tuckershea / constellation

My laptop and server configuration
0 stars 0 forks source link

Lock file maintenance #69

Closed renovate[bot] closed 2 months ago

renovate[bot] commented 2 months ago

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: Branch creation - "before 4am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.



This PR was generated by Mend Renovate. View the repository job log.

github-actions[bot] commented 2 months ago

Report for marlon

Version changes:

Security vulnerability report
50 derivations with active advisories
8 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/28j7hy7j7rz8sbzfh2kigpx370w6dg86-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
aardvark-dns-1.12.1

/nix/store/0s07nyhlpiqdr4ikmss0w1i56ip1fkwl-aardvark-dns-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-8418     7.5

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/8i6zds8gv6ni8202r0npari0y9xzqjmj-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/cd6cddw8lxiin97yw2wnmmhw40n2ypxy-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/ml4wf4w7qgivqg8mdr1q0iggsc88a5yv-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.10

/nix/store/kv0raa6n8bzxxd920klq7qcg4y3n4y86-cups-2.4.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dbus-1

/nix/store/60wydzcd80nylqjlmkm8jbj12cm548z6-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/cfvz2yimqjr5ls2jn60gks3qm9bfl3y3-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/62hhzsanj4hw92r9lvysrvq63zfahj08-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/fkk73ndvkaz2hkjvazp3s412pb52kakk-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.46.0

/nix/store/g7mhkv3cs9mj9h67bmwmnnhpwk427il5-git-2.46.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/1w5mfqsbqx54xfb3zbhf1ryzaqwb3807-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.6

/nix/store/12p4myq9yrziavblqxnxn799kadbjalp-go-1.22.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/afnz99k2vfyd6fygal0ifl0wzv14nn29-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r8.cabal

/nix/store/5m68ia8f5inbhkza1v8mfjddn4a2x5y6-hedgehog-1.4-r8.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/ysb8ncj66kbmmxskbbzs96wzxb3a2gmj-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/x1sqwy7skbwgb7yycnfgpyg528h4ry3a-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/i8x33vd61085kfix7srri5hzh06h0w5b-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/pwpi5bmxga2if363nry1aw7qvpyzxj26-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/il8ymdgr2gl3m32hdfdzc3i8gfmwds1s-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/f8wmym8cwcl10jp659xkwjsr41rdh9vl-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/74rzi1kcbdf0k1m8c5vr4ljf4a1apk0q-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/znflsi8ifra43452vzfbsrx541h0cwyp-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-08-27

/nix/store/zllmshb2ryl0q29ki1qq2h09dbrfl8bs-oh-my-zsh-2024-08-27.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openvpn-2.6.12

/nix/store/d4fijh6ia0q11n2vzfq57xrvmxgila7p-openvpn-2.6.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/vn6nx0826p50v24p7qg6sv1jpwf1qnic-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/80n075bwddhlxfhc50myy0r2xh2xgq6a-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/03fh3wzy0ja5269nfjish2hw0mdlhgxz-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
procps-3.3.17-lore-override

/nix/store/dbw12ba5fwgfkpjd6xl86zll20ayhmqq-procps-3.3.17-lore-override.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/hmiijzpqz73dgs7jr9lvkv6yiavbzjqx-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-6232     7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-7592     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.36

/nix/store/x4dylylvrrj9pix92hbpmg0jsi0ijkpn-quote-1.0.36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.16

/nix/store/741nm0pyh022cdnyavng47y9j6s4wix5-rubygems-3.5.16.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/63z2154ywqk9yzvc2l5a0q9jiqyv3a88-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/5b96a8chlvh6bvbhpx9fj61xi1q4wwwi-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.4

/nix/store/gk7384161dmp7vi3vm765ki9jss70nda-samba-4.20.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/jzx01izqmq4kh7wln29f3c3f1862ykys-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/2qgk79a0kazqyhghx1w5c5cb6vwc9as9-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
unzip-6.0

