search

tuckershea / constellation

My laptop and server configuration
0 stars 0 forks source link

Lock nixpkgs in system flake registry #58

Closed NoRePercussions closed 2 weeks ago

NoRePercussions commented 2 weeks ago

Typically, nix commands that require a remote flake download the flake registry every time to ensure they get an up-to-date version. This means a delay in running commands with comma or my old shortcuts due to download times (especially with low connectivity). Additionally, if I run a command I expect it to be cached by nix, but if the registry gets updated I have to download nixpkgs and potentially download or rebuild the command. By locking to the system nixpkgs, I can avoid these downloads while still allowing for timely updates when my system pulls lock updates from github.

github-actions[bot] commented 2 weeks ago

Report for roland

Version changes:

Version 1 -> 2:
Security vulnerability report 
50 derivations with active advisories
8 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/1za6wfz4xd9g40js74dn8q2mh3lz8cpc-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/nqmwnxdpz5nrl99xynbladnvg91v4v5s-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/np3610i7d2q36lpfkpwh0ck3726q1nra-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/1hs5hp8j7pph4s8klq551xc1kgdidp0h-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.10

/nix/store/63dk65qvihjm3610h07j3yyv1kj3mvlc-cups-2.4.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dbus-1

/nix/store/bgwdwl6iywf922llaqi643ly3zr28anb-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/z3gns24ib8rx8aq61k7ym7nvf4yp7s5r-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/rgi9bjych5l0g3n0a58hkir1bymw427s-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/yx0had1kdvn0wh20m41wa27y1jarlazx-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.45.2

/nix/store/49m8y9hwp80xif63g4lm7k534bqgzg2h-git-2.45.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/pkv75cfaxf0z7bvk716n0m8carczr1sc-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.5

/nix/store/bbh04pw5g9w9vyadjhi43qkz8j72y1b6-go-1.22.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/sy8ib28x8f2aadj32x0x1r0lxq17wp4z-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r8.cabal

/nix/store/r4kbjr2x39i8a412x8ml2f3gps6n1gkk-hedgehog-1.4-r8.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/pnfd9la8ncv07mk549fvry9p3w3p2wap-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/87lrha1km079g5z3vwg9bnxyapq19xzw-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/sa22sh7qxj9y907f8hrg32nqr8y7ylin-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/36ygm3r1ab2igbnaiidhx5d8mvgplraa-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/ad547i3ajsxj8hc8kd0swnwsip4dj1g5-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/p4p62qmvyz7f7qjzksv67rk256k64fry-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/1zk87dv2x5a74dc50ijim7kiblav857c-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/xk58a1f55055pyh45yyhrmsi0whjpfcj-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-08-21

/nix/store/s8w3gxq855s694d9c1ilgv6m82rfadrx-oh-my-zsh-2024-08-21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openvpn-2.6.12

/nix/store/q2ffz492yyakpp0bzpm59k72d7fjv434-openvpn-2.6.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/f6q5zwzf99rpb6qxccpb6h79byb7c2wm-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/6g10r1zrqrfqsn327qqbbjqrgw7svmp7-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/g2z4y9f8l7xqxs3ybm45pa8pvwlw39jj-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
procps-3.3.17-lore-override

/nix/store/l2031imssh312023475g9iphnfz7kagi-procps-3.3.17-lore-override.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/iql8ps09akbiljixk7n101q94wqfpr9i-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-7592     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.36

/nix/store/fxxymyvysn8adikf85djsd5386xrybsk-quote-1.0.36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.16

/nix/store/f8md51g59h3brw293x618gxxzvsskyqz-rubygems-3.5.16.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/ynrkr73jzkr3y64ch561b175y6vq81y2-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/nyzbkimrj7dwpgihx2lilvplcxya7742-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.4

/nix/store/qkzllm8p4arxcgd9296mgc7r8qgkwap9-samba-4.20.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/bz5pxag76y9x1pbqm85nirbza1m1p6bq-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/cyd777rzwp70pqpgkqyprgscyivm8h23-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
unzip-6.0

/nix/store/6xmc6zv6avc0yznf7scn538gsglkj144-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/chdhghiyyhd3acm7fl42k84nrvcch6nd-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r7.cabal

