search

tuckershea / constellation

My laptop and server configuration
0 stars 0 forks source link

Add tags for nix run shell commands #41

Closed NoRePercussions closed 3 months ago

NoRePercussions commented 3 months ago

Prefer stable nixpkgs for normal usage, so that we hit the cache more often (this should be paired with an increase in nix store ttl now that I have a better laptop). Also use unstable nixpkgs as a secondary option so that we have a better chance of hitting the nix foundation binary cache.

github-actions[bot] commented 3 months ago

Report for marlon

Version changes:

Version 1 -> 2:
Security vulnerability report 
50 derivations with active advisories
8 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/f32d5gf671p7k6v9q17xmzx4m3c3ikvp-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/m6993ckqfcban3dkypap2s5j9fwh3gqh-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
busybox-1.36.1

/nix/store/c054ch03fx77cahrb6022fmiigcp72da-busybox-1.36.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-42363    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42364    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42365    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42366    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/fngagym15k2qsls3wh7dz1anpafpv7ql-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/vnd9b8b3n66xyyc0jm4pv64ps970km91-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.8

/nix/store/b2a3f4asb1v8vgpvdm6qqgc2ggm2r3c2-cups-2.4.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dbus-1

/nix/store/w5slkddsz3b5vni7w2qiw4in6kvyqdgm-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/99pp61bdxjkk34fjwkla25nrd5wygxbg-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/yrwci7xqhqz6rqzblzxj7lwvpdaw967d-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/xkagf5fkcvx7a4qqp0skaywk4kksskyn-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.45.1

/nix/store/rvwlfzrwv0awqz1y87yywlq48yyvddmy-git-2.45.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/gqhz0hmfsznhys08q4h58pdb7sr7pnsx-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.3

/nix/store/dbgxyznjpwxrsxykdnlh15q1g9xv3lvr-go-1.22.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/9bjd6m1sp2a9c53h17mc6kshfffjl41m-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r5.cabal

/nix/store/9p769966bfy5pz2jnz5c7nk3f9mcpc7w-hedgehog-1.4-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/mva37vwssfj2lms5bv8syx5ixr43r9qn-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/9zg0ar1amir5g3kanfndpid37r5mwbda-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/b27zsdcby7hcx3gjskj0whlglpwjirjb-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/css79hbc7cap5xmg42jsns6851g7p5vd-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/77d74hj59ifl8fg1ixagks57ms3xgw5r-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/1l6lgm86679h5zjr2cz49xg92x6w831x-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/myalwsl9izrwscwsqxc90kn513f4m5f3-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/6wwqf4id5bsi8myvw1hz7w00xi770n31-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-06-04

/nix/store/pkyz92k7sh9xvnqw8zqwg5jjjyvaadjd-oh-my-zsh-2024-06-04.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openssh-9.7p1

/nix/store/4szsffz0y9kfr86w2nxm7dssjj5pw0gz-openssh-9.7p1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-6387     8.1

------------------------------------------------------------------------
openvpn-2.6.10

/nix/store/jpmz8ylgxca17kmvsgg72dkr68v60vnm-openvpn-2.6.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/qj6wag8y4zbwlznynyhjssi3an6avb4s-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/nzln49vm2in9kqrrhdkq5i8165hscq77-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/qafn4za3jpswhf66v19p2pp7i2x25f1g-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/0rid4zz964xfw5bvlrh8j2wqw90w4qz1-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.35

/nix/store/3l3m45sp40yiggbbacn85ijldq4ppfha-quote-1.0.35.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.11

/nix/store/8pcmvkzjg52pw6yv9x3lslm0bzb1gf7c-rubygems-3.5.11.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/cyblfdqfbz3p32x4dyh4g660r4qd6556-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/hlf4sk7ijz6kgk3nls9k6cq8syd4acxr-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.1

/nix/store/sbfa3vk72rlnakq65781mky8n0m3dp80-samba-4.20.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/07bdm4xcg7di539baaf8d7a5nyfnn5bw-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/gbnzx1ziflzl8x44fnys09nwnyc7w1m2-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
unzip-6.0

