CVE-2023-3576 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 7 months, 2 weeks ago Libtiff: memory leak in tiffcrop.c A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Affected products libtiff * mingw-libtiff compat-libtiff3 Matching in nixpkgs pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0 pkgs.libtiff.x86_64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.aarch64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.x86_64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.aarch64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 Package maintainers: 7 @nh2 Niklas Hambüchen <mail@nh2.me> @autra Augustin Trancart <augustin.trancart@gmail.com> @l0b0 Victor Engmark <victor@engmark.name> @willcohen Will Cohen @nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com> @imincik Ivan Mincik <ivan.mincik@gmail.com> @sikmir Nikolay Korotkiy <sikmir@disroot.org>
pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0
pkgs.libtiff.x86_64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.aarch64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.x86_64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.aarch64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
CVE-2023-41175 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 7 months, 2 weeks ago Libtiff: potential integer overflow in raw2tiff.c A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Affected products libtiff * <4.6.0 mingw-libtiff compact-libtiff compat-libtiff3 Matching in nixpkgs pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0 pkgs.libtiff.x86_64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.aarch64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.x86_64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 pkgs.libtiff.aarch64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0 Package maintainers: 7 @nh2 Niklas Hambüchen <mail@nh2.me> @autra Augustin Trancart <augustin.trancart@gmail.com> @l0b0 Victor Engmark <victor@engmark.name> @willcohen Will Cohen @nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com> @imincik Ivan Mincik <ivan.mincik@gmail.com> @sikmir Nikolay Korotkiy <sikmir@disroot.org>
pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0
pkgs.libtiff.x86_64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.aarch64-linux Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.x86_64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
pkgs.libtiff.aarch64-darwin Library and utilities for working with the TIFF image file format nixos-unstable ??? nixos-unstable-small 4.7.0
CVE-2023-4813 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 7 months, 2 weeks ago Glibc: potential use-after-free in gaih_inet() A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. Affected products glibc * compat-glibc Matching in nixpkgs pkgs.glibc GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.iconv GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.getent nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.locale nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.mtrace Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3) nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.getconf nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.libiconv nixos-unstable 2.40 nixos-unstable-small 2.40 nixpkgs-unstable 2.40 pkgs.glibcInfo GNU Info manual of the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibc_multi nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibcLocales Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibc_memusage GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibcLocalesUtf8 Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.unixtools.getent nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.unixtools.locale nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.unixtools.getconf nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.locale.x86_64-linux nixos-unstable ??? nixos-unstable-small 2.40-36 pkgs.locale.aarch64-linux nixos-unstable ??? nixos-unstable-small 2.40-36 pkgs.libiconv.x86_64-linux nixos-unstable ??? nixos-unstable-small 2.40 pkgs.libiconv.aarch64-linux nixos-unstable ??? nixos-unstable-small 2.40 Package maintainers: 2 @Ma27 Maximilian Bosch <maximilian@mbosch.me> @ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
pkgs.glibc GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.iconv GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.mtrace Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3) nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibcInfo GNU Info manual of the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibcLocales Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibc_memusage GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibcLocalesUtf8 Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
CVE-2023-4806 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 7 months, 2 weeks ago Glibc: potential use-after-free in getaddrinfo() A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. Affected products glibc * compat-glibc Matching in nixpkgs pkgs.glibc GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.iconv GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.getent nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.locale nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.mtrace Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3) nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.getconf nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.libiconv nixos-unstable 2.40 nixos-unstable-small 2.40 nixpkgs-unstable 2.40 pkgs.glibcInfo GNU Info manual of the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibc_multi nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibcLocales Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibc_memusage GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.glibcLocalesUtf8 Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.unixtools.getent nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.unixtools.locale nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.unixtools.getconf nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36 pkgs.locale.x86_64-linux nixos-unstable ??? nixos-unstable-small 2.40-36 pkgs.locale.aarch64-linux nixos-unstable ??? nixos-unstable-small 2.40-36 pkgs.libiconv.x86_64-linux nixos-unstable ??? nixos-unstable-small 2.40 pkgs.libiconv.aarch64-linux nixos-unstable ??? nixos-unstable-small 2.40 Package maintainers: 2 @Ma27 Maximilian Bosch <maximilian@mbosch.me> @ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
pkgs.glibc GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.iconv GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.mtrace Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3) nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibcInfo GNU Info manual of the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibcLocales Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibc_memusage GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