/nix/store/03dvx39sdpvybbi6psky85ab413zgi80-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/wza5fbrprzmm37s3ic2kb7pi2hwha6xj-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r7.cabal

/nix/store/740i9rm23im41x9vbk5lw8jxfr4jdcr2-vault-0.3.1.5-r7.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
warp-3.3.31

/nix/store/ysq6bxlyv68d1xzy5flwfaql30v3k3gr-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/7sm5bzb59dafwk8rj5bqvjzpx251chwn-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/k99j8vyz4whsrxh7mv702b8bzbyd35q2-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/b8k0kq9vx4iq0lxs9nqjnsh9ard5vkhm-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/yg0d6yl4a8blp1lxnx2hlpnk5xvicjvp-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/30x3z3pcnbzdhh31678vdlk496jvdyvh-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/20l221rfvy85j0pbpa29afip9xysmvi6-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/7rnx7fgby145gszi75a4lg7wd38rqzds-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r5.cabal

/nix/store/piy096kvsgzmx5mbhm8kzmjykl336cx3-zlib-0.6.3.0-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/4gw9bs30lgjylxn5wvzzscw4b5blijmi-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 2 months ago

Report for roland

Version changes:

Security vulnerability report
49 derivations with active advisories
8 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/28j7hy7j7rz8sbzfh2kigpx370w6dg86-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/8i6zds8gv6ni8202r0npari0y9xzqjmj-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/cd6cddw8lxiin97yw2wnmmhw40n2ypxy-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/ml4wf4w7qgivqg8mdr1q0iggsc88a5yv-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
cups-2.4.10

/nix/store/kv0raa6n8bzxxd920klq7qcg4y3n4y86-cups-2.4.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dbus-1

/nix/store/5qsjfxnaphb5m7zw813cbn7a7chhw4bv-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/cfvz2yimqjr5ls2jn60gks3qm9bfl3y3-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/62hhzsanj4hw92r9lvysrvq63zfahj08-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/fkk73ndvkaz2hkjvazp3s412pb52kakk-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.46.0

/nix/store/g7mhkv3cs9mj9h67bmwmnnhpwk427il5-git-2.46.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/1w5mfqsbqx54xfb3zbhf1ryzaqwb3807-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.6

/nix/store/12p4myq9yrziavblqxnxn799kadbjalp-go-1.22.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/afnz99k2vfyd6fygal0ifl0wzv14nn29-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r8.cabal

/nix/store/5m68ia8f5inbhkza1v8mfjddn4a2x5y6-hedgehog-1.4-r8.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/ysb8ncj66kbmmxskbbzs96wzxb3a2gmj-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/x1sqwy7skbwgb7yycnfgpyg528h4ry3a-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/i8x33vd61085kfix7srri5hzh06h0w5b-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/pwpi5bmxga2if363nry1aw7qvpyzxj26-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/il8ymdgr2gl3m32hdfdzc3i8gfmwds1s-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/f8wmym8cwcl10jp659xkwjsr41rdh9vl-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/74rzi1kcbdf0k1m8c5vr4ljf4a1apk0q-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/znflsi8ifra43452vzfbsrx541h0cwyp-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-08-27

/nix/store/zllmshb2ryl0q29ki1qq2h09dbrfl8bs-oh-my-zsh-2024-08-27.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openvpn-2.6.12

/nix/store/d4fijh6ia0q11n2vzfq57xrvmxgila7p-openvpn-2.6.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/vn6nx0826p50v24p7qg6sv1jpwf1qnic-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
polkit-1.pam

/nix/store/80n075bwddhlxfhc50myy0r2xh2xgq6a-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/03fh3wzy0ja5269nfjish2hw0mdlhgxz-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
procps-3.3.17-lore-override

/nix/store/dbw12ba5fwgfkpjd6xl86zll20ayhmqq-procps-3.3.17-lore-override.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/hmiijzpqz73dgs7jr9lvkv6yiavbzjqx-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-6232     7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-7592     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.36

/nix/store/x4dylylvrrj9pix92hbpmg0jsi0ijkpn-quote-1.0.36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.16

/nix/store/741nm0pyh022cdnyavng47y9j6s4wix5-rubygems-3.5.16.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/63z2154ywqk9yzvc2l5a0q9jiqyv3a88-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/5b96a8chlvh6bvbhpx9fj61xi1q4wwwi-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.4

/nix/store/gk7384161dmp7vi3vm765ki9jss70nda-samba-4.20.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/jzx01izqmq4kh7wln29f3c3f1862ykys-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/2qgk79a0kazqyhghx1w5c5cb6vwc9as9-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
unzip-6.0

/nix/store/03dvx39sdpvybbi6psky85ab413zgi80-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/wza5fbrprzmm37s3ic2kb7pi2hwha6xj-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r7.cabal

/nix/store/740i9rm23im41x9vbk5lw8jxfr4jdcr2-vault-0.3.1.5-r7.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
warp-3.3.31

/nix/store/ysq6bxlyv68d1xzy5flwfaql30v3k3gr-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/7sm5bzb59dafwk8rj5bqvjzpx251chwn-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/k99j8vyz4whsrxh7mv702b8bzbyd35q2-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/b8k0kq9vx4iq0lxs9nqjnsh9ard5vkhm-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/yg0d6yl4a8blp1lxnx2hlpnk5xvicjvp-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/30x3z3pcnbzdhh31678vdlk496jvdyvh-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/20l221rfvy85j0pbpa29afip9xysmvi6-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/7rnx7fgby145gszi75a4lg7wd38rqzds-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r5.cabal

/nix/store/piy096kvsgzmx5mbhm8kzmjykl336cx3-zlib-0.6.3.0-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/890wip2h8rdj94kzq44jzmf8mj33ik70-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 2 months ago

Report for elmira

Version changes:

Security vulnerability report
33 derivations with active advisories'
'6 derivations left out due to whitelisting'
''
'------------------------------------------------------------------------'
'ShellCheck-0.10.0'
''
'/nix/store/4lhskjhd4yp4nva20cqjil2rbcz7xigx-ShellCheck-0.10.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8'
''
'------------------------------------------------------------------------'
'cereal-0.5.8.3'
''
'/nix/store/a90l449mdq32304j9ncrspa6gnj1xppv-cereal-0.5.8.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3'
''
'------------------------------------------------------------------------'
'commonmark-0.2.6'
''
'/nix/store/qqvqcwjjvqczvbjkdf9hzzdml6s5sp7q-commonmark-0.2.6.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1'
''
'------------------------------------------------------------------------'
'gcc-13.3.0'
''
'/nix/store/6b4vr9v6sfj58kcclyiff6i1v0a1y6iy-gcc-13.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8'
''
'------------------------------------------------------------------------'
'git-2.46.0'
''
'/nix/store/0b8c762f5fwvy903lpq121l8r7bz8apc-git-2.46.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3'
''
'------------------------------------------------------------------------'
'go-1.21.0-darwin-arm64-bootstrap'
''
'/nix/store/hiczw1c8kgxgcb7b26hvs9y2gw8xxvcp-go-1.21.0-darwin-arm64-bootstrap.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1'
'https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8'
''
'------------------------------------------------------------------------'
'go-1.22.6'
''
'/nix/store/wlk6ql6l3fylh7qqihrijzflqrn74i9v-go-1.22.6.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8'
''
'------------------------------------------------------------------------'
'hedgehog-1.4'
''
'/nix/store/jg3m0as9ym33srmv3glycrszpgjc30rn-hedgehog-1.4.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8'
''
'------------------------------------------------------------------------'
'hedgehog-1.4-r8.cabal'
''
'/nix/store/yc9z7pwxrv0ls4smxaz5d64m842g4r38-hedgehog-1.4-r8.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8'
''
'------------------------------------------------------------------------'
'http-client-0.7.17'
''
'/nix/store/5d3vjys3agwzvj2h8p1hzdbap149gkap-http-client-0.7.17.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5'
''
'------------------------------------------------------------------------'
'indent-2.2.13'
''
'/nix/store/30dbvvblr228zkwhrgy11sczb4g4pdi5-indent-2.2.13.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2024-0911     5.5'
''
'------------------------------------------------------------------------'
'libmemcached-1.0.18'
''
'/nix/store/bdjnwzbbqjvrsbqh34skisllk36f8nxx-libmemcached-1.0.18.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5'
''
'------------------------------------------------------------------------'
'lodepng-3.10.1'
''
'/nix/store/png3mn10gly9km9n8cw4knirgv3nah4d-lodepng-3.10.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5'
''
'------------------------------------------------------------------------'
'network-3.1.4.0'
''
'/nix/store/is772ciiw7d6vq9skl703ir56j6dzs8c-network-3.1.4.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5'
''
'------------------------------------------------------------------------'
'network-3.1.4.0-r1.cabal'
''
'/nix/store/jacnjv46wrp629klypppdn53l8a1iygm-network-3.1.4.0-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5'
''
'------------------------------------------------------------------------'
'ninja-1.12.1'
''
'/nix/store/8b5yv718gpr9d93ln68byrs1jxx56zm2-ninja-1.12.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8'
''
'------------------------------------------------------------------------'
'oh-my-zsh-2024-08-27'
''
'/nix/store/i6djb7vgl3xny2w3kmbva319yb3sq023-oh-my-zsh-2024-08-27.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8'
''
'------------------------------------------------------------------------'
'openmp-16.0.6'
''
'/nix/store/jvkmlw4pfhbf377mjyjbpgcppk917bd4-openmp-16.0.6.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-26345    7.3'
''
'------------------------------------------------------------------------'
'quote-1.0.36'
''
'/nix/store/4qr3c0nipmw6zajq02dc05fwkij13dkf-quote-1.0.36.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3'
''
'------------------------------------------------------------------------'
'rubygems-3.5.16'
''
'/nix/store/r2jzqs70zxfmlq537c4ihr3cs3ym8pz2-rubygems-3.5.16.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8'
''
'------------------------------------------------------------------------'
'safe-0.3.21'
''
'/nix/store/0g1fzhaq1yvnla9h1lkrswgk3n756jsr-safe-0.3.21.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5'
''
'------------------------------------------------------------------------'
'safe-0.3.21-r1.cabal'
''
'/nix/store/nf1vrmi9yx5qd9wh09df644l4xhh6vfk-safe-0.3.21-r1.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5'
'https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5'
''
'------------------------------------------------------------------------'
'subversion-1.14.3'
''
'/nix/store/w8hhn0f697qainjdrjzak4n7z10wj6wy-subversion-1.14.3.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-21698    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2304     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2020-2111     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-29046    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2022-29048    4.3'
''
'------------------------------------------------------------------------'
'unzip-6.0'
''
'/nix/store/czx7qrml7z29ffzz8pmwqa1vsnzn9044-unzip-6.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3'
''
'------------------------------------------------------------------------'
'vault-0.3.1.5'
''
'/nix/store/pr93fj61y05ypnizl556lgifxqv597qi-vault-0.3.1.5.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7'
''
'------------------------------------------------------------------------'
'vault-0.3.1.5-r7.cabal'
''
'/nix/store/13akdwmpx2s5q1wkgyill8rf5ppzzv35-vault-0.3.1.5-r7.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1'
'https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4'
'https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7'
''
'------------------------------------------------------------------------'
'warp-3.3.31'
''
'/nix/store/mr8fj6i6scb92z2nra29nwrv7b4gxbwv-warp-3.3.31.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8'
'https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7'
''
'------------------------------------------------------------------------'
'yaml-0.11.11.2'
''
'/nix/store/9y47yq1k1q0bv1fyra91iwws4kdygg7b-yaml-0.11.11.2.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5'
''
'------------------------------------------------------------------------'
'yaml-0.11.11.2-r2.cabal'
''
'/nix/store/z3nph879p862xwq2dly8p0ymngh61aly-yaml-0.11.11.2-r2.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5'
''
'------------------------------------------------------------------------'
'yasm-1.3.0'
''
'/nix/store/j3d7gxin4b6l04vh443rzdi87m8j1phg-yasm-1.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5'
'https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3'
''
'------------------------------------------------------------------------'
'zlib-0.6.3.0'
''
'/nix/store/ci4fhgsw9m7ha15zghfx97jrvy5b179y-zlib-0.6.3.0.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'------------------------------------------------------------------------'
'zlib-0.6.3.0-r5.cabal'
''
'/nix/store/dr7x280pq7rlhx917l16xhiwzzdmr1p9-zlib-0.6.3.0-r5.cabal.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'------------------------------------------------------------------------'
'zlib-1.3.1'
''
'/nix/store/jsbb4mry7njn1fd5icfykh5w4p06mqg9-zlib-1.3.1.drv'
'CVE                                                CVSSv3'
'https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5'
''
'use --show-whitelisted to see derivations with only whitelisted CVEs
github-actions[bot] commented 2 months ago