/nix/store/ycnmzpw4p0a5lm4i7q2n84hbkvamk4z4-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/vdrin9cxzlmlrrb26npcpg584hk6vlca-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r6.cabal

/nix/store/61m94h667afly17s2vs2ccfabndzi9yl-vault-0.3.1.5-r6.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
warp-3.3.31

/nix/store/qp9q9868xz9cravwicb14bk4c03rax8l-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/4j71h669xkqj0c5990bz9k5nidfisgb8-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/qg5dxpgncpvpg3gwdna8w68mvxmzczm2-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/1lig8vh8kzcprsn0mv1sls8rmagsmh0q-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/c5k42v0w3b4jb514mcn5qhl67hzq5q4k-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/lk2vhxb6llcnanwnn098ziw7f5b422nz-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/bvaxf0p3yfaw5a5pnm11yyx3rg1hzmxb-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/3659mf8jcb1hfly1g9mccjvpbdixvkiz-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r4.cabal

/nix/store/f3fb4wqc58b8rmw80frkzy0bgzvkkzdg-zlib-0.6.3.0-r4.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/r1ywn1kcr07fvmj0lzdddhfmg4im8dvw-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 3 months ago

Report for roland

Version changes:

Version 1 -> 2:
Security vulnerability report 
50 derivations with active advisories
8 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/f32d5gf671p7k6v9q17xmzx4m3c3ikvp-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/m6993ckqfcban3dkypap2s5j9fwh3gqh-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
busybox-1.36.1

/nix/store/c054ch03fx77cahrb6022fmiigcp72da-busybox-1.36.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-42363    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42364    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42365    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42366    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/fngagym15k2qsls3wh7dz1anpafpv7ql-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/vnd9b8b3n66xyyc0jm4pv64ps970km91-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.8

/nix/store/b2a3f4asb1v8vgpvdm6qqgc2ggm2r3c2-cups-2.4.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dbus-1

/nix/store/53zcqmj8ds6f4xgpdjv52hn7l28cnji2-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/99pp61bdxjkk34fjwkla25nrd5wygxbg-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/yrwci7xqhqz6rqzblzxj7lwvpdaw967d-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/xkagf5fkcvx7a4qqp0skaywk4kksskyn-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.45.1

/nix/store/rvwlfzrwv0awqz1y87yywlq48yyvddmy-git-2.45.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/gqhz0hmfsznhys08q4h58pdb7sr7pnsx-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.3

/nix/store/dbgxyznjpwxrsxykdnlh15q1g9xv3lvr-go-1.22.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/9bjd6m1sp2a9c53h17mc6kshfffjl41m-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r5.cabal

/nix/store/9p769966bfy5pz2jnz5c7nk3f9mcpc7w-hedgehog-1.4-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/mva37vwssfj2lms5bv8syx5ixr43r9qn-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/9zg0ar1amir5g3kanfndpid37r5mwbda-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/b27zsdcby7hcx3gjskj0whlglpwjirjb-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/css79hbc7cap5xmg42jsns6851g7p5vd-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/77d74hj59ifl8fg1ixagks57ms3xgw5r-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/1l6lgm86679h5zjr2cz49xg92x6w831x-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/myalwsl9izrwscwsqxc90kn513f4m5f3-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/6wwqf4id5bsi8myvw1hz7w00xi770n31-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-06-04

/nix/store/pkyz92k7sh9xvnqw8zqwg5jjjyvaadjd-oh-my-zsh-2024-06-04.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openssh-9.7p1

/nix/store/4szsffz0y9kfr86w2nxm7dssjj5pw0gz-openssh-9.7p1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-6387     8.1

------------------------------------------------------------------------
openvpn-2.6.10

/nix/store/jpmz8ylgxca17kmvsgg72dkr68v60vnm-openvpn-2.6.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/qj6wag8y4zbwlznynyhjssi3an6avb4s-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/nzln49vm2in9kqrrhdkq5i8165hscq77-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/qafn4za3jpswhf66v19p2pp7i2x25f1g-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/0rid4zz964xfw5bvlrh8j2wqw90w4qz1-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.35

/nix/store/3l3m45sp40yiggbbacn85ijldq4ppfha-quote-1.0.35.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.11

