View packages at a commit

Paste a `locked_commit` from your `minimal.toml`, or a recent commit from the list.

Security advisories

80 advisories affecting the catalog, most severe first.

Showing 80 advisories.

Security advisories affecting the package catalog
Severity Advisory Affected packages Status
Critical: 9.1

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.

perl Under investigation
Critical: 9.8

scanf %mc off-by-one heap buffer overflow

glibc Under investigation
High: 8.4

Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.

perl Under investigation
High

Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

python Under investigation
High

GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

wget Under investigation
High: 7.0

Off-by-one stack buffer overflow in dnsname_to_labels via crafted DNS server response

libevent Resolved
High: 8.4

Heap out-of-bounds write in bufferevent_socket_set_conn_address_ reachable via AF_UNIX accept

libevent Resolved
High: 7.5

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression routines and is not reinitialized between files processed in the same invocation. By decompressing a specially crafted LZW file followed by a specially crafted LZH file in a single gzip -d command, an attacker can poison the shared global state and subsequently trigger an out‑of‑bounds read in the LZH decoder. The LZH decompression logic follows stale values left in the shared array, causing reads past the end of the allocated global buffer. This issue has been fixed in the commit 63dbf6b3b9e6e781df1a6a64e609b10e23969681

gzip Under investigation
High python Under investigation
High

tarfile extraction filter bypass allows escaping the destination directory

python Under investigation
High: 7.3

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

perl Under investigation
High: 7.3

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

glibc Under investigation
High: 7.5

Potential buffer under-read in ungetwc

glibc Under investigation
High: 7.5

CVE-2026-6069

nasm Affected
High: 7.5

CVE-2026-6067

nasm Affected
High: 7.5

iconv crash due to assertion failure with untrusted input

glibc Under investigation
High: 7.5

gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

glibc Under investigation
High

Heap-buffer-overflow in pcre2_compile_32

pcre2 Fix unavailable
High

Heap-buffer-overflow in opj_j2k_read_tile_header

openjpeg Affected
High

Heap-buffer-overflow in btf_ensure_modifiable

libbpf Under investigation
High

Heap-buffer-overflow in opj_jp2_apply_pclr

opencv Under investigation
High: 7.5

slim has NULL pointer dereference when using crypt() method from glibc 2.17

glibc Affected
Medium: 5.5

GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position. This results in excessive CPU consumption and prevents the process from completing. An attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination. This issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9

patch Under investigation
Medium: 5.5

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service. This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313

patch Under investigation
Medium

GNU Wget 1.25.0 Heap Buffer Overflow via HTML Attribute Encoding

wget Under investigation
Medium

GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

wget Under investigation
Medium

GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing

wget Under investigation
Medium: 4.7

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PID). This predictable filename is created without exclusive access or existence checks. A local attacker can pre‑create the predicted temporary file path as a symbolic link pointing to an arbitrary file writable by the victim. When gzexe runs, it follows the symlink and overwrites the target file, resulting in a time‑of‑check to time‑of‑use (TOCTOU) condition that allows arbitrary file overwrite. This issue has been fixed in the commit 4e6f8b24ab823146ab8776f0b7fe486ab34d4269

gzip Under investigation
Medium

nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

nghttp2 Under investigation
Medium

Configuration Injection via Carriage Return (\r) in write() method

python Under investigation
Medium: 6.7

Stack buffer overflow in sample/http-server via unbounded Unix socket path (strcpy)

libevent Resolved
Medium: 4.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.5

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 6.9

No summary provided.

expat Resolved
Medium: 4.9

No summary provided.

expat Resolved
Medium

CPython >3.11 Insecure Input Validation resulting in privilege escalation

python Under investigation
Medium: 5.4

LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

libpng Under investigation
Medium: 4.9

No summary provided.

expat Resolved
Medium: 4.6

Terminal escape sequence injection via process argv[0] in InfoScreen_drawTitled() (mvaddstr)

htop Under investigation
Medium: 5.5

Unbounded VLA stack allocation in RichString_writeFromWide() causes denial of service via crafted process command line (ncursesw build)

htop Under investigation
Medium: 6.5

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

glibc Under investigation
Medium: 6.1

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.

emacs Under investigation
Medium: 6.5

CVE-2026-6068

nasm Affected
Medium: 5.4

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

glibc Under investigation
Medium python Under investigation
Medium python Under investigation
Medium: 6.6

Heap-based Buffer Over-read in llama_model_load

llama.cpp Under investigation
Medium: 5.5

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

numpy Resolved
Medium: 5.5

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

numpy Resolved
Low: 3.3

Uncontrolled memory allocation in LIEF ELF Note parser (`Note::create`)

lief Under investigation
Low python Under investigation
Low

Stack-Based Buffer Overflow in libxml2

libxml2 Under investigation
Low: 3.3

CUPS ipp backend status-line injection can update queue PPD and lead to conditional RCE as lp via foomatic-rip

cups Under investigation
Low: 3.3

Stack buffer underflow in InfoScreen_drawTitled() when terminal width is 2 columns or fewer

htop Under investigation
Low: 2.9

No summary provided.

expat Resolved
Low

UNKNOWN READ in init_struct_ops_maps

libbpf Under investigation
Low: 3.3

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

unzip Under investigation
Unknown

Connection created for the wrong upstream for forward_auth + reverse_proxy

caddy Under investigation
Unknown

HTTP Header smuggling

libevent Resolved
Unknown

Dangling Pointer in `evbuffer_add_buffer_reference`

libevent Resolved
Unknown

libevent evhttp: Multiple HTTP Parser Bugs Enable Request Smuggling

libevent Resolved
Unknown

decode_tag_internal() can lead to out-of-bounds read

libevent Resolved
Unknown

`evtag_unmarshal_header()` decodes a wire `uint32` length into a signed `int` return value.

libevent Resolved
Unknown

HTTP header handling bugs create risk of access control bypass.

libevent Resolved
Unknown

pcre2_serialize_encode() information disclosure

pcre2 Under investigation
Unknown

Null-dereference READ in _libssh2_packet_add

libssh2 Fix unavailable
Unknown

Null-dereference READ in session_startup

libssh2 Affected
Unknown

Null-dereference READ in ubsan_GetStackTrace

libssh2 Affected
Unknown

Null-dereference READ in _libssh2_packet_add

libssh2 Affected
Unknown

UNKNOWN WRITE in regcomp

file Resolved
Unknown

Incorrect-function-pointer-type in cv::split

opencv Under investigation
Unknown

Null-dereference READ in session_startup

libssh2 Affected

Join the waitlist

Confirm your identity by email or GitHub.

or