CVE-2025-46443 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 7 months, 3 weeks ago WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5. Affected products animate =<0.5 Matching in nixpkgs pkgs.vimPlugins.mini-animate nixos-unstable 2024-12-01 nixos-unstable-small 2024-12-01 nixpkgs-unstable 2024-12-01
pkgs.vimPlugins.mini-animate nixos-unstable 2024-12-01 nixos-unstable-small 2024-12-01 nixpkgs-unstable 2024-12-01
CVE-2025-46505 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 7 months, 3 weeks ago WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1. Affected products peekaboo =<1.1 Matching in nixpkgs pkgs.vimPlugins.vim-peekaboo nixos-unstable 2019-12-12 nixos-unstable-small 2019-12-12 nixpkgs-unstable 2019-12-12 pkgs.vimPlugins.vim-peekaboo.x86_64-linux nixos-unstable ??? nixos-unstable-small 2019-12-12 pkgs.vimPlugins.vim-peekaboo.aarch64-linux nixos-unstable ??? nixos-unstable-small 2019-12-12 pkgs.vimPlugins.vim-peekaboo.x86_64-darwin nixos-unstable ??? nixos-unstable-small 2019-12-12 pkgs.vimPlugins.vim-peekaboo.aarch64-darwin nixos-unstable ??? nixos-unstable-small 2019-12-12
pkgs.vimPlugins.vim-peekaboo nixos-unstable 2019-12-12 nixos-unstable-small 2019-12-12 nixpkgs-unstable 2019-12-12
CVE-2025-46421 6.8 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. Affected products libsoup * <3.6.5 libsoup3 * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-46399 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev segmentation fault in genge_itp_spline Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9
CVE-2025-46400 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev segmentation fault in read_arcobject Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9
CVE-2025-46397 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev stack-overflow Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9
CVE-2025-46398 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev stack-overflow via read_objects Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9
CVE-2024-21885 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 7 months, 3 weeks ago Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. Affected products tigervnc * xwayland <23.2.4 * xorg-server ==1.21.1.7 <21.1.11 * xorg-x11-server * xorg-x11-server-Xwayland * Matching in nixpkgs pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.xorg.xvfb nixos-unstable 21.1.14 nixos-unstable-small 21.1.14 nixpkgs-unstable 21.1.14 pkgs.xorg.xorgserver nixos-unstable 21.1.14 nixos-unstable-small 21.1.14 nixpkgs-unstable 21.1.14
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
CVE-2025-27288 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 8 months ago WordPress File Icons Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BjornW File Icons allows Reflected XSS. This issue affects File Icons: from n/a through 2.1. Affected products file-icons =<2.1 Matching in nixpkgs pkgs.emacsPackages.magit-file-icons nixos-unstable 20240627.1228 nixos-unstable-small 20240627.1228 nixpkgs-unstable 20240627.1228 pkgs.vscode-extensions.file-icons.file-icons File-specific icons in VSCode for improved visual grepping nixos-unstable 1.0.29 nixos-unstable-small 1.0.29 nixpkgs-unstable 1.0.29 pkgs.vscode-extensions.file-icons.file-icons.x86_64-linux File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29 pkgs.vscode-extensions.file-icons.file-icons.aarch64-linux File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29 pkgs.vscode-extensions.file-icons.file-icons.x86_64-darwin File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29 pkgs.vscode-extensions.file-icons.file-icons.aarch64-darwin File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29
pkgs.emacsPackages.magit-file-icons nixos-unstable 20240627.1228 nixos-unstable-small 20240627.1228 nixpkgs-unstable 20240627.1228
pkgs.vscode-extensions.file-icons.file-icons File-specific icons in VSCode for improved visual grepping nixos-unstable 1.0.29 nixos-unstable-small 1.0.29 nixpkgs-unstable 1.0.29
pkgs.vscode-extensions.file-icons.file-icons.x86_64-linux File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29
pkgs.vscode-extensions.file-icons.file-icons.aarch64-linux File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29
pkgs.vscode-extensions.file-icons.file-icons.x86_64-darwin File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29
pkgs.vscode-extensions.file-icons.file-icons.aarch64-darwin File-specific icons in VSCode for improved visual grepping nixos-unstable ??? nixos-unstable-small 1.0.29
CVE-2025-39438 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 8 months ago WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3. Affected products theme-changer =<1.3 Matching in nixpkgs pkgs.emacsPackages.theme-changer nixos-unstable 20230904.1706 nixos-unstable-small 20230904.1706 nixpkgs-unstable 20230904.1706 pkgs.gnomeExtensions.dm-theme-changer Automatically change theme styles when dark mode is enabled or disabled. nixos-unstable 4 nixos-unstable-small 4 nixpkgs-unstable 4 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.emacsPackages.theme-changer nixos-unstable 20230904.1706 nixos-unstable-small 20230904.1706 nixpkgs-unstable 20230904.1706
pkgs.gnomeExtensions.dm-theme-changer Automatically change theme styles when dark mode is enabled or disabled. nixos-unstable 4 nixos-unstable-small 4 nixpkgs-unstable 4