CVE-2025-60019 3.7 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 2 weeks, 2 days ago Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based() glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location. Affected products glib-networking <2.80.2 Matching in nixpkgs pkgs.glib-networking Network-related giomodules for glib nixos-25.05 ??? nixos-25.05-small 2.80.1 nixos-unstable 2.80.1 nixos-unstable-small 2.80.1 nixpkgs-unstable 2.80.1 Package maintainers: 4 @jtojnar Jan Tojnar <jtojnar@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com>
pkgs.glib-networking Network-related giomodules for glib nixos-25.05 ??? nixos-25.05-small 2.80.1 nixos-unstable 2.80.1 nixos-unstable-small 2.80.1 nixpkgs-unstable 2.80.1
CVE-2025-4437 5.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 2 weeks, 2 days ago Cri-o: large /etc/passwd file may lead to denial of service There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a high memory consumption leading applications to be killed due to out-of-memory. As a result a denial-of-service can be achieved, possibly disrupting other pods and services running in the same host. Affected products cri-o rhcos Matching in nixpkgs pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-25.05 ??? nixos-25.05-small 1.32.4 nixos-unstable 1.33.2 nixos-unstable-small 1.33.2 nixpkgs-unstable 1.33.2 pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-25.05 ??? nixos-25.05-small 1.32.4 nixos-unstable 1.33.2 nixos-unstable-small 1.33.2 nixpkgs-unstable 1.33.2 Package maintainers: 2 @vdemeester Vincent Demeester <vincent@sbr.pm> @saschagrunert Sascha Grunert <mail@saschagrunert.de>
pkgs.cri-o Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-25.05 ??? nixos-25.05-small 1.32.4 nixos-unstable 1.33.2 nixos-unstable-small 1.33.2 nixpkgs-unstable 1.33.2
pkgs.cri-o-unwrapped Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface nixos-25.05 ??? nixos-25.05-small 1.32.4 nixos-unstable 1.33.2 nixos-unstable-small 1.33.2 nixpkgs-unstable 1.33.2
CVE-2025-60018 4.8 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): LOW created 2 weeks, 2 days ago Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()" glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read. Affected products glib-networking <2.80.2 Matching in nixpkgs pkgs.glib-networking Network-related giomodules for glib nixos-25.05 ??? nixos-25.05-small 2.80.1 nixos-unstable 2.80.1 nixos-unstable-small 2.80.1 nixpkgs-unstable 2.80.1 Package maintainers: 4 @jtojnar Jan Tojnar <jtojnar@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com>
pkgs.glib-networking Network-related giomodules for glib nixos-25.05 ??? nixos-25.05-small 2.80.1 nixos-unstable 2.80.1 nixos-unstable-small 2.80.1 nixpkgs-unstable 2.80.1
CVE-2025-9900 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 2 days ago Libtiff: libtiff write-what-where A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Affected products libtiff <4.7.1 * mingw-libtiff * compat-libtiff3 * rhaiis/vllm-cuda-rhel9 * rhaiis/vllm-rocm-rhel9 * rhaiis/model-opt-cuda-rhel9 * discovery/discovery-ui-rhel9 * Matching in nixpkgs pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-25.05 ??? nixos-25.05-small 4.7.0 nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0 pkgs.libtiff.x86_64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.aarch64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.x86_64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.aarch64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 Package maintainers: 7 @sikmir Nikolay Korotkiy <sikmir@disroot.org> @l0b0 Victor Engmark <victor@engmark.name> @imincik Ivan Mincik <ivan.mincik@gmail.com> @nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com> @willcohen Will Cohen @nh2 Niklas Hambüchen <mail@nh2.me> @autra Augustin Trancart <augustin.trancart@gmail.com>
pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-25.05 ??? nixos-25.05-small 4.7.0 nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0
pkgs.libtiff.x86_64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.aarch64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.x86_64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.aarch64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
