feat(nvim): Add lockfile to manage plugins install

github-actions[bot] commented 2 years ago

Report for `eden`

Version changes:

Version 1 -> 2:

Security vulnerability report

36 derivations with active advisories
17 derivations left out due to whitelisting

------------------------------------------------------------------------
Nuget-5.6.0.6489

/nix/store/sxp5xh1f1cp2flrrhakqg5sil6x5bf1m-Nuget-5.6.0.6489.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30184    5.5

------------------------------------------------------------------------
ShellCheck-0.8.0

/nix/store/9i03n6sji6nr4gsx0lnkqcjqshbhfjz0-ShellCheck-0.8.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
ShellCheck-0.8.0-r1.cabal

/nix/store/hvg687rllb51gf6a85bxd5b37db0w99h-ShellCheck-0.8.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
async-2.2.4

/nix/store/lwn2ybnhx54yskfx7c85d7m5znzdxsg2-async-2.2.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8

------------------------------------------------------------------------
async-2.2.4-r1.cabal

/nix/store/17r0irqkwadjfzbwsb5vhwffv6lp6d5w-async-2.2.4-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8

------------------------------------------------------------------------
cereal-0.5.8.2

/nix/store/skbaiy0z22sz2sz0ga6m5v5dmidns73y-cereal-0.5.8.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
cereal-0.5.8.2-r1.cabal

/nix/store/1vhkiawzyxjri5fcai4bvi0b8ry0ik1s-cereal-0.5.8.2-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
charset-0.3.9

/nix/store/aph9nhkd8dcagc5kggm3zfxp8hbjhyhj-charset-0.3.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2017-16098    7.5

------------------------------------------------------------------------
commonmark-0.2.2

/nix/store/022q7bfi5wvv8lc3706vk1waczizk5a5-commonmark-0.2.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/pnhl3m0lpsrsr8rc5p2f511vn0k003n0-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.11.0

/nix/store/l1mr0zjm42saqqlp7pm82d42vy3rbn6f-fuse-3.11.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
git-2.36.1

/nix/store/blwcxa43f00szrhfb9idzp58hz3nm5w3-git-2.36.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-30948    7.5
https://nvd.nist.gov/vuln/detail/CVE-2018-1000182  6.4
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2018-1000110  5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-30949    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.16-linux-amd64-bootstrap

/nix/store/zyz36p7006xcvvd1qvd9ajgswgl4yvrm-go-1.16-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-38297    9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23806    9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-39293    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41771    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41772    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-44716    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23772    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23773    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24675    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24921    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-28327    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-34558    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-29526    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-44717    4.8

------------------------------------------------------------------------
http-client-0.7.11

/nix/store/0ns4888fslwzwnwqnmnajr7k2bbyfikw-http-client-0.7.11.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
http-client-0.7.11-r1.cabal

/nix/store/75xfs6pc2zwk2jqdf2bvk6s2wffcn7ci-http-client-0.7.11-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jose-0.9

/nix/store/a71sardhy9kx8mj7hylc50yvlwq03j21-jose-0.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-29444    5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-29445    5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-29446    5.9

------------------------------------------------------------------------
lens-5.0.1

/nix/store/pwp6fp57gvicbws1qm1gq8gcz7jrz13h-lens-5.0.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8

------------------------------------------------------------------------
lens-5.0.1-r3.cabal

/nix/store/kcksvk4qajab1sjnb1rq1jkmrkb02f3w-lens-5.0.1-r3.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8

------------------------------------------------------------------------
libjxl-0.6.1

/nix/store/id477m5plq4ivb1lwwl0gfnyz97h5mbn-libjxl-0.6.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-34000    6.5

------------------------------------------------------------------------
libtiff-4.4.0

/nix/store/420wia2ydi6y3781hz92gawhh69gsj4g-libtiff-4.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2056     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-2057     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-2058     6.5

------------------------------------------------------------------------
lua-2.1.0

/nix/store/43gvy1lwacn696v2kbxlvyhzn8z9m38x-lua-2.1.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-15888    8.8
https://nvd.nist.gov/vuln/detail/CVE-2020-15945    5.5

------------------------------------------------------------------------
network-3.1.2.7

/nix/store/xp8lmfaz4h2cibkidwkcgimjyj0hhris-network-3.1.2.7.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
openssl-0.10.30

/nix/store/3rafcwxv89yzmfqkmz92jcmw9l5r01fh-openssl-0.10.30.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-16395    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-4044     7.5

------------------------------------------------------------------------
openssl-1.1.1p

/nix/store/15h4abxf1akjyh7h6l2gwvn4i59cb0jd-openssl-1.1.1p.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-16395    9.8

------------------------------------------------------------------------
quote-1.0.7

/nix/store/m9aqyi37vaxb7x0iicfqhmmhaz1bzpp7-quote-1.0.7.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
regex-1.4.5

/nix/store/9h8cx45drw2m6almbzn88lijqbal8jyg-regex-1.4.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-24713    7.5

------------------------------------------------------------------------
repo-0.1.3

/nix/store/zl9sj49sbizdcxdwdg0rh0dn1rawxmr7-repo-0.1.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-30948    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-30949    5.3

------------------------------------------------------------------------
safe-0.3.19

/nix/store/z8l7d0cp3cjcda9wvz03rqz09ff7ycl2-safe-0.3.19.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5

------------------------------------------------------------------------
systemd-2.3.0

/nix/store/7kzz11c3091r4nkdp2g9rynwhq78z9i1-systemd-2.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2017-1000082  9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-15688    8.8
https://nvd.nist.gov/vuln/detail/CVE-2017-18078    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-6954     7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-15686    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-16864    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-16865    7.8
https://nvd.nist.gov/vuln/detail/CVE-2019-3843     7.8
https://nvd.nist.gov/vuln/detail/CVE-2019-3844     7.8
https://nvd.nist.gov/vuln/detail/CVE-2020-1712     7.8
https://nvd.nist.gov/vuln/detail/CVE-2017-9217     7.5
https://nvd.nist.gov/vuln/detail/CVE-2018-15687    7.0
https://nvd.nist.gov/vuln/detail/CVE-2019-3842     7.0
https://nvd.nist.gov/vuln/detail/CVE-2020-13776    6.7
https://nvd.nist.gov/vuln/detail/CVE-2018-1049     5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-33910    5.5
https://nvd.nist.gov/vuln/detail/CVE-2018-16888    4.7
https://nvd.nist.gov/vuln/detail/CVE-2019-20386    2.4

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/4cbg78898jhrzlpfpragvzsn1a3vr5g5-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-19786    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3

------------------------------------------------------------------------
vault-0.3.1.5-r1.cabal

/nix/store/5fbidp6xkjjr8ia9abd9clficpa2r0kf-vault-0.3.1.5-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-19786    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3

------------------------------------------------------------------------
vim-9.0.0001

/nix/store/0bqh877bnps4bq26gw6wfcp7ryv8lyyp-vim-9.0.0001.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2257     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2264     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2284     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2285     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2286     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2287     7.1

------------------------------------------------------------------------
warp-3.3.21

/nix/store/rkgc27ah9mxdd3jkbgmm6c6clyxdbb3g-warp-3.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8

------------------------------------------------------------------------
websockets-0.12.7.3

/nix/store/rad5kncvalqgbi7qiyjbfh0f5raijkw3-websockets-0.12.7.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33880    5.9

------------------------------------------------------------------------
websockets-0.12.7.3-r1.cabal

/nix/store/gl8prkhf39zz2ndbmn8jz85vr75kb5iz-websockets-0.12.7.3-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33880    5.9

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/54b5yaiznlndpdgsy3z0rm748k288v3w-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-25032    7.5

use --show-whitelisted to see derivations with only whitelisted CVEs

github-actions[bot] commented 2 years ago

Report for `sloth`

Version changes:

Version 1 -> 2:

Security vulnerability report

37 derivations with active advisories
29 derivations left out due to whitelisting

------------------------------------------------------------------------
Nuget-5.6.0.6489

/nix/store/sxp5xh1f1cp2flrrhakqg5sil6x5bf1m-Nuget-5.6.0.6489.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30184    5.5

------------------------------------------------------------------------
ShellCheck-0.8.0

/nix/store/9i03n6sji6nr4gsx0lnkqcjqshbhfjz0-ShellCheck-0.8.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
ShellCheck-0.8.0-r1.cabal

/nix/store/hvg687rllb51gf6a85bxd5b37db0w99h-ShellCheck-0.8.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
async-2.2.4

/nix/store/lwn2ybnhx54yskfx7c85d7m5znzdxsg2-async-2.2.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8

------------------------------------------------------------------------
async-2.2.4-r1.cabal

/nix/store/17r0irqkwadjfzbwsb5vhwffv6lp6d5w-async-2.2.4-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8

------------------------------------------------------------------------
cereal-0.5.8.2

/nix/store/skbaiy0z22sz2sz0ga6m5v5dmidns73y-cereal-0.5.8.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
cereal-0.5.8.2-r1.cabal

/nix/store/1vhkiawzyxjri5fcai4bvi0b8ry0ik1s-cereal-0.5.8.2-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
charset-0.3.9

/nix/store/aph9nhkd8dcagc5kggm3zfxp8hbjhyhj-charset-0.3.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2017-16098    7.5

------------------------------------------------------------------------
commonmark-0.2.2

/nix/store/022q7bfi5wvv8lc3706vk1waczizk5a5-commonmark-0.2.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.2

/nix/store/gzjvk93vr7nspfqziiwab58nqlcmwxhi-cups-2.4.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
exfat-1.3.0

/nix/store/a07gn9byk4i67a5drxv5n9csslw5z1ma-exfat-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-29973    4.7

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/pnhl3m0lpsrsr8rc5p2f511vn0k003n0-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.11.0

/nix/store/l1mr0zjm42saqqlp7pm82d42vy3rbn6f-fuse-3.11.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
git-2.36.1

/nix/store/blwcxa43f00szrhfb9idzp58hz3nm5w3-git-2.36.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-30948    7.5
https://nvd.nist.gov/vuln/detail/CVE-2018-1000182  6.4
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2018-1000110  5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-30949    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.16-linux-amd64-bootstrap

/nix/store/zyz36p7006xcvvd1qvd9ajgswgl4yvrm-go-1.16-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-38297    9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23806    9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-39293    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41771    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41772    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-44716    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23772    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23773    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24675    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24921    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-28327    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-34558    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-29526    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-44717    4.8

------------------------------------------------------------------------
http-client-0.7.11

/nix/store/0ns4888fslwzwnwqnmnajr7k2bbyfikw-http-client-0.7.11.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
http-client-0.7.11-r1.cabal

/nix/store/75xfs6pc2zwk2jqdf2bvk6s2wffcn7ci-http-client-0.7.11-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jose-0.9

/nix/store/a71sardhy9kx8mj7hylc50yvlwq03j21-jose-0.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-29444    5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-29445    5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-29446    5.9

------------------------------------------------------------------------
lens-5.0.1

/nix/store/pwp6fp57gvicbws1qm1gq8gcz7jrz13h-lens-5.0.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8

------------------------------------------------------------------------
lens-5.0.1-r3.cabal

/nix/store/kcksvk4qajab1sjnb1rq1jkmrkb02f3w-lens-5.0.1-r3.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8

------------------------------------------------------------------------
libjxl-0.6.1

/nix/store/id477m5plq4ivb1lwwl0gfnyz97h5mbn-libjxl-0.6.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-34000    6.5

------------------------------------------------------------------------
libtiff-4.4.0

/nix/store/420wia2ydi6y3781hz92gawhh69gsj4g-libtiff-4.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2056     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-2057     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-2058     6.5

------------------------------------------------------------------------
lua-2.1.0

