CVE-2025-46483 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 7 months, 3 weeks ago WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2. Affected products google-1 =<0.1.2 Matching in nixpkgs pkgs.python311Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1 pkgs.python312Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1 Package maintainers: 2 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @drewrisinger Drew Risinger <drisinger+nixpkgs@gmail.com>
pkgs.python311Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1
pkgs.python312Packages.cirq-google Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits nixos-unstable 1.4.1 nixos-unstable-small 1.4.1 nixpkgs-unstable 1.4.1
CVE-2024-25982 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 7 months, 3 weeks ago Msa-24-0005: csrf risk in language import utility The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. Affected products moodle <4.1.9 <4.2.6 <4.3.3 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 4.4.3 nixos-unstable-small 4.4.4 nixpkgs-unstable 4.4.3
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.12 nixos-unstable-small 2.3.12 nixpkgs-unstable 2.3.12
CVE-2024-6387 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 7 months, 3 weeks ago Openssh: regresshion - race condition in ssh allows rce/dos A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Affected products rhcos * OpenSSH =<9.7p1 openssh * rhceph-6-rhel9 Matching in nixpkgs pkgs.openssh Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.opensshTest Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_hpn Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_gssapi Implementation of the SSH protocol with GSSAPI support nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.opensshWithKerberos Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.openssh_hpnWithKerberos Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1 pkgs.lxqt.lxqt-openssh-askpass GUI to query passwords on behalf of SSH agents nixos-unstable 2.1.0 nixos-unstable-small 2.1.0 nixpkgs-unstable 2.1.0 pkgs.perl538Packages.NetOpenSSH Perl SSH client package implemented on top of OpenSSH nixos-unstable 0.84 nixos-unstable-small 0.84 nixpkgs-unstable 0.84 pkgs.perl540Packages.NetOpenSSH Perl SSH client package implemented on top of OpenSSH nixos-unstable 0.84 nixos-unstable-small 0.84 nixpkgs-unstable 0.84 Package maintainers: 6 @dasJ Janne Heß <janne@hess.ooo> @helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de> @Conni2461 Simon Hauser <simon-hauser@outlook.com> @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @wahjava Ashish SHUKLA <ashish.is@lostca.se> @romildo José Romildo Malaquias <malaquias@gmail.com>
pkgs.openssh Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.opensshTest Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.openssh_hpn Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.openssh_gssapi Implementation of the SSH protocol with GSSAPI support nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.opensshWithKerberos Implementation of the SSH protocol nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.openssh_hpnWithKerberos Implementation of the SSH protocol with high performance networking patches nixos-unstable 9.9p1 nixos-unstable-small 9.9p1 nixpkgs-unstable 9.9p1
pkgs.lxqt.lxqt-openssh-askpass GUI to query passwords on behalf of SSH agents nixos-unstable 2.1.0 nixos-unstable-small 2.1.0 nixpkgs-unstable 2.1.0
pkgs.perl538Packages.NetOpenSSH Perl SSH client package implemented on top of OpenSSH nixos-unstable 0.84 nixos-unstable-small 0.84 nixpkgs-unstable 0.84
pkgs.perl540Packages.NetOpenSSH Perl SSH client package implemented on top of OpenSSH nixos-unstable 0.84 nixos-unstable-small 0.84 nixpkgs-unstable 0.84
CVE-2025-46443 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 7 months, 3 weeks ago WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5. Affected products animate =<0.5 Matching in nixpkgs pkgs.vimPlugins.mini-animate nixos-unstable 2024-12-01 nixos-unstable-small 2024-12-01 nixpkgs-unstable 2024-12-01
pkgs.vimPlugins.mini-animate nixos-unstable 2024-12-01 nixos-unstable-small 2024-12-01 nixpkgs-unstable 2024-12-01
CVE-2025-46505 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 7 months, 3 weeks ago WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1. Affected products peekaboo =<1.1 Matching in nixpkgs pkgs.vimPlugins.vim-peekaboo nixos-unstable 2019-12-12 nixos-unstable-small 2019-12-12 nixpkgs-unstable 2019-12-12
pkgs.vimPlugins.vim-peekaboo nixos-unstable 2019-12-12 nixos-unstable-small 2019-12-12 nixpkgs-unstable 2019-12-12
CVE-2025-46421 6.8 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. Affected products libsoup * <3.6.5 libsoup3 * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4 Package maintainers: 6 @jtojnar Jan Tojnar <jtojnar@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable 3.6.0 nixos-unstable-small 3.6.0 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable 2.4 nixos-unstable-small 2.4 nixpkgs-unstable 2.4
CVE-2025-46399 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev segmentation fault in genge_itp_spline Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9
CVE-2025-46400 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev segmentation fault in read_arcobject Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9
CVE-2025-46397 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev stack-overflow Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9
CVE-2025-46398 7.1 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE created 7 months, 3 weeks ago fig2dev stack-overflow via read_objects Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function. Affected products xfig =<3.2.9a fig2dev ==3.2.9a transfig Matching in nixpkgs pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9 Package maintainers: 1 @LeSuisse Thomas Gerbet <thomas@gerbet.me>
pkgs.fig2dev Tool to convert Xfig files to other formats nixos-unstable 3.2.9 nixos-unstable-small 3.2.9 nixpkgs-unstable 3.2.9