issues
search
Nix-Security-WG
/
nix-local-security-scanner
Reports on which security advisories may be relevant for a given system or derivation
MIT License
3
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
False positive: CVE-2023-27371 in libmicrohttpd
#27
raboof
closed
10 months ago
0
False positive: CVE-2019-14860, CVE-2019-14900 in fuse
#1
raboof
opened
11 months ago
0
False negative: CVE-2023-38470 in avahi
#28
raboof
closed
11 months ago
1
False positive: CVE-2015-1773 in flex
#5
raboof
opened
11 months ago
0
Ingest repology CPE bindings for more accurate matching
#13
raboof
opened
11 months ago
0
False positive: CVE-2006-7246 in networkmanager
#29
raboof
closed
11 months ago
1
Cache parsed NVD collection
#6
raboof
opened
11 months ago
0
Cache web results per advisory id
#7
raboof
opened
11 months ago
0
False positive: CVE-2023-45853 in zlib
#14
raboof
opened
11 months ago
0
False positive: CVE-2019-0190 in openssl
#16
raboof
opened
11 months ago
0
False positive: CVE-2023-2975 in openssl
#30
raboof
closed
11 months ago
1
Fetch NVD delta information
#31
raboof
closed
11 months ago
1
Cache inventory
#10
raboof
opened
11 months ago
0
Smarter backoff when hitting NVD rate limits
#8
raboof
opened
11 months ago
0
Improve performance
#9
raboof
opened
11 months ago
0
Exclude particular CPEs from version and package name matching
#2
raboof
opened
11 months ago
0
False positive: CVE-2015-2987 in ed
#4
raboof
opened
11 months ago
0
False positive: CVE-2021-32490 and others in djvulibre
#32
raboof
closed
10 months ago
1
False positive: CVE-2023-24805 in cups-filters
#33
raboof
closed
10 months ago
0
False positive: CVE-2022-26691 in CUPS
#3
raboof
opened
11 months ago
0
False positive: CVE-2023-1972 in binutils
#34
raboof
closed
10 months ago
0
Take into account patch information from the derivation
#35
raboof
closed
10 months ago
1
False positive: CVE-2023-3341 (and 7 more) in bind
#11
raboof
opened
11 months ago
0
False positive: CVE-2021-26720 in avahi
#12
raboof
opened
11 months ago
1
False positive: wrong match on jenkins git plugin
#15
cidkidnix
opened
11 months ago
1
False positive: CVE-2023-3576 in libtiff
#36
raboof
closed
11 months ago
1
False positive: CVE-2023-2908 in libtiff
#37
raboof
closed
11 months ago
1
False positives: various in 'kernel-modules' and 'glibc-locales'
#17
raboof
opened
1 year ago
1
False positive: CVE-2023-3618 in libtiff
#38
raboof
closed
11 months ago
1
False postive: CVE-2023-32665 in glib
#39
raboof
closed
11 months ago
1
False positive: CVE-2023-32611 in glib
#40
raboof
closed
11 months ago
1
False positive: CVE-2023-3164 in gawk
#41
raboof
closed
11 months ago
1
False positive: CVE-2023-41175 in libtiff
#42
raboof
closed
1 year ago
0
False positive: CVE-2023-43789 in libXpm
#43
raboof
closed
1 year ago
0
False positive: CVE-2023-43787 in libX11
#44
raboof
closed
1 year ago
0
Take into account affected version ranges from advisories
#45
raboof
closed
11 months ago
2
False positive: CVE-2023-29499 in glib
#46
raboof
closed
11 months ago
1
Show severity
#20
raboof
opened
1 year ago
2
Ingest NVD feed of advisory metadata
#47
raboof
closed
11 months ago
1
False positive: CVE-2023-4156 in gawk
#48
raboof
closed
11 months ago
1
Allow recording an overridden severity level for an advisory
#51
raboof
closed
11 months ago
3
False positive: w3m via nixos-help
#22
raboof
opened
1 year ago
0
Explain where a dependency comes from
#25
raboof
opened
1 year ago
0
Export scan results in a form Sonatype CLM / Nexus IQ can consume
#23
raboof
opened
1 year ago
0
Package up the local scanner as a flake
#24
raboof
opened
1 year ago
0
[Tracking issue] Demo Readiness
#18
ApolloUnicorn
opened
1 year ago
1
Sending notifications of newly detected local vulnerabilities
#26
raboof
opened
1 year ago
1
Creating the inventory of locally installed derivations
#19
raboof
opened
1 year ago
1
[Tracking issue] "End user" story
#21
RaitoBezarius
opened
1 year ago
9