/nix/store/y2kxaf9kclbdjzlvbi0nnlk70vxzmjz4-vault-0.3.1.5-r7.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vim-9.1.0595

/nix/store/sl7hdpms2jvbrg4v832fq0ha9zk6fn8a-vim-9.1.0595.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-41957    5.3
https://nvd.nist.gov/vuln/detail/CVE-2024-41965    4.2

------------------------------------------------------------------------
warp-3.3.31

/nix/store/h88c30zam2j3sjpnkp1jpzli4zfqjjfm-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/vrc80mbbiinxbgq34g4kzfbvawc0fw2l-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/vhw94idm5w60awv3hsfn3n9xcq6zhkh7-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/pwr3442i9dxxvcj5lrqpgsvx1l8d3n0x-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/li5zfhy5lbarhz35mxbh9jcj9jpp2p32-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/zv9sd3iv4dblgn97nk5xiglzcnab53pi-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/adwjqivygd0j1xlsrzkkggrq5xx7ccqw-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/bni5w41r1sai6sqgabrpcxa616pjzzpv-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r5.cabal

/nix/store/p95cyzydb0nvph1pbrxz0q3izfyzs4wx-zlib-0.6.3.0-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/80v1w8rwan51q42869dpgrwilxvg4783-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 2 weeks ago

Report for marlon

Version changes:

Version 1 -> 2:
Security vulnerability report 
50 derivations with active advisories
8 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/1za6wfz4xd9g40js74dn8q2mh3lz8cpc-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/nqmwnxdpz5nrl99xynbladnvg91v4v5s-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/np3610i7d2q36lpfkpwh0ck3726q1nra-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/1hs5hp8j7pph4s8klq551xc1kgdidp0h-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.10

/nix/store/63dk65qvihjm3610h07j3yyv1kj3mvlc-cups-2.4.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dbus-1

/nix/store/m9sa1zavx8pfx4c0izycfjc6hac9dscd-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/z3gns24ib8rx8aq61k7ym7nvf4yp7s5r-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/rgi9bjych5l0g3n0a58hkir1bymw427s-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/yx0had1kdvn0wh20m41wa27y1jarlazx-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.45.2

/nix/store/49m8y9hwp80xif63g4lm7k534bqgzg2h-git-2.45.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/pkv75cfaxf0z7bvk716n0m8carczr1sc-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.5

/nix/store/bbh04pw5g9w9vyadjhi43qkz8j72y1b6-go-1.22.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/sy8ib28x8f2aadj32x0x1r0lxq17wp4z-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r8.cabal

/nix/store/r4kbjr2x39i8a412x8ml2f3gps6n1gkk-hedgehog-1.4-r8.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/pnfd9la8ncv07mk549fvry9p3w3p2wap-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/87lrha1km079g5z3vwg9bnxyapq19xzw-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/sa22sh7qxj9y907f8hrg32nqr8y7ylin-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/36ygm3r1ab2igbnaiidhx5d8mvgplraa-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/ad547i3ajsxj8hc8kd0swnwsip4dj1g5-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/p4p62qmvyz7f7qjzksv67rk256k64fry-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/1zk87dv2x5a74dc50ijim7kiblav857c-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/xk58a1f55055pyh45yyhrmsi0whjpfcj-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-08-21

/nix/store/s8w3gxq855s694d9c1ilgv6m82rfadrx-oh-my-zsh-2024-08-21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openvpn-2.6.12

/nix/store/q2ffz492yyakpp0bzpm59k72d7fjv434-openvpn-2.6.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/f6q5zwzf99rpb6qxccpb6h79byb7c2wm-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/6g10r1zrqrfqsn327qqbbjqrgw7svmp7-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/g2z4y9f8l7xqxs3ybm45pa8pvwlw39jj-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
procps-3.3.17-lore-override

/nix/store/l2031imssh312023475g9iphnfz7kagi-procps-3.3.17-lore-override.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/iql8ps09akbiljixk7n101q94wqfpr9i-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-7592     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.36