CVE-2025-58020 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 2 days ago WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. Affected products theatre =<0.18.8 Matching in nixpkgs pkgs.haskellPackages.theatre Minimalistic actor library nixos-unstable 1.0.0.2 nixos-unstable-small 1.0.0.2 nixpkgs-unstable 1.0.0.2 pkgs.haskellPackages.theatre-dev Minimalistic actor library experiments nixos-25.05 ??? nixos-25.05-small 0.5.0.1 nixos-unstable 0.5.0.1 nixos-unstable-small 0.5.0.1 nixpkgs-unstable 0.5.0.1
pkgs.haskellPackages.theatre Minimalistic actor library nixos-unstable 1.0.0.2 nixos-unstable-small 1.0.0.2 nixpkgs-unstable 1.0.0.2
pkgs.haskellPackages.theatre-dev Minimalistic actor library experiments nixos-25.05 ??? nixos-25.05-small 0.5.0.1 nixos-unstable 0.5.0.1 nixos-unstable-small 0.5.0.1 nixpkgs-unstable 0.5.0.1
CVE-2025-57996 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 2 days ago WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9. Affected products buckets =<0.3.9 Matching in nixpkgs pkgs.buckets Private family budgeting app nixos-25.05 ??? nixos-25.05-small 0.75.0 nixos-unstable 0.80.0 nixos-unstable-small 0.80.0 nixpkgs-unstable 0.80.0 pkgs.python311Packages.bucketstore Library for interacting with Amazon S3 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0 pkgs.python312Packages.bucketstore Library for interacting with Amazon S3 nixos-25.05 ??? nixos-25.05-small 0.3.0 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0 pkgs.python313Packages.bucketstore Library for interacting with Amazon S3 nixos-25.05 ??? nixos-25.05-small 0.3.0 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0 Package maintainers: 2 @jpetrucciani Jacobi Petrucciani <j@cobi.dev> @kmogged Kevin
pkgs.buckets Private family budgeting app nixos-25.05 ??? nixos-25.05-small 0.75.0 nixos-unstable 0.80.0 nixos-unstable-small 0.80.0 nixpkgs-unstable 0.80.0
pkgs.python311Packages.bucketstore Library for interacting with Amazon S3 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0
pkgs.python312Packages.bucketstore Library for interacting with Amazon S3 nixos-25.05 ??? nixos-25.05-small 0.3.0 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0
pkgs.python313Packages.bucketstore Library for interacting with Amazon S3 nixos-25.05 ??? nixos-25.05-small 0.3.0 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0
CVE-2025-58245 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 2 days ago WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. Affected products portfolio =<2.58 Matching in nixpkgs pkgs.portfolio-filemanager Minimalist file manager for those who want to use Linux mobile devices nixos-25.05 ??? nixos-25.05-small 1.0.2 nixos-unstable 1.0.2 nixos-unstable-small 1.0.2 nixpkgs-unstable 1.0.2 pkgs.traderepublic-portfolio-downloader Downloads trade republic portfolio data nixos-25.05 ??? nixos-25.05-small 0.19.0 nixos-unstable 0.19.0 nixos-unstable-small 0.19.0 nixpkgs-unstable 0.19.0 Package maintainers: 3 @SeineEloquenz Alexander Linder @chuangzhu Chuang Zhu <nixos@chuang.cz> @dotlambda Robert Schütz <rschuetz17@gmail.com>
pkgs.portfolio-filemanager Minimalist file manager for those who want to use Linux mobile devices nixos-25.05 ??? nixos-25.05-small 1.0.2 nixos-unstable 1.0.2 nixos-unstable-small 1.0.2 nixpkgs-unstable 1.0.2
pkgs.traderepublic-portfolio-downloader Downloads trade republic portfolio data nixos-25.05 ??? nixos-25.05-small 0.19.0 nixos-unstable 0.19.0 nixos-unstable-small 0.19.0 nixpkgs-unstable 0.19.0
CVE-2025-58652 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 2 days ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. Affected products carousel =<1.8 Matching in nixpkgs pkgs.haskellPackages.data-carousel A rotating sequence data structure nixos-25.05 ??? nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.data-carousel.x86_64-linux A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.data-carousel.aarch64-linux A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.data-carousel.x86_64-darwin A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.data-carousel.aarch64-darwin A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.data-carousel A rotating sequence data structure nixos-25.05 ??? nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.data-carousel.x86_64-linux A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.data-carousel.aarch64-linux A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.data-carousel.x86_64-darwin A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.data-carousel.aarch64-darwin A rotating sequence data structure nixos-unstable ??? nixpkgs-unstable 0.1.0.0
CVE-2025-57924 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 2 weeks, 2 days ago WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. Affected products developer =<1.2.6 Matching in nixpkgs pkgs.darwin.developer_cmds Developer commands for Darwin nixos-25.05 ??? nixos-25.05-small 83 nixos-unstable 79 nixos-unstable-small 83 nixpkgs-unstable 83 Package maintainers: 3 @reckenrode Randy Eckenrode <randy@largeandhighquality.com> @emilazy Emily <nixpkgs@emily.moe> @toonn Toon Nolten <nixpkgs@toonn.io>
pkgs.darwin.developer_cmds Developer commands for Darwin nixos-25.05 ??? nixos-25.05-small 83 nixos-unstable 79 nixos-unstable-small 83 nixpkgs-unstable 83
CVE-2025-10854 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 2 days ago Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhere in the filesystem when txtai is used to load untrusted embedding indices Affected products txtai =<9.0.0 Matching in nixpkgs pkgs.python311Packages.txtai Semantic search and workflows powered by language models nixos-unstable 8.0.0 nixos-unstable-small 8.0.0 nixpkgs-unstable 8.0.0 pkgs.python312Packages.txtai Semantic search and workflows powered by language models nixos-25.05 ??? nixos-25.05-small 8.2.0 nixos-unstable 8.6.0 nixos-unstable-small 8.6.0 nixpkgs-unstable 8.6.0 pkgs.python313Packages.txtai Semantic search and workflows powered by language models nixos-25.05 ??? nixos-25.05-small 8.2.0 nixos-unstable 8.6.0 nixos-unstable-small 8.6.0 nixpkgs-unstable 8.5.0 pkgs.python312Packages.txtai.x86_64-linux Semantic search and workflows powered by language models nixos-unstable 8.0.0 pkgs.python312Packages.txtai.aarch64-linux Semantic search and workflows powered by language models nixos-unstable 8.0.0 pkgs.python312Packages.txtai.aarch64-darwin Semantic search and workflows powered by language models nixos-unstable 8.0.0 pkgs.python311Packages.llama-index-readers-txtai LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0 pkgs.python312Packages.llama-index-readers-txtai LlamaIndex Readers Integration for txtai nixos-25.05 ??? nixos-25.05-small 0.3.0 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0 pkgs.python313Packages.llama-index-readers-txtai LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0 pkgs.python312Packages.llama-index-readers-txtai.x86_64-linux LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0 pkgs.python312Packages.llama-index-readers-txtai.aarch64-linux LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0 pkgs.python312Packages.llama-index-readers-txtai.x86_64-darwin LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0 Package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @happysalada Raphael Megzari <raphael@megzari.com>
pkgs.python311Packages.txtai Semantic search and workflows powered by language models nixos-unstable 8.0.0 nixos-unstable-small 8.0.0 nixpkgs-unstable 8.0.0
pkgs.python312Packages.txtai Semantic search and workflows powered by language models nixos-25.05 ??? nixos-25.05-small 8.2.0 nixos-unstable 8.6.0 nixos-unstable-small 8.6.0 nixpkgs-unstable 8.6.0
pkgs.python313Packages.txtai Semantic search and workflows powered by language models nixos-25.05 ??? nixos-25.05-small 8.2.0 nixos-unstable 8.6.0 nixos-unstable-small 8.6.0 nixpkgs-unstable 8.5.0
pkgs.python312Packages.txtai.x86_64-linux Semantic search and workflows powered by language models nixos-unstable 8.0.0
pkgs.python312Packages.txtai.aarch64-linux Semantic search and workflows powered by language models nixos-unstable 8.0.0
pkgs.python312Packages.txtai.aarch64-darwin Semantic search and workflows powered by language models nixos-unstable 8.0.0
pkgs.python311Packages.llama-index-readers-txtai LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0
pkgs.python312Packages.llama-index-readers-txtai LlamaIndex Readers Integration for txtai nixos-25.05 ??? nixos-25.05-small 0.3.0 nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0
pkgs.python313Packages.llama-index-readers-txtai LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0 nixos-unstable-small 0.3.0 nixpkgs-unstable 0.3.0
pkgs.python312Packages.llama-index-readers-txtai.x86_64-linux LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0
pkgs.python312Packages.llama-index-readers-txtai.aarch64-linux LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0
pkgs.python312Packages.llama-index-readers-txtai.x86_64-darwin LlamaIndex Readers Integration for txtai nixos-unstable 0.3.0