/nix/store/8pcmvkzjg52pw6yv9x3lslm0bzb1gf7c-rubygems-3.5.11.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/cyblfdqfbz3p32x4dyh4g660r4qd6556-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/hlf4sk7ijz6kgk3nls9k6cq8syd4acxr-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.1

/nix/store/sbfa3vk72rlnakq65781mky8n0m3dp80-samba-4.20.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/07bdm4xcg7di539baaf8d7a5nyfnn5bw-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/gbnzx1ziflzl8x44fnys09nwnyc7w1m2-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
unzip-6.0

/nix/store/ycnmzpw4p0a5lm4i7q2n84hbkvamk4z4-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/vdrin9cxzlmlrrb26npcpg584hk6vlca-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r6.cabal

/nix/store/61m94h667afly17s2vs2ccfabndzi9yl-vault-0.3.1.5-r6.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
warp-3.3.31

/nix/store/qp9q9868xz9cravwicb14bk4c03rax8l-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/4j71h669xkqj0c5990bz9k5nidfisgb8-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/qg5dxpgncpvpg3gwdna8w68mvxmzczm2-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/1lig8vh8kzcprsn0mv1sls8rmagsmh0q-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/c5k42v0w3b4jb514mcn5qhl67hzq5q4k-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/lk2vhxb6llcnanwnn098ziw7f5b422nz-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/bvaxf0p3yfaw5a5pnm11yyx3rg1hzmxb-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/3659mf8jcb1hfly1g9mccjvpbdixvkiz-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r4.cabal

/nix/store/f3fb4wqc58b8rmw80frkzy0bgzvkkzdg-zlib-0.6.3.0-r4.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/r1ywn1kcr07fvmj0lzdddhfmg4im8dvw-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 3 months ago

Report for elmira

Version changes:

Version 1 -> 2:
Security vulnerability report 
34 derivations with active advisories'
'6 derivations left out due to whitelisting'
''
'------------------------------------------------------------------------'
'ShellCheck-0.10.0'
''
'/nix/store/qcx26qah0bq0ia2ybxdc90yqvpw9n0cm-ShellCheck-0.10.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8'
''
'------------------------------------------------------------------------'
'cereal-0.5.8.3'
''
'/nix/store/74gk2nj4gx5y2hxzgqccidawv70cji99-cereal-0.5.8.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3'
''
'------------------------------------------------------------------------'
'commonmark-0.2.6'
''
'/nix/store/488xc6wnadvgayzp322kksv7hlhps5jz-commonmark-0.2.6.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1'
''
'------------------------------------------------------------------------'
'gcc-13.3.0'
''
'/nix/store/pkdqlphdvsli8xlpvnrbiklj7qyjj7a4-gcc-13.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8'
''
'------------------------------------------------------------------------'
'git-2.45.1'
''
'/nix/store/wmvjb12mdb0acpyd7v7c3fbvgyd06byi-git-2.45.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3'
''
'------------------------------------------------------------------------'
'go-1.21.0-darwin-arm64-bootstrap'
''
'/nix/store/6sqzr60gn90afpsvlnfpl68f07c2w4y9-go-1.21.0-darwin-arm64-bootstrap.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8'
''
'------------------------------------------------------------------------'
'go-1.22.3'
''
'/nix/store/hsa5clw79rvga90gfr4v1yfbzxi81dkb-go-1.22.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8'
''
'------------------------------------------------------------------------'
'hedgehog-1.4'
''
'/nix/store/jk3vb94iza72qcdi0ynr6kcfdr73pggp-hedgehog-1.4.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8'
''
'------------------------------------------------------------------------'
'hedgehog-1.4-r5.cabal'
''
'/nix/store/rhf1dsq8sqijxcvxgxrnz69ywxsc68s5-hedgehog-1.4-r5.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8'
''
'------------------------------------------------------------------------'
'http-client-0.7.17'
''
'/nix/store/v9rvrl5fcw6hmds66mn4bywvrih2rpz2-http-client-0.7.17.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5'
''
'------------------------------------------------------------------------'
'indent-2.2.13'
''
'/nix/store/0156m6x4g5qs6d8zc2gczf6vb6yw96pz-indent-2.2.13.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2024-0911     5.5'
''
'------------------------------------------------------------------------'
'libmemcached-1.0.18'
''
'/nix/store/lfxcf0b870izqmbglrlw8x1vl8bkjh7d-libmemcached-1.0.18.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5'
''
'------------------------------------------------------------------------'
'lodepng-3.10.1'
''
'/nix/store/5v26symx5bgxsbn9whmq7lnzj9wfrji4-lodepng-3.10.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5'
''
'------------------------------------------------------------------------'
'network-3.1.4.0'
''
'/nix/store/la2hz5crbpwwh1xad849lz3dkxdl4af0-network-3.1.4.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5'
''
'------------------------------------------------------------------------'
'network-3.1.4.0-r1.cabal'
''
'/nix/store/mhhj3i56d19cdxz04cvfpr62yzinflgb-network-3.1.4.0-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5'
''
'------------------------------------------------------------------------'
'ninja-1.12.1'
''
'/nix/store/pambq0n8myn3fhydrbq3fjksznmsizy2-ninja-1.12.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8'
''
'------------------------------------------------------------------------'
'oh-my-zsh-2024-06-04'
''
'/nix/store/npm5jci7rn760nbq5dwyf9pn78lmq80x-oh-my-zsh-2024-06-04.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8'
''
'------------------------------------------------------------------------'
'openmp-16.0.6'
''
'/nix/store/8j567vh9hxn7w2xhv5wgxacm4217in1k-openmp-16.0.6.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-26345    7.3'
''
'------------------------------------------------------------------------'
'openssh-9.7p1'
''
'/nix/store/mxk8vqhfhn8b9i0lpk8cv2p6pbzi0hlb-openssh-9.7p1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2024-6387     8.1'
''
'------------------------------------------------------------------------'
'quote-1.0.35'
''
'/nix/store/gf6d6rpsn8izixn09lng59l1a52rg57j-quote-1.0.35.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3'
''
'------------------------------------------------------------------------'
'rubygems-3.5.11'
''
'/nix/store/gfih7vx894na7ag7f297kwfzxvnh49iv-rubygems-3.5.11.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8'
''
'------------------------------------------------------------------------'
'safe-0.3.21'
''
'/nix/store/qnxs7q973nifzsn67j4fiaca91dmrp93-safe-0.3.21.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5'
''
'------------------------------------------------------------------------'
'safe-0.3.21-r1.cabal'
''
'/nix/store/bd4rw796ifmyrvdbyr7y96pl1y3jhqr3-safe-0.3.21-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5'
''
'------------------------------------------------------------------------'
'subversion-1.14.3'
''
'/nix/store/q43d7pdb3nxxgar3dl2527p3430qj7lc-subversion-1.14.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-21698    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2304     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2111     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-29046    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-29048    4.3'
''
'------------------------------------------------------------------------'
'unzip-6.0'
''
'/nix/store/c60qw2ly3i9iq5ixmb1fp0jwpvkfym7c-unzip-6.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3'
''
'------------------------------------------------------------------------'
'vault-0.3.1.5'
''
'/nix/store/hf847xxkghxbbi1n9z14s9p6r5xbdmk3-vault-0.3.1.5.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7'
''
'------------------------------------------------------------------------'
'vault-0.3.1.5-r6.cabal'
''
'/nix/store/9cc965vk9qv9w92lw04hq9j96648f4g3-vault-0.3.1.5-r6.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7'
''
'------------------------------------------------------------------------'
'warp-3.3.31'
''
'/nix/store/fmjbabbfmv4zaccv996iv56gjk5apwbg-warp-3.3.31.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7'
''
'------------------------------------------------------------------------'
'yaml-0.11.11.2'
''
'/nix/store/avpps5335xm3w2gz556s41jg3x8vsb6x-yaml-0.11.11.2.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5'
''
'------------------------------------------------------------------------'
'yaml-0.11.11.2-r2.cabal'
''
'/nix/store/1fzfv8g7fc9w3pgry3bvgdvjlgzvc9r3-yaml-0.11.11.2-r2.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5'
''
'------------------------------------------------------------------------'
'yasm-1.3.0'
''
'/nix/store/gs7h2w5hpihsd7zylfvk69cr6h7ikiix-yasm-1.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3'
''
'------------------------------------------------------------------------'
'zlib-0.6.3.0'
''
'/nix/store/d1cj6gbw2cf89w77d5xm3xihzbd3k01f-zlib-0.6.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'------------------------------------------------------------------------'
'zlib-0.6.3.0-r4.cabal'
''
'/nix/store/v5zx911qi74nspslkljin8h6462q62w1-zlib-0.6.3.0-r4.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'------------------------------------------------------------------------'
'zlib-1.3.1'
''
'/nix/store/i3a3rbp6fzh0g7b6xmxnhqnvbpw72f8z-zlib-1.3.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 3 months ago