Report for vic

Version changes:

Security vulnerability report
62 derivations with active advisories
9 derivations left out due to whitelisting

------------------------------------------------------------------------
ShellCheck-0.10.0

/nix/store/28j7hy7j7rz8sbzfh2kigpx370w6dg86-ShellCheck-0.10.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-28794    9.8

------------------------------------------------------------------------
accountsservice-23.13.9

/nix/store/y8m8wg0wg5ybpjawdf6kayijc0y65x1c-accountsservice-23.13.9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-3297     7.8

------------------------------------------------------------------------
audiofile-0.3.6

/nix/store/8i6zds8gv6ni8202r0npari0y9xzqjmj-audiofile-0.3.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-18781    5.5

------------------------------------------------------------------------
cereal-0.5.8.3

/nix/store/cd6cddw8lxiin97yw2wnmmhw40n2ypxy-cereal-0.5.8.3.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11105    9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-11104    5.3

------------------------------------------------------------------------
commonmark-0.2.6

/nix/store/ml4wf4w7qgivqg8mdr1q0iggsc88a5yv-commonmark-0.2.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-10010    6.1

------------------------------------------------------------------------
console-0.15.8

/nix/store/phxfxsncszx2hliqkw595llcpvrlajqr-console-0.15.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-33955    5.3

------------------------------------------------------------------------
cups-2.4.10

/nix/store/kv0raa6n8bzxxd920klq7qcg4y3n4y86-cups-2.4.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-26691    6.7

------------------------------------------------------------------------
dash-0.5.12

/nix/store/5mwkmc9gccys5ii2djq8m1ss645hd860-dash-0.5.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-21485    5.4

------------------------------------------------------------------------
dbus-1

/nix/store/acfpv6pwav1572wjg603jdn796dg2wbd-dbus-1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-42010    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42011    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-42012    6.5

------------------------------------------------------------------------
djvulibre-3.5.28

/nix/store/74p12yq7f3jqv0mnfl727fb6hg3cj9c0-djvulibre-3.5.28.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-46310    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-46312    6.5

------------------------------------------------------------------------
firefox-129.0.2

/nix/store/9vk3zin020h74hmz4jch985a3zs0jmv2-firefox-129.0.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-8381     9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-8384     9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-8385     9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-8382     8.8
https://nvd.nist.gov/vuln/detail/CVE-2024-8383     7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-8386     6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-8388     5.3

------------------------------------------------------------------------
fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

/nix/store/cfvz2yimqjr5ls2jn60gks3qm9bfl3y3-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
fuse-3.16.2

/nix/store/62hhzsanj4hw92r9lvysrvq63zfahj08-fuse-3.16.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-14860    6.5
https://nvd.nist.gov/vuln/detail/CVE-2019-14900    6.5

------------------------------------------------------------------------
gcc-13.3.0

/nix/store/fkk73ndvkaz2hkjvazp3s412pb52kakk-gcc-13.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4039     4.8

------------------------------------------------------------------------
git-2.46.0

/nix/store/g7mhkv3cs9mj9h67bmwmnnhpwk427il5-git-2.46.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36882    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-30947    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-36883    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38663    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-21684    6.1
https://nvd.nist.gov/vuln/detail/CVE-2020-2136     5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-36884    5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1003010  4.3

------------------------------------------------------------------------
go-1.21.0-linux-amd64-bootstrap

/nix/store/1w5mfqsbqx54xfb3zbhf1ryzaqwb3807-go-1.21.0-linux-amd64-bootstrap.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-39320    9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-24790    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-39323    8.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39321    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39322    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39325    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-44487    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-39318    6.1
https://nvd.nist.gov/vuln/detail/CVE-2023-39319    6.1
https://nvd.nist.gov/vuln/detail/CVE-2024-24789    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
go-1.22.6

/nix/store/12p4myq9yrziavblqxnxn799kadbjalp-go-1.22.6.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-49292    4.8

------------------------------------------------------------------------
hedgehog-1.4

/nix/store/afnz99k2vfyd6fygal0ifl0wzv14nn29-hedgehog-1.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
hedgehog-1.4-r8.cabal

/nix/store/5m68ia8f5inbhkza1v8mfjddn4a2x5y6-hedgehog-1.4-r8.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4276     8.8

------------------------------------------------------------------------
http-client-0.7.17

/nix/store/ysb8ncj66kbmmxskbbzs96wzxb3a2gmj-http-client-0.7.17.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-11021    7.5

------------------------------------------------------------------------
imagemagick-7.1.1-37

/nix/store/bb4x0jpa6pznvbhr4mszhl27if3yvkdc-imagemagick-7.1.1-37.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-5341     5.5

------------------------------------------------------------------------
jbig2dec-0.20

/nix/store/x1sqwy7skbwgb7yycnfgpyg528h4ry3a-jbig2dec-0.20.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-46361    6.5

------------------------------------------------------------------------
libmemcached-1.0.18

/nix/store/i8x33vd61085kfix7srri5hzh06h0w5b-libmemcached-1.0.18.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-27478    6.5

------------------------------------------------------------------------
libmpeg2-0.5.1

/nix/store/pwpi5bmxga2if363nry1aw7qvpyzxj26-libmpeg2-0.5.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37416    6.5

------------------------------------------------------------------------
lodepng-3.10.1

/nix/store/il8ymdgr2gl3m32hdfdzc3i8gfmwds1s-lodepng-3.10.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2019-17178    7.5

------------------------------------------------------------------------
mercurial-6.8.1

/nix/store/adgwz43w27clwyyxj5i5axkl95yrjf0x-mercurial-6.8.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43410    5.3

------------------------------------------------------------------------
network-3.1.4.0

/nix/store/f8wmym8cwcl10jp659xkwjsr41rdh9vl-network-3.1.4.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
network-3.1.4.0-r1.cabal

/nix/store/74rzi1kcbdf0k1m8c5vr4ljf4a1apk0q-network-3.1.4.0-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-35048    9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35047    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35049    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24388    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24389    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24390    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24391    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24392    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24393    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24394    8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0486     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0997     7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-35050    7.5

------------------------------------------------------------------------
ninja-1.12.1

/nix/store/znflsi8ifra43452vzfbsrx541h0cwyp-ninja-1.12.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4336     9.8

------------------------------------------------------------------------
oh-my-zsh-2024-08-27

/nix/store/zllmshb2ryl0q29ki1qq2h09dbrfl8bs-oh-my-zsh-2024-08-27.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3727     9.8

------------------------------------------------------------------------
openexr-2.5.10

/nix/store/k6jx138fnv4a7clkb604vif3mwypq7qs-openexr-2.5.10.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-5841     9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-23169    8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-3598     5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-3605     5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23215    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-26260    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-26945    5.5

------------------------------------------------------------------------
openvpn-2.6.12

/nix/store/d4fijh6ia0q11n2vzfq57xrvmxgila7p-openvpn-2.6.12.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27569    7.5

------------------------------------------------------------------------
pip-20.3.4-source

/nix/store/vn6nx0826p50v24p7qg6sv1jpwf1qnic-pip-20.3.4-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-3572     5.7
https://nvd.nist.gov/vuln/detail/CVE-2023-5752     3.3

------------------------------------------------------------------------
plasma-workspace-5.27.11.1

/nix/store/by45mqsgm4zpz336yxl2l5v0zxigq65w-plasma-workspace-5.27.11.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2024-1433     3.7

------------------------------------------------------------------------
polkit-1.pam

/nix/store/qs11nnf9k3i9jy06cryx3i24faysp4yk-polkit-1.pam.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4034     7.8

------------------------------------------------------------------------
procps-3.3.17-binlore

/nix/store/03fh3wzy0ja5269nfjish2hw0mdlhgxz-procps-3.3.17-binlore.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
procps-3.3.17-lore-override

/nix/store/dbw12ba5fwgfkpjd6xl86zll20ayhmqq-procps-3.3.17-lore-override.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-4016     3.3

------------------------------------------------------------------------
python-2.7.18.8

/nix/store/hmiijzpqz73dgs7jr9lvkv6yiavbzjqx-python-2.7.18.8.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-48565    9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-9674     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0391     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-45061    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48560    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-24329    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-36632    7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-6232     7.5
https://nvd.nist.gov/vuln/detail/CVE-2024-7592     7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26488    7.0
https://nvd.nist.gov/vuln/detail/CVE-2021-3733     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-48564    6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23336    5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-48566    5.9
https://nvd.nist.gov/vuln/detail/CVE-2023-40217    5.3

------------------------------------------------------------------------
quote-1.0.35

/nix/store/5xlri9sfq5lxgr4h8cwmyf5w709lcv5s-quote-1.0.35.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
quote-1.0.36

/nix/store/x4dylylvrrj9pix92hbpmg0jsi0ijkpn-quote-1.0.36.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-16194    5.3

------------------------------------------------------------------------
rubygems-3.5.16

/nix/store/741nm0pyh022cdnyavng47y9j6s4wix5-rubygems-3.5.16.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-36073    8.8

------------------------------------------------------------------------
safe-0.3.21

/nix/store/63z2154ywqk9yzvc2l5a0q9jiqyv3a88-safe-0.3.21.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
safe-0.3.21-r1.cabal

/nix/store/5b96a8chlvh6bvbhpx9fj61xi1q4wwwi-safe-0.3.21-r1.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-28872    8.8
https://nvd.nist.gov/vuln/detail/CVE-2019-11644    7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-38164    6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-47524    5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-44751    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40834    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40835    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28868    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28869    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28870    4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-28873    4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-33596    4.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33594    3.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33595    3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-38163    3.5

------------------------------------------------------------------------
samba-4.20.4

/nix/store/gk7384161dmp7vi3vm765ki9jss70nda-samba-4.20.4.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37966    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-38023    8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-32743    7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-37967    7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-3670     6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-1615     5.5

------------------------------------------------------------------------
sassc-3.6.2

/nix/store/jzx01izqmq4kh7wln29f3c3f1862ykys-sassc-3.6.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-43357    7.5

------------------------------------------------------------------------
semver-1.0.22

/nix/store/pihdv8mj700zljzn30wfwg33xgzsysr6-semver-1.0.22.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-25883    7.5

------------------------------------------------------------------------
setuptools-44.0.0-source

/nix/store/2qgk79a0kazqyhghx1w5c5cb6vwc9as9-setuptools-44.0.0-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40897    5.9

------------------------------------------------------------------------
snappy-1.2.1

/nix/store/620p8bw67cv47zadn8yk0yb0hkxqawsx-snappy-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-28115    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-41330    9.8