/nix/store/43gvy1lwacn696v2kbxlvyhzn8z9m38x-lua-2.1.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-15888    8.8
https://nvd.nist.gov/vuln/detail/CVE-2020-15945    5.5

------------------------------------------------------------------------
lua-5.2.4-env

/nix/store/pd9vkwhlasw7zgh07ablngm3q27pk7yd-lua-5.2.4-env.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-15888    8.8
https://nvd.nist.gov/vuln/detail/CVE-2020-15945    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43519    5.5

------------------------------------------------------------------------
markdown-0.33-1.rockspec

/nix/store/900mafzsy3jx9r79nchwkfwhlr9c9ic3-markdown-0.33-1.rockspec.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-1000874  6.1

------------------------------------------------------------------------
network-3.1.2.7

/nix/store/xp8lmfaz4h2cibkidwkcgimjyj0hhris-network-3.1.2.7.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
nss-3.68.4

/nix/store/l7c98ar41fwnfgpms6r0wbs3s94i3lkl-nss-3.68.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43527    9.8

------------------------------------------------------------------------
openssl-1.1.1p

/nix/store/15h4abxf1akjyh7h6l2gwvn4i59cb0jd-openssl-1.1.1p.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-16395    9.8

------------------------------------------------------------------------
safe-0.3.19

/nix/store/z8l7d0cp3cjcda9wvz03rqz09ff7ycl2-safe-0.3.19.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5

------------------------------------------------------------------------
systemd-2.3.0

/nix/store/7kzz11c3091r4nkdp2g9rynwhq78z9i1-systemd-2.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2017-1000082  9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-15688    8.8
https://nvd.nist.gov/vuln/detail/CVE-2017-18078    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-6954     7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-15686    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-16864    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-16865    7.8
https://nvd.nist.gov/vuln/detail/CVE-2019-3843     7.8
https://nvd.nist.gov/vuln/detail/CVE-2019-3844     7.8
https://nvd.nist.gov/vuln/detail/CVE-2020-1712     7.8
https://nvd.nist.gov/vuln/detail/CVE-2017-9217     7.5
https://nvd.nist.gov/vuln/detail/CVE-2018-15687    7.0
https://nvd.nist.gov/vuln/detail/CVE-2019-3842     7.0
https://nvd.nist.gov/vuln/detail/CVE-2020-13776    6.7
https://nvd.nist.gov/vuln/detail/CVE-2018-1049     5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-33910    5.5
https://nvd.nist.gov/vuln/detail/CVE-2018-16888    4.7
https://nvd.nist.gov/vuln/detail/CVE-2019-20386    2.4

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/4cbg78898jhrzlpfpragvzsn1a3vr5g5-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-19786    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3

------------------------------------------------------------------------
vault-0.3.1.5-r1.cabal

/nix/store/5fbidp6xkjjr8ia9abd9clficpa2r0kf-vault-0.3.1.5-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-19786    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3

------------------------------------------------------------------------
vim-9.0.0001

/nix/store/0bqh877bnps4bq26gw6wfcp7ryv8lyyp-vim-9.0.0001.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2257     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2264     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2284     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2285     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2286     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2287     7.1

------------------------------------------------------------------------
warp-3.3.21

/nix/store/rkgc27ah9mxdd3jkbgmm6c6clyxdbb3g-warp-3.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8

------------------------------------------------------------------------
websockets-0.12.7.3

/nix/store/rad5kncvalqgbi7qiyjbfh0f5raijkw3-websockets-0.12.7.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33880    5.9

------------------------------------------------------------------------
websockets-0.12.7.3-r1.cabal

/nix/store/gl8prkhf39zz2ndbmn8jz85vr75kb5iz-websockets-0.12.7.3-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33880    5.9

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/54b5yaiznlndpdgsy3z0rm748k288v3w-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-25032    7.5

use --show-whitelisted to see derivations with only whitelisted CVEs

github-actions[bot] commented 2 years ago

Report for `pride`

Version changes:

Version 1 -> 2:

Security vulnerability report

43 derivations with active advisories
32 derivations left out due to whitelisting

------------------------------------------------------------------------
Nuget-5.6.0.6489

/nix/store/sxp5xh1f1cp2flrrhakqg5sil6x5bf1m-Nuget-5.6.0.6489.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30184    5.5

------------------------------------------------------------------------
SDL_ttf-2.0.11

/nix/store/1h7900ppf89mc035fsfffaq72grjwj6f-SDL_ttf-2.0.11.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-27470    7.8

------------------------------------------------------------------------
ShellCheck-0.8.0

/nix/store/9i03n6sji6nr4gsx0lnkqcjqshbhfjz0-ShellCheck-0.8.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
ShellCheck-0.8.0-r1.cabal

/nix/store/hvg687rllb51gf6a85bxd5b37db0w99h-ShellCheck-0.8.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
async-2.2.4

/nix/store/lwn2ybnhx54yskfx7c85d7m5znzdxsg2-async-2.2.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8

------------------------------------------------------------------------
async-2.2.4-r1.cabal

/nix/store/17r0irqkwadjfzbwsb5vhwffv6lp6d5w-async-2.2.4-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8

------------------------------------------------------------------------
cereal-0.5.8.2

/nix/store/skbaiy0z22sz2sz0ga6m5v5dmidns73y-cereal-0.5.8.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
cereal-0.5.8.2-r1.cabal

/nix/store/1vhkiawzyxjri5fcai4bvi0b8ry0ik1s-cereal-0.5.8.2-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
charset-0.3.9

/nix/store/aph9nhkd8dcagc5kggm3zfxp8hbjhyhj-charset-0.3.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2017-16098    7.5

------------------------------------------------------------------------
commonmark-0.2.2

/nix/store/022q7bfi5wvv8lc3706vk1waczizk5a5-commonmark-0.2.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.2

/nix/store/gzjvk93vr7nspfqziiwab58nqlcmwxhi-cups-2.4.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
exfat-1.3.0

/nix/store/a07gn9byk4i67a5drxv5n9csslw5z1ma-exfat-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-29973    4.7

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/pnhl3m0lpsrsr8rc5p2f511vn0k003n0-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.11.0

/nix/store/l1mr0zjm42saqqlp7pm82d42vy3rbn6f-fuse-3.11.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-7.5.0

/nix/store/1lhkiq30l4wv2ssj867c3zy31w55s534-gcc-7.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-12886    8.1
https://nvd.nist.gov/vuln/detail/CVE-2021-37322    7.8

------------------------------------------------------------------------
git-2.36.1

/nix/store/blwcxa43f00szrhfb9idzp58hz3nm5w3-git-2.36.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-30948    7.5
https://nvd.nist.gov/vuln/detail/CVE-2018-1000182  6.4
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2018-1000110  5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-30949    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.16-linux-amd64-bootstrap

/nix/store/zyz36p7006xcvvd1qvd9ajgswgl4yvrm-go-1.16-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-38297    9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23806    9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-39293    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41771    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41772    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-44716    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23772    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23773    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24675    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24921    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-28327    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-34558    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-29526    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-44717    4.8

------------------------------------------------------------------------
http-client-0.7.11

/nix/store/0ns4888fslwzwnwqnmnajr7k2bbyfikw-http-client-0.7.11.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
http-client-0.7.11-r1.cabal

/nix/store/75xfs6pc2zwk2jqdf2bvk6s2wffcn7ci-http-client-0.7.11-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jose-0.9

/nix/store/a71sardhy9kx8mj7hylc50yvlwq03j21-jose-0.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-29444    5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-29445    5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-29446    5.9

------------------------------------------------------------------------
lens-5.0.1

/nix/store/pwp6fp57gvicbws1qm1gq8gcz7jrz13h-lens-5.0.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8

------------------------------------------------------------------------
lens-5.0.1-r3.cabal

/nix/store/kcksvk4qajab1sjnb1rq1jkmrkb02f3w-lens-5.0.1-r3.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6
https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8

------------------------------------------------------------------------
libjxl-0.6.1

/nix/store/id477m5plq4ivb1lwwl0gfnyz97h5mbn-libjxl-0.6.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-34000    6.5

------------------------------------------------------------------------
libtiff-4.4.0

/nix/store/420wia2ydi6y3781hz92gawhh69gsj4g-libtiff-4.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2056     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-2057     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-2058     6.5

------------------------------------------------------------------------
lua-2.1.0

/nix/store/43gvy1lwacn696v2kbxlvyhzn8z9m38x-lua-2.1.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-15888    8.8
https://nvd.nist.gov/vuln/detail/CVE-2020-15945    5.5

------------------------------------------------------------------------
lua-5.2.4-env

/nix/store/pd9vkwhlasw7zgh07ablngm3q27pk7yd-lua-5.2.4-env.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-15888    8.8
https://nvd.nist.gov/vuln/detail/CVE-2020-15945    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43519    5.5

------------------------------------------------------------------------
markdown-0.33-1.rockspec

/nix/store/900mafzsy3jx9r79nchwkfwhlr9c9ic3-markdown-0.33-1.rockspec.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-1000874  6.1

------------------------------------------------------------------------
network-3.1.2.7

/nix/store/xp8lmfaz4h2cibkidwkcgimjyj0hhris-network-3.1.2.7.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
nss-3.68.4

/nix/store/2r2m6r4aqijh821bvqnsz2xjg11qz09y-nss-3.68.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-43527    9.8

------------------------------------------------------------------------
openssl-0.10.30

/nix/store/3rafcwxv89yzmfqkmz92jcmw9l5r01fh-openssl-0.10.30.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-16395    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-4044     7.5

------------------------------------------------------------------------
openssl-1.1.1p

/nix/store/15h4abxf1akjyh7h6l2gwvn4i59cb0jd-openssl-1.1.1p.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-16395    9.8

------------------------------------------------------------------------
quote-1.0.7

/nix/store/m9aqyi37vaxb7x0iicfqhmmhaz1bzpp7-quote-1.0.7.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
regex-1.4.5

/nix/store/9h8cx45drw2m6almbzn88lijqbal8jyg-regex-1.4.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-24713    7.5

------------------------------------------------------------------------
repo-0.1.3

/nix/store/zl9sj49sbizdcxdwdg0rh0dn1rawxmr7-repo-0.1.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-30948    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-30949    5.3

------------------------------------------------------------------------
safe-0.3.19

/nix/store/z8l7d0cp3cjcda9wvz03rqz09ff7ycl2-safe-0.3.19.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5

------------------------------------------------------------------------
systemd-2.3.0

/nix/store/7kzz11c3091r4nkdp2g9rynwhq78z9i1-systemd-2.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2017-1000082  9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-15688    8.8
https://nvd.nist.gov/vuln/detail/CVE-2017-18078    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-6954     7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-15686    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-16864    7.8
https://nvd.nist.gov/vuln/detail/CVE-2018-16865    7.8
https://nvd.nist.gov/vuln/detail/CVE-2019-3843     7.8
https://nvd.nist.gov/vuln/detail/CVE-2019-3844     7.8
https://nvd.nist.gov/vuln/detail/CVE-2020-1712     7.8
https://nvd.nist.gov/vuln/detail/CVE-2017-9217     7.5
https://nvd.nist.gov/vuln/detail/CVE-2018-15687    7.0
https://nvd.nist.gov/vuln/detail/CVE-2019-3842     7.0
https://nvd.nist.gov/vuln/detail/CVE-2020-13776    6.7
https://nvd.nist.gov/vuln/detail/CVE-2018-1049     5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-33910    5.5
https://nvd.nist.gov/vuln/detail/CVE-2018-16888    4.7
https://nvd.nist.gov/vuln/detail/CVE-2019-20386    2.4

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/4cbg78898jhrzlpfpragvzsn1a3vr5g5-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-19786    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3