/nix/store/fxxymyvysn8adikf85djsd5386xrybsk-quote-1.0.36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.16

/nix/store/f8md51g59h3brw293x618gxxzvsskyqz-rubygems-3.5.16.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/ynrkr73jzkr3y64ch561b175y6vq81y2-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/nyzbkimrj7dwpgihx2lilvplcxya7742-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.4

/nix/store/qkzllm8p4arxcgd9296mgc7r8qgkwap9-samba-4.20.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/bz5pxag76y9x1pbqm85nirbza1m1p6bq-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/cyd777rzwp70pqpgkqyprgscyivm8h23-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
unzip-6.0

/nix/store/6xmc6zv6avc0yznf7scn538gsglkj144-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/chdhghiyyhd3acm7fl42k84nrvcch6nd-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r7.cabal

/nix/store/y2kxaf9kclbdjzlvbi0nnlk70vxzmjz4-vault-0.3.1.5-r7.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vim-9.1.0595

/nix/store/sl7hdpms2jvbrg4v832fq0ha9zk6fn8a-vim-9.1.0595.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-41957    5.3
https://nvd.nist.gov/vuln/detail/CVE-2024-41965    4.2

------------------------------------------------------------------------
warp-3.3.31

/nix/store/h88c30zam2j3sjpnkp1jpzli4zfqjjfm-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/vrc80mbbiinxbgq34g4kzfbvawc0fw2l-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/vhw94idm5w60awv3hsfn3n9xcq6zhkh7-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/pwr3442i9dxxvcj5lrqpgsvx1l8d3n0x-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/li5zfhy5lbarhz35mxbh9jcj9jpp2p32-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/zv9sd3iv4dblgn97nk5xiglzcnab53pi-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/adwjqivygd0j1xlsrzkkggrq5xx7ccqw-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/bni5w41r1sai6sqgabrpcxa616pjzzpv-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r5.cabal

/nix/store/p95cyzydb0nvph1pbrxz0q3izfyzs4wx-zlib-0.6.3.0-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/80v1w8rwan51q42869dpgrwilxvg4783-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 2 weeks ago

Report for elmira

Version changes:

Version 1 -> 2:'
'  source: +178280.4 KiB
Security vulnerability report 
34 derivations with active advisories'
'6 derivations left out due to whitelisting'
''
'------------------------------------------------------------------------'
'ShellCheck-0.10.0'
''
'/nix/store/ja32w5xg4jjmmckqhsmar1kwhh68zzhl-ShellCheck-0.10.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8'
''
'------------------------------------------------------------------------'
'cereal-0.5.8.3'
''
'/nix/store/2wwif0achal77cxyrf2kmrylk2125nj7-cereal-0.5.8.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3'
''
'------------------------------------------------------------------------'
'commonmark-0.2.6'
''
'/nix/store/b8zvk6nqq7b8gd59a2mwi834g8g96mkm-commonmark-0.2.6.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1'
''
'------------------------------------------------------------------------'
'gcc-13.3.0'
''
'/nix/store/0i7vzi592vj8vfm00ci0yk4xkav03j2j-gcc-13.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8'
''
'------------------------------------------------------------------------'
'git-2.45.2'
''
'/nix/store/6772g0y2ahqckpgxlqpqkpg12qbpawl8-git-2.45.2.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3'
''
'------------------------------------------------------------------------'
'go-1.21.0-darwin-arm64-bootstrap'
''
'/nix/store/cs7j9ncrk1izm9a4q4c25wcg3l8wpyik-go-1.21.0-darwin-arm64-bootstrap.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8'
''
'------------------------------------------------------------------------'
'go-1.22.5'
''
'/nix/store/9nq4qkb06f4y35wsvq4xc3rs351rmk84-go-1.22.5.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8'
''
'------------------------------------------------------------------------'
'hedgehog-1.4'
''
'/nix/store/58sfsg8ma1l15bhj99dwm9sfl0zs75rm-hedgehog-1.4.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8'
''
'------------------------------------------------------------------------'
'hedgehog-1.4-r8.cabal'
''
'/nix/store/i4q16j6waqm4yypx2m7g27mp6jjlkv5b-hedgehog-1.4-r8.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8'
''
'------------------------------------------------------------------------'
'http-client-0.7.17'
''
'/nix/store/6fycvgh1hvjwxm8ck4sppz2dgmq5l4sl-http-client-0.7.17.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5'
''
'------------------------------------------------------------------------'
'indent-2.2.13'
''
'/nix/store/yin1wh1rz4vbyp3i5dxg9p38r5k8015m-indent-2.2.13.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2024-0911     5.5'
''
'------------------------------------------------------------------------'
'libmemcached-1.0.18'
''
'/nix/store/0h1dk1sph1v4qr3x1jdznyp3lqrifmcg-libmemcached-1.0.18.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5'
''
'------------------------------------------------------------------------'
'lodepng-3.10.1'
''
'/nix/store/2rjsjvjn87pclfqa94qq01n1diz42pwl-lodepng-3.10.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5'
''
'------------------------------------------------------------------------'
'network-3.1.4.0'
''
'/nix/store/1x8jxfiz1anhm0nk57ckmw1lvfgd56m2-network-3.1.4.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5'
''
'------------------------------------------------------------------------'
'network-3.1.4.0-r1.cabal'
''
'/nix/store/lga1aq1nsxm6h79xhjd904adadi9wlja-network-3.1.4.0-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5'
''
'------------------------------------------------------------------------'
'ninja-1.12.1'
''
'/nix/store/mnx7k7wypll6qfllyfv4kylzrrb46cgk-ninja-1.12.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8'
''
'------------------------------------------------------------------------'
'oh-my-zsh-2024-08-21'
''
'/nix/store/1rwpmv2krvzwfhli8y49gdj673qv51v9-oh-my-zsh-2024-08-21.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8'
''
'------------------------------------------------------------------------'
'openmp-16.0.6'
''
'/nix/store/5c2d8wn0zbbja1gn0snl03sh02vji8rr-openmp-16.0.6.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-26345    7.3'
''
'------------------------------------------------------------------------'
'quote-1.0.36'
''
'/nix/store/y4wbds43mbk6f7s218mbwymlj1m2j8fq-quote-1.0.36.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3'
''
'------------------------------------------------------------------------'
'rubygems-3.5.16'
''
'/nix/store/jh7vm6h3xwd6hll6n4hzq4jy4b3z5mwi-rubygems-3.5.16.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8'
''
'------------------------------------------------------------------------'
'safe-0.3.21'
''
'/nix/store/1g5g0x4rwacfzsfa7k5ihac9f2k56i4d-safe-0.3.21.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5'
''
'------------------------------------------------------------------------'
'safe-0.3.21-r1.cabal'
''
'/nix/store/7jd22747x367n00d59aanlf7dm91lvnp-safe-0.3.21-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5'
''
'------------------------------------------------------------------------'
'subversion-1.14.3'
''
'/nix/store/jq034mmjs2hz3pbzc413gyr4pkqkckzr-subversion-1.14.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-21698    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2304     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2111     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-29046    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-29048    4.3'
''
'------------------------------------------------------------------------'
'unzip-6.0'
''
'/nix/store/z342sa5r4digl028g40rpjbrn9dm3xms-unzip-6.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3'
''
'------------------------------------------------------------------------'
'vault-0.3.1.5'
''
'/nix/store/v5zxjp51d83yrs2jp2af2mfa6cn1x3h1-vault-0.3.1.5.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7'
''
'------------------------------------------------------------------------'
'vault-0.3.1.5-r7.cabal'
''
'/nix/store/s409h3f242i6cd9c3i39f2wk53rgfmwj-vault-0.3.1.5-r7.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7'
''
'------------------------------------------------------------------------'
'vim-9.1.0595'
''
'/nix/store/1wp4hcnydk3m67wlb5bxm1k51jwvlcba-vim-9.1.0595.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2024-41957    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2024-41965    4.2'
''
'------------------------------------------------------------------------'
'warp-3.3.31'
''
'/nix/store/l37kyr808da4rrkjkk497dz2cwhgvxcc-warp-3.3.31.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7'
''
'------------------------------------------------------------------------'
'yaml-0.11.11.2'
''
'/nix/store/qpv9cabha27s4mskra0vimp835fhnba5-yaml-0.11.11.2.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5'
''
'------------------------------------------------------------------------'
'yaml-0.11.11.2-r2.cabal'
''
'/nix/store/br0dmmsd6kav2qkmjix7lzpj0j397c1b-yaml-0.11.11.2-r2.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5'
''
'------------------------------------------------------------------------'
'yasm-1.3.0'
''
'/nix/store/mv0cziz4idh6z4mbh2x9821qapnlzjd6-yasm-1.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3'
''
'------------------------------------------------------------------------'
'zlib-0.6.3.0'
''
'/nix/store/jjcnd0dbmyy2w9kywzj6924fys6d6ya2-zlib-0.6.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'------------------------------------------------------------------------'
'zlib-0.6.3.0-r5.cabal'
''
'/nix/store/93x0dk7blwgxl6aw91fpgarnjybcfzfh-zlib-0.6.3.0-r5.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'------------------------------------------------------------------------'
'zlib-1.3.1'
''
'/nix/store/pp69l2ka0zpjry3ypqjlmapiwpz1pq6c-zlib-1.3.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 2 weeks ago