Report for vic

Version changes:

Version 1 -> 2:
Security vulnerability report 
64 derivations with active advisories
9 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/f32d5gf671p7k6v9q17xmzx4m3c3ikvp-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
accountsservice-23.13.9

/nix/store/xlji1pzlk2jzlkdzns29pcp4g4m2zxk2-accountsservice-23.13.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-3297     7.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/m6993ckqfcban3dkypap2s5j9fwh3gqh-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
busybox-1.36.1

/nix/store/c054ch03fx77cahrb6022fmiigcp72da-busybox-1.36.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-42363    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42364    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42365    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-42366    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/fngagym15k2qsls3wh7dz1anpafpv7ql-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/vnd9b8b3n66xyyc0jm4pv64ps970km91-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
console-0.15.8

/nix/store/if37sccwj15q4sv3af1fvjwz4bg1zzka-console-0.15.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-33955    5.3

------------------------------------------------------------------------
cups-2.4.8

/nix/store/b2a3f4asb1v8vgpvdm6qqgc2ggm2r3c2-cups-2.4.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dash-0.5.12

/nix/store/sc5f17m2ljij68gmvz2d86bw599g14z8-dash-0.5.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-21485    5.4

------------------------------------------------------------------------
dbus-1

/nix/store/a59nyhmjbsb5gvjdp3yv1b09c8z5apvl-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
djvulibre-3.5.28

/nix/store/k6vx23p01apkq0q55zhkcwbbycdfnsxb-djvulibre-3.5.28.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-46310    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-46312    6.5

------------------------------------------------------------------------
exiv2-0.28.2

/nix/store/qn3wg2x5cf93l7i3az1q6sdsr3ri3ax7-exiv2-0.28.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-39695    6.5

------------------------------------------------------------------------
ffmpeg-4.4.4

/nix/store/08n9zix6mwafg67qchz4pb3q583j8sp7-ffmpeg-4.4.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-22860    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-22862    9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-48434    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-47470    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3109     7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-22861    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-46407    5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-3341     5.3

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/99pp61bdxjkk34fjwkla25nrd5wygxbg-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/18d5l9xdp9kww7h6w040qrcsg6rzgvi1-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/xkagf5fkcvx7a4qqp0skaywk4kksskyn-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.45.1

/nix/store/6n5fy4944ma2bhp63wi1bwy067p6hw9a-git-2.45.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/gqhz0hmfsznhys08q4h58pdb7sr7pnsx-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.3

/nix/store/dbgxyznjpwxrsxykdnlh15q1g9xv3lvr-go-1.22.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/9bjd6m1sp2a9c53h17mc6kshfffjl41m-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r5.cabal

/nix/store/9p769966bfy5pz2jnz5c7nk3f9mcpc7w-hedgehog-1.4-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/mva37vwssfj2lms5bv8syx5ixr43r9qn-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
imagemagick-7.1.1-32

/nix/store/yrapr3dc5vk9w9yyccn4pfhbmqxyym99-imagemagick-7.1.1-32.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-5341     5.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/9zg0ar1amir5g3kanfndpid37r5mwbda-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/b27zsdcby7hcx3gjskj0whlglpwjirjb-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/css79hbc7cap5xmg42jsns6851g7p5vd-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/77d74hj59ifl8fg1ixagks57ms3xgw5r-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
mercurial-6.6.3