pkgs.glibcLocalesUtf8 Locale information for the GNU C Library nixos-unstable 2.40-36 nixos-unstable-small 2.40-36 nixpkgs-unstable 2.40-36
CVE-2023-40204 9.1 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 7 months, 2 weeks ago WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. Affected products folders =<2.9.2 Matching in nixpkgs pkgs.sweet-folders Folders icons for Sweet GTK theme nixos-unstable 2023-03-18 nixos-unstable-small 2023-03-18 nixpkgs-unstable 2023-03-18 pkgs.papirus-folders Tool to change papirus icon theme color nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1 pkgs.platform-folders C++ library to look for standard platform directories so that you do not need to write platform-specific code nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0 pkgs.catppuccin-papirus-folders Soothing pastel theme for Papirus Icon Theme folders nixos-unstable 2023-08-02 nixos-unstable-small 2023-08-02 nixpkgs-unstable 2023-08-02 pkgs.vscode-extensions.moshfeu.compare-folders Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable 0.24.3 nixos-unstable-small 0.24.3 nixpkgs-unstable 0.24.3 pkgs.vscode-extensions.moshfeu.compare-folders.x86_64-linux Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3 pkgs.vscode-extensions.moshfeu.compare-folders.aarch64-linux Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3 pkgs.vscode-extensions.moshfeu.compare-folders.x86_64-darwin Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3 pkgs.vscode-extensions.moshfeu.compare-folders.aarch64-darwin Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3 Package maintainers: 3 @aacebedo Alexandre Acebedo <alexandre@acebedo.fr> @D3vil0p3r Antonio Voza <vozaanthony@gmail.com> @rubyowo Rei Star <perhaps-you-know@what-is.ml>
pkgs.sweet-folders Folders icons for Sweet GTK theme nixos-unstable 2023-03-18 nixos-unstable-small 2023-03-18 nixpkgs-unstable 2023-03-18
pkgs.papirus-folders Tool to change papirus icon theme color nixos-unstable 1.13.1 nixos-unstable-small 1.13.1 nixpkgs-unstable 1.13.1
pkgs.platform-folders C++ library to look for standard platform directories so that you do not need to write platform-specific code nixos-unstable 4.2.0 nixos-unstable-small 4.2.0 nixpkgs-unstable 4.2.0
pkgs.catppuccin-papirus-folders Soothing pastel theme for Papirus Icon Theme folders nixos-unstable 2023-08-02 nixos-unstable-small 2023-08-02 nixpkgs-unstable 2023-08-02
pkgs.vscode-extensions.moshfeu.compare-folders Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable 0.24.3 nixos-unstable-small 0.24.3 nixpkgs-unstable 0.24.3
pkgs.vscode-extensions.moshfeu.compare-folders.x86_64-linux Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3
pkgs.vscode-extensions.moshfeu.compare-folders.aarch64-linux Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3
pkgs.vscode-extensions.moshfeu.compare-folders.x86_64-darwin Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3
pkgs.vscode-extensions.moshfeu.compare-folders.aarch64-darwin Extension allows you to compare folders, show the diffs in a list and present diff in a splitted view side by side nixos-unstable ??? nixos-unstable-small 0.24.3
CVE-2025-4035 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 7 months, 2 weeks ago Libsoup: cookie domain validation bypass via uppercase characters in libsoup A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation. Affected products libsoup libsoup3 * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-3501 8.2 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): NONE created 7 months, 2 weeks ago Org.keycloak.protocol.services: keycloak hostname verification A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. Affected products keycloak <25.* <26.2.2 <26.0.11 <26.1.* rh-sso7-keycloak rhbk/keycloak-rhel9 * keycloak-rhel9-container * rhbk/keycloak-rhel9-operator * rhbk/keycloak-operator-bundle * keycloak-rhel9-operator-container * keycloak-rhel9-operator-bundle-container * Matching in nixpkgs pkgs.keycloak Identity and access management for modern applications and services nixos-unstable 26.0.6 nixos-unstable-small 26.0.7 nixpkgs-unstable 26.0.6 pkgs.terraform-providers.keycloak nixos-unstable 4.4.0 nixos-unstable-small 4.4.0 nixpkgs-unstable 4.4.0 pkgs.python311Packages.python-keycloak Provides access to the Keycloak API nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python312Packages.python-keycloak Provides access to the Keycloak API nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python312Packages.python-keycloak.x86_64-linux Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.aarch64-linux Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.x86_64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.aarch64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0 Package maintainers: 3 @NickCao Nick Cao <nickcao@nichi.co> @talyz Kim Lindberger <kim.lindberger@gmail.com> @ngerstle Nicholas Gerstle <ngerstle@gmail.com>
pkgs.keycloak Identity and access management for modern applications and services nixos-unstable 26.0.6 nixos-unstable-small 26.0.7 nixpkgs-unstable 26.0.6
pkgs.terraform-providers.keycloak nixos-unstable 4.4.0 nixos-unstable-small 4.4.0 nixpkgs-unstable 4.4.0
pkgs.python311Packages.python-keycloak Provides access to the Keycloak API nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0
pkgs.python312Packages.python-keycloak Provides access to the Keycloak API nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0
pkgs.python312Packages.python-keycloak.x86_64-linux Provides access to the Keycloak API nixos-unstable 4.0.0
pkgs.python312Packages.python-keycloak.aarch64-linux Provides access to the Keycloak API nixos-unstable 4.0.0
pkgs.python312Packages.python-keycloak.x86_64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0
pkgs.python312Packages.python-keycloak.aarch64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0
CVE-2025-30194 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 7 months, 2 weeks ago Denial of service via crafted DoH exchange When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention. Affected products dnsdist <1.9.9 Matching in nixpkgs pkgs.dnsdist DNS Loadbalancer nixos-unstable 1.8.3 nixos-unstable-small 1.8.3 nixpkgs-unstable 1.8.3 Package maintainers: 1 @jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>
CVE-2025-3625 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): HIGH created 7 months, 3 weeks ago Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA). Affected products moodle <4.4.8 <4.5.4 <4.3.12 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
CVE-2025-32045 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 7 months, 3 weeks ago Moodle: hidden grades shown to users without permission on some grade reports A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. Affected products moodle ==4.1.17 ==4.5.3 ==4.3.11 ==4.4.7 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12