Report for vic

Version changes:

Version 1 -> 2:
Security vulnerability report 
62 derivations with active advisories
9 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/1za6wfz4xd9g40js74dn8q2mh3lz8cpc-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
accountsservice-23.13.9

/nix/store/1cak3hcn6ckzqb6s2g20hgq6i0zvcy7r-accountsservice-23.13.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-3297     7.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/nqmwnxdpz5nrl99xynbladnvg91v4v5s-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/np3610i7d2q36lpfkpwh0ck3726q1nra-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/1hs5hp8j7pph4s8klq551xc1kgdidp0h-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
console-0.15.8

/nix/store/3q1f5mn3cxyh5dx4rkzzshhx9q0p5l6n-console-0.15.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-33955    5.3

------------------------------------------------------------------------
cups-2.4.10

/nix/store/63dk65qvihjm3610h07j3yyv1kj3mvlc-cups-2.4.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dash-0.5.12

/nix/store/15scji24lm68cxinniw26zb3m1iz23mx-dash-0.5.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-21485    5.4

------------------------------------------------------------------------
dbus-1

/nix/store/h3q614j4d76acjknnx1pbg7ki9bw29n2-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
djvulibre-3.5.28

/nix/store/91w26kfiabrybyq11wpspanjbld77cm5-djvulibre-3.5.28.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-46310    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-46312    6.5

------------------------------------------------------------------------
ffmpeg-4.4.5

/nix/store/k29i4af1212fgjvhyr3pq15a79zml4sw-ffmpeg-4.4.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-22860    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-22862    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-7272     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-48434    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-47470    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3109     7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-22861    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-46407    5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-3341     5.3

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/z3gns24ib8rx8aq61k7ym7nvf4yp7s5r-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/rgi9bjych5l0g3n0a58hkir1bymw427s-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/yx0had1kdvn0wh20m41wa27y1jarlazx-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.45.2

/nix/store/49m8y9hwp80xif63g4lm7k534bqgzg2h-git-2.45.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/pkv75cfaxf0z7bvk716n0m8carczr1sc-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.5

/nix/store/bbh04pw5g9w9vyadjhi43qkz8j72y1b6-go-1.22.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/sy8ib28x8f2aadj32x0x1r0lxq17wp4z-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r8.cabal

/nix/store/r4kbjr2x39i8a412x8ml2f3gps6n1gkk-hedgehog-1.4-r8.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/pnfd9la8ncv07mk549fvry9p3w3p2wap-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
imagemagick-7.1.1-36

/nix/store/yhaqigdgyajn5wnn3j1jd4kyx29ncy72-imagemagick-7.1.1-36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-5341     5.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/87lrha1km079g5z3vwg9bnxyapq19xzw-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/sa22sh7qxj9y907f8hrg32nqr8y7ylin-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/36ygm3r1ab2igbnaiidhx5d8mvgplraa-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/ad547i3ajsxj8hc8kd0swnwsip4dj1g5-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
mercurial-6.8.1

/nix/store/1razij72n6xiagigj1m7mk1n7rr0gnxk-mercurial-6.8.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43410    5.3

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/p4p62qmvyz7f7qjzksv67rk256k64fry-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/1zk87dv2x5a74dc50ijim7kiblav857c-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/xk58a1f55055pyh45yyhrmsi0whjpfcj-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-08-21

/nix/store/s8w3gxq855s694d9c1ilgv6m82rfadrx-oh-my-zsh-2024-08-21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openexr-2.5.10

/nix/store/lcnsxf39sxibmyxmnc4cvii61h9rvqb6-openexr-2.5.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-5841     9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-23169    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-3598     5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-3605     5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23215    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-26260    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-26945    5.5

------------------------------------------------------------------------
openvpn-2.6.12

/nix/store/q2ffz492yyakpp0bzpm59k72d7fjv434-openvpn-2.6.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/f6q5zwzf99rpb6qxccpb6h79byb7c2wm-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/pr843v2srfw4dpd74v1qrqa5f02yqq84-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/g2z4y9f8l7xqxs3ybm45pa8pvwlw39jj-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
procps-3.3.17-lore-override

/nix/store/l2031imssh312023475g9iphnfz7kagi-procps-3.3.17-lore-override.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/iql8ps09akbiljixk7n101q94wqfpr9i-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-7592     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.35

/nix/store/9zia81v6n6h43c7r9mx9l84pca07yxci-quote-1.0.35.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
quote-1.0.36

/nix/store/fxxymyvysn8adikf85djsd5386xrybsk-quote-1.0.36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.16

/nix/store/f8md51g59h3brw293x618gxxzvsskyqz-rubygems-3.5.16.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/ynrkr73jzkr3y64ch561b175y6vq81y2-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/nyzbkimrj7dwpgihx2lilvplcxya7742-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.4

/nix/store/qkzllm8p4arxcgd9296mgc7r8qgkwap9-samba-4.20.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/bz5pxag76y9x1pbqm85nirbza1m1p6bq-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
semver-1.0.22

/nix/store/hdpzz5qs6sg5v7msg68xwhwca2ym21pj-semver-1.0.22.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-25883    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/cyd777rzwp70pqpgkqyprgscyivm8h23-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
snappy-1.2.1

/nix/store/wyxafr374vhzrihqfxyj6xn39nkwchk7-snappy-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-28115    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-41330    9.8

------------------------------------------------------------------------
tap-1.0.1

/nix/store/w9hs6mx3mll7z3i2kl290450i2301s7i-tap-1.0.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-41940    5.4

------------------------------------------------------------------------
unzip-6.0

/nix/store/6xmc6zv6avc0yznf7scn538gsglkj144-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/chdhghiyyhd3acm7fl42k84nrvcch6nd-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r7.cabal

/nix/store/y2kxaf9kclbdjzlvbi0nnlk70vxzmjz4-vault-0.3.1.5-r7.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vim-9.1.0595

/nix/store/sl7hdpms2jvbrg4v832fq0ha9zk6fn8a-vim-9.1.0595.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-41957    5.3
https://nvd.nist.gov/vuln/detail/CVE-2024-41965    4.2

------------------------------------------------------------------------
warp-3.3.31

/nix/store/h88c30zam2j3sjpnkp1jpzli4zfqjjfm-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/vrc80mbbiinxbgq34g4kzfbvawc0fw2l-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/vhw94idm5w60awv3hsfn3n9xcq6zhkh7-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/pwr3442i9dxxvcj5lrqpgsvx1l8d3n0x-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/li5zfhy5lbarhz35mxbh9jcj9jpp2p32-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/zv9sd3iv4dblgn97nk5xiglzcnab53pi-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/adwjqivygd0j1xlsrzkkggrq5xx7ccqw-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/bni5w41r1sai6sqgabrpcxa616pjzzpv-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r5.cabal

/nix/store/p95cyzydb0nvph1pbrxz0q3izfyzs4wx-zlib-0.6.3.0-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/80v1w8rwan51q42869dpgrwilxvg4783-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs