035 | NEW | medium | CVE-2025-9864 chromium: Use after free in Cast in Google Chrome [epel-all] |
| 2393052 | NEW | unspecified | CVE-2025-9866 chromium: Inappropriate implementation in Extensions in Google Chrome [epel-all] |
| 2393058 | NEW | low | CVE-2025-54812 log4cxx: Log4cxx HTMLLayout XSS Vulnerability [epel-10] |
| 2393129 | NEW | medium | CVE-2025-54813 log4cxx: Log4cxx: Improper JSON Output Neutralization [epel-10] |
| 2393598 | NEW | medium | CVE-2025-57807 ImageMagick: ImageMagick BlobStream Forward-Seek Under-Allocation [epel-10] |
| 2393897 | NEW | high | CVE-2025-58367 python-deepdiff: DeepDiff class pollution [epel-10] |
| 2393915 | ON_QA | medium | CVE-2025-40929 perl-Cpanel-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [epel-all] |
| 2394111 | NEW | medium | CVE-2025-9951 ffmpeg: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394114 | NEW | medium | CVE-2025-9951 qt6-qtwebengine: heap-based buffer overflow in jpeg2000dec [epel-all] |