CVE-2025-10283 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 2 days ago Improper .git Sanitization in gitdumper Enables RCE BBOT's gitdumper module could be abused to execute commands through a malicious git repository. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20
CVE-2025-10281 4.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago Insecure URL Handling in git_clone Leading to Leaked API Key BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20
CVE-2025-11561 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 2 days ago Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin (sssd_krb5_localauth_plugin), allowing an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users. This can result in unauthorized access or privilege escalation on domain-joined Linux hosts. Affected products sssd * =<2.11.1 rhcos * rhceph/rhceph-7-rhel9 * rhceph/rhceph-8-rhel9 * Matching in nixpkgs pkgs.sssd System Security Services Daemon nixos-25.05 ??? nixos-25.05-small 2.9.5 nixos-unstable 2.9.5 nixos-unstable-small 2.9.7 nixpkgs-unstable 2.9.7 Package maintainers: 1 @illustris Harikrishnan R <me@illustris.tech>
pkgs.sssd System Security Services Daemon nixos-25.05 ??? nixos-25.05-small 2.9.5 nixos-unstable 2.9.5 nixos-unstable-small 2.9.7 nixpkgs-unstable 2.9.7
CVE-2025-10282 4.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago GitLab Domain Confusion in gitlab Leaks API Key BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20
CVE-2024-0822 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 2 weeks, 2 days ago Ovirt: authentication bypass An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. Affected products ovirt-engine <4.5.6 * Matching in nixpkgs pkgs.rubyPackages.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0 pkgs.rubyPackages_3_1.ovirt-engine-sdk.x86_64-linux nixos-unstable 4.6.0 pkgs.rubyPackages_3_2.ovirt-engine-sdk.x86_64-linux nixos-unstable 4.6.0 pkgs.rubyPackages_3_3.ovirt-engine-sdk.x86_64-linux nixos-unstable 4.6.0 pkgs.rubyPackages_3_4.ovirt-engine-sdk.x86_64-linux nixos-unstable 4.6.0 pkgs.rubyPackages_3_1.ovirt-engine-sdk.aarch64-linux nixos-unstable 4.6.0 pkgs.rubyPackages_3_2.ovirt-engine-sdk.aarch64-linux nixos-unstable 4.6.0 pkgs.rubyPackages_3_3.ovirt-engine-sdk.aarch64-linux nixos-unstable 4.6.0 pkgs.rubyPackages_3_4.ovirt-engine-sdk.aarch64-linux nixos-unstable 4.6.0
pkgs.rubyPackages.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_1.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_2.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_3.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_4.ovirt-engine-sdk nixos-25.05 ??? nixos-25.05-small 4.6.0 nixos-unstable 4.6.0 nixos-unstable-small 4.6.0 nixpkgs-unstable 4.6.0
CVE-2025-53881 created 2 weeks, 2 days ago SUSE-specific logrotate configuration allows escalation from mail user/group to root A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1. Affected products exim <4.98.2-lp156.248.1 Matching in nixpkgs pkgs.exim Mail transfer agent (MTA) nixos-25.05 ??? nixos-25.05-small 4.98.2 nixos-unstable 4.98.2 nixos-unstable-small 4.98.2 nixpkgs-unstable 4.98.2 pkgs.vimPlugins.lexima-vim nixos-unstable 2024-11-30 nixos-unstable-small 2024-12-07 nixpkgs-unstable 2024-11-30 Package maintainers: 4 @helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de> @Conni2461 Simon Hauser <simon-hauser@outlook.com> @dasJ Janne Heß <janne@hess.ooo> @4z3 Tomislav Viljetić <tv@krebsco.de>
pkgs.exim Mail transfer agent (MTA) nixos-25.05 ??? nixos-25.05-small 4.98.2 nixos-unstable 4.98.2 nixos-unstable-small 4.98.2 nixpkgs-unstable 4.98.2
pkgs.vimPlugins.lexima-vim nixos-unstable 2024-11-30 nixos-unstable-small 2024-12-07 nixpkgs-unstable 2024-11-30
CVE-2025-54831 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago Apache Airflow: Connection sensitive details exposed to users with READ permissions Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could be viewed by users with READ permissions through both the API and the UI. This behavior also bypassed the `AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS` configuration option. This issue does not affect Airflow 2.x, where exposing sensitive information to connection editors was the intended and documented behavior. Users of Airflow 3.0.3 are advised to upgrade Airflow to >=3.0.4. Affected products apache-airflow ==3.0.3 Matching in nixpkgs pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 ??? nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co>
pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 ??? nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3
CVE-2025-60092 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. Affected products download-manager =<3.3.24 Matching in nixpkgs pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 ??? nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.1.3 pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 ??? nixos-25.05-small 0.2.1 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.1.3
pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
CVE-2025-60093 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 2 weeks, 2 days ago WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. Affected products download-manager =<3.3.24 Matching in nixpkgs pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 ??? nixos-25.05-small 0.1.3 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3 Package maintainers: 1 @OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
pkgs.lomiri.lomiri-download-manager Performs uploads and downloads from a centralized location nixos-25.05 ??? nixos-25.05-small 0.1.3 nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1
pkgs.lomiri.lomiri-download-manager.x86_64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
pkgs.lomiri.lomiri-download-manager.aarch64-linux Performs uploads and downloads from a centralized location nixos-unstable ??? nixos-unstable-small 0.1.3
CVE-2025-60165 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 2 weeks, 2 days ago WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7. Affected products frames =<1.5.7 Matching in nixpkgs pkgs.framesh Native web3 interface that lets you sign data, securely manage accounts and transparently interact with dapps via web3 protocols like Ethereum and IPFS nixos-25.05 ??? nixos-25.05-small 0.6.11 nixos-unstable 0.6.11 nixos-unstable-small 0.6.11 nixpkgs-unstable 0.6.11 pkgs.emacsPackages.frameshot nixos-unstable 20240805.1314 nixos-unstable-small 20240805.1314 nixpkgs-unstable 20240805.1314 pkgs.emacsPackages.framesize nixos-unstable 20131017.2132 nixos-unstable-small 20131017.2132 nixpkgs-unstable 20131017.2132 pkgs.emacsPackages.frames-only-mode nixos-unstable 20240716.706 nixos-unstable-small 20240716.706 nixpkgs-unstable 20240716.706 pkgs.haskellPackages.javelin-frames Type-safe data frames based on higher-kinded types nixos-25.05 ??? nixos-25.05-small 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1 pkgs.python312Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 pkgs.python313Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1 Package maintainers: 2 @philiptaron Philip Taron <philip.taron@gmail.com> @0xnook Tom Nook <0xnook@protonmail.com>
pkgs.framesh Native web3 interface that lets you sign data, securely manage accounts and transparently interact with dapps via web3 protocols like Ethereum and IPFS nixos-25.05 ??? nixos-25.05-small 0.6.11 nixos-unstable 0.6.11 nixos-unstable-small 0.6.11 nixpkgs-unstable 0.6.11
pkgs.emacsPackages.frameshot nixos-unstable 20240805.1314 nixos-unstable-small 20240805.1314 nixpkgs-unstable 20240805.1314
pkgs.emacsPackages.framesize nixos-unstable 20131017.2132 nixos-unstable-small 20131017.2132 nixpkgs-unstable 20131017.2132
pkgs.emacsPackages.frames-only-mode nixos-unstable 20240716.706 nixos-unstable-small 20240716.706 nixpkgs-unstable 20240716.706
pkgs.haskellPackages.javelin-frames Type-safe data frames based on higher-kinded types nixos-25.05 ??? nixos-25.05-small 0.1.0.1 nixos-unstable 0.1.0.1 nixos-unstable-small 0.1.0.1 nixpkgs-unstable 0.1.0.1
pkgs.python312Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1
pkgs.python313Packages.llm-video-frames LLM plugin to turn a video into individual frames nixos-unstable 0.1 nixos-unstable-small 0.1 nixpkgs-unstable 0.1