------------------------------------------------------------------------
tap-1.0.1

/nix/store/skck9f2xa7bf1rz4haw90p97swi3z6bh-tap-1.0.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-41940    5.4

------------------------------------------------------------------------
unzip-6.0

/nix/store/03dvx39sdpvybbi6psky85ab413zgi80-unzip-6.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-4217     3.3

------------------------------------------------------------------------
vault-0.3.1.5

/nix/store/wza5fbrprzmm37s3ic2kb7pi2hwha6xj-vault-0.3.1.5.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
vault-0.3.1.5-r7.cabal

/nix/store/740i9rm23im41x9vbk5lw8jxfr4jdcr2-vault-0.3.1.5-r7.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-24999    8.1
https://nvd.nist.gov/vuln/detail/CVE-2020-13223    7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-27400    7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-6337     7.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0620     6.7
https://nvd.nist.gov/vuln/detail/CVE-2023-0665     6.5
https://nvd.nist.gov/vuln/detail/CVE-2024-8365     6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41802    5.4
https://nvd.nist.gov/vuln/detail/CVE-2023-2121     5.4
https://nvd.nist.gov/vuln/detail/CVE-2020-25594    5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-3024     5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38554    5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-41316    5.3
https://nvd.nist.gov/vuln/detail/CVE-2023-25000    4.7

------------------------------------------------------------------------
warp-3.3.31

/nix/store/ysq6bxlyv68d1xzy5flwfaql30v3k3gr-warp-3.3.31.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3320     9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-3512     8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4428     8.0
https://nvd.nist.gov/vuln/detail/CVE-2022-2145     7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-2225     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-0652     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1412     7.8
https://nvd.nist.gov/vuln/detail/CVE-2023-1862     7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-2754     6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-4457     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0238     5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-0654     3.7

------------------------------------------------------------------------
wheel-0.37.1-source

/nix/store/7sm5bzb59dafwk8rj5bqvjzpx251chwn-wheel-0.37.1-source.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-40898    7.5

------------------------------------------------------------------------
xdg-utils-1.2.1

/nix/store/k99j8vyz4whsrxh7mv702b8bzbyd35q2-xdg-utils-1.2.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-27748    6.5

------------------------------------------------------------------------
yaml-0.11.11.2

/nix/store/b8k0kq9vx4iq0lxs9nqjnsh9ard5vkhm-yaml-0.11.11.2.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yaml-0.11.11.2-r2.cabal

/nix/store/yg0d6yl4a8blp1lxnx2hlpnk5xvicjvp-yaml-0.11.11.2-r2.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-3064     7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-4235     5.5

------------------------------------------------------------------------
yara-4.5.0

/nix/store/30x3z3pcnbzdhh31678vdlk496jvdyvh-yara-4.5.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-45429    5.5

------------------------------------------------------------------------
yasm-1.3.0

/nix/store/20l221rfvy85j0pbpa29afip9xysmvi6-yasm-1.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2021-33454    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33455    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33456    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33457    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33458    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33459    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33460    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33461    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33462    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33463    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33464    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33465    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33466    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33467    5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-33468    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-30402    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31972    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31973    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31974    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51258    5.5
https://nvd.nist.gov/vuln/detail/CVE-2023-31975    3.3

------------------------------------------------------------------------
zlib-0.6.3.0

/nix/store/7rnx7fgby145gszi75a4lg7wd38rqzds-zlib-0.6.3.0.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-0.6.3.0-r5.cabal

/nix/store/piy096kvsgzmx5mbhm8kzmjykl336cx3-zlib-0.6.3.0-r5.cabal.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2022-37434    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-45853    9.8
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

------------------------------------------------------------------------
zlib-1.3.1

/nix/store/890wip2h8rdj94kzq44jzmf8mj33ik70-zlib-1.3.1.drv
CVE                                                CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2023-6992     5.5

use --show-whitelisted to see derivations with only whitelisted CVEs