------------------------------------------------------------------------
vault-0.3.1.5-r1.cabal

/nix/store/5fbidp6xkjjr8ia9abd9clficpa2r0kf-vault-0.3.1.5-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-19786    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3

------------------------------------------------------------------------
vim-9.0.0001

/nix/store/0bqh877bnps4bq26gw6wfcp7ryv8lyyp-vim-9.0.0001.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2257     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2264     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2284     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2285     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2286     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2287     7.1

------------------------------------------------------------------------
warp-3.3.21

/nix/store/rkgc27ah9mxdd3jkbgmm6c6clyxdbb3g-warp-3.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8

------------------------------------------------------------------------
websockets-0.12.7.3

/nix/store/rad5kncvalqgbi7qiyjbfh0f5raijkw3-websockets-0.12.7.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33880    5.9

------------------------------------------------------------------------
websockets-0.12.7.3-r1.cabal

/nix/store/gl8prkhf39zz2ndbmn8jz85vr75kb5iz-websockets-0.12.7.3-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33880    5.9

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/54b5yaiznlndpdgsy3z0rm748k288v3w-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2018-25032    7.5

use --show-whitelisted to see derivations with only whitelisted CVEs

github-actions[bot] commented 2 years ago

Report for `theman`

Version changes:

Version 1 -> 2:

Security vulnerability report

27 derivations with active advisories'
'15 derivations left out due to whitelisting'
''
'------------------------------------------------------------------------'
'async-2.2.4'
''
'/nix/store/522p4m6g9ffx7rxv9dh4j06z8m12xf9s-async-2.2.4.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8'
''
'------------------------------------------------------------------------'
'async-2.2.4-r1.cabal'
''
'/nix/store/fa419f6ihzzfxpng729gb5ly4n2w80v2-async-2.2.4-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-43138    7.8'
''
'------------------------------------------------------------------------'
'cereal-0.5.8.2'
''
'/nix/store/m0r8pbjmd17ih4x9dyca1kz7a6vwyrl1-cereal-0.5.8.2.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3'
''
'------------------------------------------------------------------------'
'cereal-0.5.8.2-r1.cabal'
''
'/nix/store/hkn9fyz7fz051bcr7mjsrhmgy48qmf1w-cereal-0.5.8.2-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3'
''
'------------------------------------------------------------------------'
'charset-0.3.9'
''
'/nix/store/nzdlzj8fda2qhwzy9m508bmc7lrziqjz-charset-0.3.9.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2017-16098    7.5'
''
'------------------------------------------------------------------------'
'commonmark-0.2.2'
''
'/nix/store/q2j57zf3qf5m23a7alaj2h4dg422pvdc-commonmark-0.2.2.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1'
''
'------------------------------------------------------------------------'
'dot-0.1.4'
''
'/nix/store/rcpx68c4bsfnwksyk17j4jdr2z7b2vpy-dot-0.1.4.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-7639     5.3'
''
'------------------------------------------------------------------------'
'git-2.36.1'
''
'/nix/store/3n1rviamyh5jr66w31qrw2n1fy701ynf-git-2.36.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30948    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2018-1000182  6.4'
'https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2018-1000110  5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30949    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3'
''
'------------------------------------------------------------------------'
'go-1.16-darwin-amd64-bootstrap'
''
'/nix/store/d374nxyb3mfx2g22ax041aidhjhgpfck-go-1.16-darwin-amd64-bootstrap.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-38297    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-23806    9.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-39293    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41771    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41772    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44716    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-23772    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-23773    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24675    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24921    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28327    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-34558    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-29526    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44717    4.8'
''
'------------------------------------------------------------------------'
'home-0.5.3'
''
'/nix/store/48m9dqdbi3p0aqvkpwdhzvc1lmfjniqz-home-0.5.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-25264    6.7'
''
'------------------------------------------------------------------------'
'http-client-0.7.11'
''
'/nix/store/d9bnrnfjrlcrvr9dzbcwjy87wszhfx0q-http-client-0.7.11.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5'
''
'------------------------------------------------------------------------'
'http-client-0.7.11-r1.cabal'
''
'/nix/store/154s782m07pkn9dm9pvf8h9l0jy98cv0-http-client-0.7.11-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5'
''
'------------------------------------------------------------------------'
'instant-0.1.12'
''
'/nix/store/nfrg3qbnm99sg16j6f792h29w8a8n3y3-instant-0.1.12.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2017-13099    5.9'
''
'------------------------------------------------------------------------'
'lens-5.0.1'
''
'/nix/store/wlr8vgs4z2rvs2f1yb59kh3ld63cfgj4-lens-5.0.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6'
'https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8'
''
'------------------------------------------------------------------------'
'lens-5.0.1-r3.cabal'
''
'/nix/store/3bw67689lp6zi5nla0fnv8ywmjalxmhg-lens-5.0.1-r3.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44458    9.6'
'https://nvd.nist.gov/vuln/detail/CVE-2021-23154    7.8'
''
'------------------------------------------------------------------------'
'libtiff-4.4.0'
''
'/nix/store/ixcvi4iic1mk8k62dad80p0lp7gm6nax-libtiff-4.4.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2056     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2057     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2058     6.5'
''
'------------------------------------------------------------------------'
'lua-2.1.0'
''
'/nix/store/7lqj23zgxxyphfl4cb8p00xc76r421hv-lua-2.1.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-15888    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2020-15945    5.5'
''
'------------------------------------------------------------------------'
'network-3.1.2.7'
''
'/nix/store/5w64wfsg4v3gxjy62r75l58x2rgqgd2p-network-3.1.2.7.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5'
''
'------------------------------------------------------------------------'
'openssl-0.10.30'
''
'/nix/store/3axpg963zsy10gag3w9xnbqyf6mdfqmj-openssl-0.10.30.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2018-16395    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4044     7.5'
''
'------------------------------------------------------------------------'
'openssl-1.1.1p'
''
'/nix/store/8a4d271pzs9qqy4yvzvpb1c06xjlcivg-openssl-1.1.1p.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2018-16395    9.8'
''
'------------------------------------------------------------------------'
'quote-1.0.7'
''
'/nix/store/a7wyi03bny7355wfbqq29lsk97692l70-quote-1.0.7.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3'
''
'------------------------------------------------------------------------'
'quote-1.0.20'
''
'/nix/store/x5f10682k705zqcc74fablicpr844jqy-quote-1.0.20.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3'
''
'------------------------------------------------------------------------'
'regex-1.4.5'
''
'/nix/store/ivwmmigx29cbqf9hnnwlcxabfv6272dp-regex-1.4.5.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24713    7.5'
''
'------------------------------------------------------------------------'
'repo-0.1.3'
''
'/nix/store/6j9i3h03awrfmb0pdlwphcx228cqkb7n-repo-0.1.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30948    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30949    5.3'
''
'------------------------------------------------------------------------'
'safe-0.3.19'
''
'/nix/store/b7rpzihf6x6zqly4ik8wsq6jq9slipkh-safe-0.3.19.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5'
''
'------------------------------------------------------------------------'
'xshell-0.2.2'
''
'/nix/store/8xh9xnc727jli1pfjbk9c8axi9n0z87y-xshell-0.2.2.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-42095    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-27966    6.5'
''
'------------------------------------------------------------------------'
'zlib-0.6.3.0'
''
'/nix/store/jxzydxvc7bwh2cqfrhxqh3091qy5ygvz-zlib-0.6.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2018-25032    7.5'
''
'use --show-whitelisted to see derivations with only whitelisted CVEs

EdenEast / nyx

feat(nvim): Add lockfile to manage plugins install #53

Report for `eden`

Report for `sloth`

Report for `pride`

Report for `theman`

EdenEast / nyx

feat(nvim): Add lockfile to manage plugins install #53

Report for eden

Report for sloth

Report for pride

Report for theman

Report for `eden`

Report for `sloth`

Report for `pride`

Report for `theman`