/nix/store/k9g80j42c96c3a1rd414h1335jf0wnh6-mercurial-6.6.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43410    5.3

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/1l6lgm86679h5zjr2cz49xg92x6w831x-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/myalwsl9izrwscwsqxc90kn513f4m5f3-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/wbc1a34rg0z0gdyv5lc9rsmia6cp0lgr-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-06-04

/nix/store/pkyz92k7sh9xvnqw8zqwg5jjjyvaadjd-oh-my-zsh-2024-06-04.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openexr-2.5.10

/nix/store/dqqmr4p859xv35w876cx94pwcvc6p50f-openexr-2.5.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-5841     9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-23169    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-3598     5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-3605     5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23215    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-26260    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-26945    5.5

------------------------------------------------------------------------
openssh-9.7p1

/nix/store/4szsffz0y9kfr86w2nxm7dssjj5pw0gz-openssh-9.7p1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-6387     8.1

------------------------------------------------------------------------
openvpn-2.6.10

/nix/store/jpmz8ylgxca17kmvsgg72dkr68v60vnm-openvpn-2.6.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/qj6wag8y4zbwlznynyhjssi3an6avb4s-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/nzln49vm2in9kqrrhdkq5i8165hscq77-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/qafn4za3jpswhf66v19p2pp7i2x25f1g-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/0rid4zz964xfw5bvlrh8j2wqw90w4qz1-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
qpdf-11.9.0

/nix/store/4sn3vcw7d2qp3vi6zhp2mcmvxlj7c86d-qpdf-11.9.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-24246    5.5

------------------------------------------------------------------------
quote-1.0.35

/nix/store/3l3m45sp40yiggbbacn85ijldq4ppfha-quote-1.0.35.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
quote-1.0.36

/nix/store/6b4m4hw3hd9xk1d5dvgibrs5zwkpa1xv-quote-1.0.36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.11

/nix/store/8pcmvkzjg52pw6yv9x3lslm0bzb1gf7c-rubygems-3.5.11.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/cyblfdqfbz3p32x4dyh4g660r4qd6556-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/hlf4sk7ijz6kgk3nls9k6cq8syd4acxr-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.1

/nix/store/sbfa3vk72rlnakq65781mky8n0m3dp80-samba-4.20.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/07bdm4xcg7di539baaf8d7a5nyfnn5bw-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
semver-1.0.22

/nix/store/zr3qhchrxlaj4qngsacdsv2sdam314va-semver-1.0.22.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-25883    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/gbnzx1ziflzl8x44fnys09nwnyc7w1m2-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
snappy-1.2.0

/nix/store/2s9dkiydf7v426j2i1lakcqbw05ynlvi-snappy-1.2.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-28115    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-41330    9.8

------------------------------------------------------------------------
tap-1.0.1

/nix/store/ackpiipkiqh3f9zlfjd6vipqy9gljizn-tap-1.0.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-41940    5.4

------------------------------------------------------------------------
unzip-6.0

/nix/store/ycnmzpw4p0a5lm4i7q2n84hbkvamk4z4-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/vdrin9cxzlmlrrb26npcpg584hk6vlca-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r6.cabal

/nix/store/61m94h667afly17s2vs2ccfabndzi9yl-vault-0.3.1.5-r6.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
warp-3.3.31

/nix/store/qp9q9868xz9cravwicb14bk4c03rax8l-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/4j71h669xkqj0c5990bz9k5nidfisgb8-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/qg5dxpgncpvpg3gwdna8w68mvxmzczm2-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/1lig8vh8kzcprsn0mv1sls8rmagsmh0q-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/c5k42v0w3b4jb514mcn5qhl67hzq5q4k-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/lk2vhxb6llcnanwnn098ziw7f5b422nz-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/bvaxf0p3yfaw5a5pnm11yyx3rg1hzmxb-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/3659mf8jcb1hfly1g9mccjvpbdixvkiz-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r4.cabal

/nix/store/f3fb4wqc58b8rmw80frkzy0bgzvkkzdg-zlib-0.6.3.0-r4.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/r1ywn1kcr07fvmj0lzdddhfmg4im8dvw-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs