Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2025-47441
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 7 months, 1 week ago
WordPress Progress Bar <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar allows Stored XSS. This issue affects Progress Bar: from n/a through 2.2.3.

Affected products

progress-bar
  • =<2.2.3

Matching in nixpkgs

pkgs.haskellPackages.terminal-progress-bar

A progress bar in the terminal

CVE-2025-1400
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 7 months, 1 week ago
Out-of-bounds Read in libplctag library

Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

Affected products

libplctag
  • =<2.6.3

Matching in nixpkgs

pkgs.libplctag

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.x86_64-linux

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.aarch64-linux

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.x86_64-darwin

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

pkgs.libplctag.aarch64-darwin

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

Package maintainers: 1

CVE-2025-31177
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 7 months, 1 week ago
Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one

gnuplot is affected by a heap buffer overflow at function utf8_copy_one.

Affected products

gnuplot
  • <6.0

Matching in nixpkgs

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-darwin

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-darwin

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

Package maintainers: 3

CVE-2022-47599
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 7 months, 1 week ago
WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.

Affected products

file-manager
  • =<5.2.7

Matching in nixpkgs

pkgs.expidus.file-manager

ExpidusOS File Manager

pkgs.deepin.dde-file-manager

File manager for deepin desktop environment

pkgs.python311Packages.show-in-file-manager

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.x86_64-linux

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.aarch64-linux

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.x86_64-darwin

Open the system file manager and select files in it

pkgs.python312Packages.show-in-file-manager.aarch64-darwin

Open the system file manager and select files in it

Package maintainers: 2

CVE-2024-12225
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 7 months, 1 week ago
Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.

Affected products

quarkus
  • <3.15.3.1
io.quarkus:quarkus-security-webauthn

Matching in nixpkgs

pkgs.quarkus

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.x86_64-linux

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.aarch64-linux

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.x86_64-darwin

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

pkgs.quarkus.aarch64-darwin

Quarkus is a Kubernetes-native Java framework tailored for GraalVM and HotSpot, crafted from best-of-breed Java libraries and standards

Package maintainers: 1

CVE-2025-4373
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 7 months, 1 week ago
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

Affected products

glib
  • <2.84.2
bootc
glib2
  • *
loupe
librsvg2
mingw-glib2
glycin-loaders
rhosdt/jaeger-agent-rhel8
  • *
rhosdt/jaeger-query-rhel8
  • *
rhosdt/jaeger-ingester-rhel8
  • *
rhosdt/jaeger-rhel8-operator
  • *
rhosdt/jaeger-collector-rhel8
  • *
rhosdt/jaeger-operator-bundle
  • *
rhosdt/jaeger-all-in-one-rhel8
  • *
rhosdt/jaeger-es-rollover-rhel8
  • *
rhosdt/jaeger-es-index-cleaner-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-query-rhel8
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-operator-bundle
  • *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs.mlxbf-bootctl

Control BlueField boot partitions

pkgs.rubyPackages_3_1.glib2.x86_64-linux

pkgs.rubyPackages_3_2.glib2.x86_64-linux

pkgs.rubyPackages_3_3.glib2.x86_64-linux

pkgs.rubyPackages_3_4.glib2.x86_64-linux

pkgs.rubyPackages_3_1.glib2.aarch64-linux

pkgs.rubyPackages_3_1.glib2.x86_64-darwin

pkgs.rubyPackages_3_2.glib2.aarch64-linux

pkgs.rubyPackages_3_2.glib2.x86_64-darwin

pkgs.rubyPackages_3_3.glib2.aarch64-linux

pkgs.rubyPackages_3_3.glib2.x86_64-darwin

pkgs.rubyPackages_3_4.glib2.aarch64-linux

pkgs.rubyPackages_3_4.glib2.x86_64-darwin

pkgs.rubyPackages_3_1.glib2.aarch64-darwin

pkgs.rubyPackages_3_2.glib2.aarch64-darwin

pkgs.rubyPackages_3_3.glib2.aarch64-darwin

pkgs.rubyPackages_3_4.glib2.aarch64-darwin

Package maintainers: 2

CVE-2024-58134
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 7 months, 2 weeks ago
Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default

Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

Affected products

Mojolicious
  • =<9.39
  • =<9.40
  • =<*

Matching in nixpkgs

pkgs.perl538Packages.Mojolicious

Real-time web framework

pkgs.perl540Packages.Mojolicious

Real-time web framework

pkgs.perl538Packages.MojoliciousPluginI18N

Internationalization Plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginMail

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginI18N

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail

Mojolicious Plugin for send mail

pkgs.perl538Packages.MojoliciousPluginStatus

Mojolicious server status

pkgs.perl538Packages.MojoliciousPluginSyslog

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginStatus

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginWebpack

Mojolicious <3 Webpack

pkgs.perl540Packages.Mojolicious.x86_64-linux

Real-time web framework

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginWebpack

Mojolicious <3 Webpack

pkgs.perl538Packages.MojoliciousPluginGravatar

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.Mojolicious.aarch64-linux

Real-time web framework

pkgs.perl540Packages.Mojolicious.x86_64-darwin

Real-time web framework

pkgs.perl540Packages.MojoliciousPluginGravatar

Globally Recognized Avatars for Mojolicious

pkgs.perl538Packages.MojoliciousPluginAssetPack

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.Mojolicious.aarch64-darwin

Real-time web framework

pkgs.perl540Packages.MojoliciousPluginAssetPack

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl538Packages.MojoliciousPluginRenderFile

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile

"render_file" helper for Mojolicious

pkgs.perl538Packages.MojoliciousPluginTextExceptions

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTextExceptions

Render exceptions as text in command line user agents

pkgs.perl538Packages.MojoliciousPluginTemplateToolkit

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginI18N.x86_64-linux

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail.x86_64-linux

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginI18N.aarch64-linux

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginI18N.x86_64-darwin

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail.aarch64-linux

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginMail.x86_64-darwin

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginI18N.aarch64-darwin

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail.aarch64-darwin

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginStatus.x86_64-linux

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog.x86_64-linux

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginStatus.aarch64-linux

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginStatus.x86_64-darwin

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog.aarch64-linux

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginSyslog.x86_64-darwin

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginWebpack.x86_64-linux

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginGravatar.x86_64-linux

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginStatus.aarch64-darwin

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog.aarch64-darwin

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginWebpack.aarch64-linux

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginWebpack.x86_64-darwin

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginAssetPack.x86_64-linux

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginGravatar.aarch64-linux

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginGravatar.x86_64-darwin

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginWebpack.aarch64-darwin

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginAssetPack.aarch64-linux

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginAssetPack.x86_64-darwin

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginGravatar.aarch64-darwin

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile.x86_64-linux

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginAssetPack.aarch64-darwin

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginRenderFile.aarch64-linux

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile.x86_64-darwin

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile.aarch64-darwin

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTextExceptions.x86_64-linux

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.x86_64-linux

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTextExceptions.aarch64-linux

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTextExceptions.x86_64-darwin

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.aarch64-linux

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.x86_64-darwin

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTextExceptions.aarch64-darwin

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.aarch64-darwin

Template Toolkit renderer plugin for Mojolicious

Package maintainers: 4

CVE-2024-58135
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 7 months, 2 weeks ago
Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets

Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

Affected products

Mojolicious
  • =<9.39
  • =<9.40
  • =<*

Matching in nixpkgs

pkgs.perl538Packages.Mojolicious

Real-time web framework

pkgs.perl540Packages.Mojolicious

Real-time web framework

pkgs.perl538Packages.MojoliciousPluginI18N

Internationalization Plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginMail

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginI18N

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail

Mojolicious Plugin for send mail

pkgs.perl538Packages.MojoliciousPluginStatus

Mojolicious server status

pkgs.perl538Packages.MojoliciousPluginSyslog

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginStatus

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl538Packages.MojoliciousPluginWebpack

Mojolicious <3 Webpack

pkgs.perl540Packages.Mojolicious.x86_64-linux

Real-time web framework

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginWebpack

Mojolicious <3 Webpack

pkgs.perl538Packages.MojoliciousPluginGravatar

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.Mojolicious.aarch64-linux

Real-time web framework

pkgs.perl540Packages.Mojolicious.x86_64-darwin

Real-time web framework

pkgs.perl540Packages.MojoliciousPluginGravatar

Globally Recognized Avatars for Mojolicious

pkgs.perl538Packages.MojoliciousPluginAssetPack

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.Mojolicious.aarch64-darwin

Real-time web framework

pkgs.perl540Packages.MojoliciousPluginAssetPack

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl538Packages.MojoliciousPluginRenderFile

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile

"render_file" helper for Mojolicious

pkgs.perl538Packages.MojoliciousPluginTextExceptions

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTextExceptions

Render exceptions as text in command line user agents

pkgs.perl538Packages.MojoliciousPluginTemplateToolkit

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginI18N.x86_64-linux

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail.x86_64-linux

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginI18N.aarch64-linux

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginI18N.x86_64-darwin

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail.aarch64-linux

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginMail.x86_64-darwin

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginI18N.aarch64-darwin

Internationalization Plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginMail.aarch64-darwin

Mojolicious Plugin for send mail

pkgs.perl540Packages.MojoliciousPluginStatus.x86_64-linux

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog.x86_64-linux

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginStatus.aarch64-linux

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginStatus.x86_64-darwin

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog.aarch64-linux

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginSyslog.x86_64-darwin

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginWebpack.x86_64-linux

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginGravatar.x86_64-linux

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginStatus.aarch64-darwin

Mojolicious server status

pkgs.perl540Packages.MojoliciousPluginSyslog.aarch64-darwin

Plugin for enabling a Mojolicious app to log to syslog

pkgs.perl540Packages.MojoliciousPluginWebpack.aarch64-linux

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginWebpack.x86_64-darwin

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginAssetPack.x86_64-linux

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginGravatar.aarch64-linux

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginGravatar.x86_64-darwin

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginWebpack.aarch64-darwin

Mojolicious <3 Webpack

pkgs.perl540Packages.MojoliciousPluginAssetPack.aarch64-linux

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginAssetPack.x86_64-darwin

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginGravatar.aarch64-darwin

Globally Recognized Avatars for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile.x86_64-linux

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginAssetPack.aarch64-darwin

Compress and convert css, less, sass, javascript and coffeescript files

pkgs.perl540Packages.MojoliciousPluginRenderFile.aarch64-linux

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile.x86_64-darwin

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginRenderFile.aarch64-darwin

"render_file" helper for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTextExceptions.x86_64-linux

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.x86_64-linux

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTextExceptions.aarch64-linux

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTextExceptions.x86_64-darwin

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.aarch64-linux

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.x86_64-darwin

Template Toolkit renderer plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginTextExceptions.aarch64-darwin

Render exceptions as text in command line user agents

pkgs.perl540Packages.MojoliciousPluginTemplateToolkit.aarch64-darwin

Template Toolkit renderer plugin for Mojolicious

Package maintainers: 4

CVE-2023-40745
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 7 months, 2 weeks ago
Libtiff: integer overflow in tiffcp.c

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

Affected products

libtiff
  • *
  • <4.6.0
mingw-libtiff
compact-libtiff
compat-libtiff3

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-darwin

Library and utilities for working with the TIFF image file format

Package maintainers: 7

CVE-2025-47153
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 7 months, 2 weeks ago
Certain build processes for libuv and Node.js for 32-bit systems, …

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.

Affected products

nodejs
  • =<nodejs_20.19.0+dfsg-2_i386.deb

Matching in nixpkgs

pkgs.nodejs_18

Event-driven I/O framework for the V8 JavaScript engine

pkgs.nodejs_20

Event-driven I/O framework for the V8 JavaScript engine

pkgs.nodejs_22

Event-driven I/O framework for the V8 JavaScript engine

pkgs.corepack_18

Wrappers for npm, pnpm and Yarn via Node.js Corepack

pkgs.corepack_20

Wrappers for npm, pnpm and Yarn via Node.js Corepack

pkgs.corepack_22

Wrappers for npm, pnpm and Yarn via Node.js Corepack

pkgs.nodejs_latest

Event-driven I/O framework for the V8 JavaScript engine

pkgs.nodejs-slim_18

Event-driven I/O framework for the V8 JavaScript engine

pkgs.nodejs-slim_20

Event-driven I/O framework for the V8 JavaScript engine

pkgs.nodejs-slim_22

Event-driven I/O framework for the V8 JavaScript engine

pkgs.corepack_latest

Wrappers for npm, pnpm and Yarn via Node.js Corepack

pkgs.elmPackages.nodejs

Event-driven I/O framework for the V8 JavaScript engine

pkgs.nodejs-slim_latest

Event-driven I/O framework for the V8 JavaScript engine

pkgs.nodejsInstallManuals

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.haxePackages.hxnodejs_4

Extern definitions for node.js 4.x

pkgs.haxePackages.hxnodejs_6

Extern definitions for node.js 6.9

pkgs.nodejsInstallExecutables

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.graalvmCEPackages.graalnodejs

High-Performance Polyglot VM (Product: graalnodejs)

pkgs.dockerfile-language-server-nodejs

Language server for Dockerfiles powered by Node.js, TypeScript, and VSCode technologies

pkgs.matrix-sdk-crypto-nodejs-0_1_0-beta_3

No-network-IO implementation of a state machine that handles E2EE for Matrix clients

pkgs.python311Packages.hatch-nodejs-version

Plugins for dealing with NodeJS versions

pkgs.python312Packages.hatch-nodejs-version

Plugins for dealing with NodeJS versions

pkgs.python312Packages.hatch-nodejs-version.x86_64-linux

Plugins for dealing with NodeJS versions

pkgs.python312Packages.hatch-nodejs-version.aarch64-linux

Plugins for dealing with NodeJS versions

pkgs.python312Packages.hatch-nodejs-version.x86_64-darwin

Plugins for dealing with NodeJS versions

pkgs.python312Packages.hatch-nodejs-version.aarch64-darwin

Plugins for dealing with NodeJS versions

Package maintainers: 11