Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2025-31181
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 8 months, 3 weeks ago
Gnuplot: gnuplot segmentation fault on x11_graphics

A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.

Affected products

gnuplot
  • <6.1

Matching in nixpkgs

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-linux

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.x86_64-darwin

2D and 3D plots using gnuplot

pkgs.haskellPackages.gnuplot.aarch64-darwin

2D and 3D plots using gnuplot

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

Package maintainers: 3

CVE-2023-0592
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 8 months, 3 weeks ago
Path traversal in jefferson

A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.

Affected products

jefferson
  • <0.4.1

Matching in nixpkgs

pkgs.jefferson

JFFS2 filesystem extraction tool

Package maintainers: 2

CVE-2025-28855
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 8 months, 3 weeks ago
WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Teleport allows Reflected XSS. This issue affects Teleport: from n/a through 1.2.4.

Affected products

teleport
  • =<1.2.4

Matching in nixpkgs

pkgs.teleport

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

pkgs.teleport_15

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

pkgs.teleport_16

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

pkgs.lomiri.teleports

Ubuntu Touch Telegram client

pkgs.lomiri.teleports.x86_64-linux

Ubuntu Touch Telegram client

pkgs.lomiri.teleports.aarch64-linux

Ubuntu Touch Telegram client

pkgs.obs-studio-plugins.obs-teleport

OBS Studio plugin for an open NDI-like replacement

Package maintainers: 7

CVE-2025-28916
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 8 months, 3 weeks ago
WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1.

Affected products

docpro
  • =<2.0.1

Matching in nixpkgs

pkgs.python311Packages.jupyter-docprovider

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

pkgs.python312Packages.jupyter-docprovider

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

pkgs.python312Packages.jupyter-docprovider.x86_64-linux

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

pkgs.python312Packages.jupyter-docprovider.aarch64-linux

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

pkgs.python312Packages.jupyter-docprovider.x86_64-darwin

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

pkgs.python312Packages.jupyter-docprovider.aarch64-darwin

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

Package maintainers: 3

CVE-2025-28873
8.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 8 months, 3 weeks ago
WordPress Shuffle plugin <= 0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Shuffle allows Blind SQL Injection. This issue affects Shuffle: from n/a through 0.5.

Affected products

shuffle
  • =<0.5

Matching in nixpkgs

pkgs.ashuffle

Automatic library-wide shuffle for mpd

pkgs.linuxPackages.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_lqx.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_zen.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.haskellPackages.random-shuffle

Random shuffle implementation

pkgs.linuxPackages-libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_latest.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_xanmod.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_6_1_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_latest-libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_6_11_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_xanmod_stable.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_1.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_6.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_lqx.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_zen.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_6_12.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

pkgs.linuxPackages-libre.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages-libre.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_latest.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_xanmod.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_latest.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_hardened.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_hardened.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_1_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxKernel.packages.linux_latest_libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_6_1_hardened.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_latest-libre.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.linuxPackages_6_11_hardened.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_6_1_hardened.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_latest-libre.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_xanmod_stable.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxPackages_6_11_hardened.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_1.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_6.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_1.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_12.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_6.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_12.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_hardened.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_hardened.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_1_hardened.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_latest_libre.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11_hardened.shufflecake.x86_64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_1_hardened.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_latest_libre.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11_hardened.shufflecake.aarch64-linux

Plausible deniability (hidden storage) layer for Linux

  • nixos-unstable ???
    • nixos-unstable-small

Package maintainers: 2

CVE-2024-47516
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 8 months, 3 weeks ago
Pagure: argument injection in pagurerepo.log()

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

Affected products

pagure
  • ==5.14.1

Matching in nixpkgs

pkgs.haskellPackages.pagure

Pagure REST client library

pkgs.haskellPackages.pagure-cli

Pagure client

CVE-2022-1804
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 8 months, 3 weeks ago
Accountsservice incorrectly drops privileges

accountsservice no longer drops permissions when writting .pam_environment

Affected products

accountsservice
  • <22.07.5-2ubuntu1.3

Matching in nixpkgs

pkgs.accountsservice

D-Bus interface for user account query and manipulation

Package maintainers: 2

CVE-2025-30595
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 8 months, 3 weeks ago
WordPress include-file - <= <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tstafford include-file allows Stored XSS. This issue affects include-file: from n/a through 1.

Affected products

include-file
  • =<1

Matching in nixpkgs

pkgs.haskellPackages.include-file

Inclusion of files in executables at compile-time

pkgs.haskellPackages.include-file.x86_64-linux

Inclusion of files in executables at compile-time

pkgs.haskellPackages.include-file.aarch64-linux

Inclusion of files in executables at compile-time

pkgs.haskellPackages.include-file.x86_64-darwin

Inclusion of files in executables at compile-time

pkgs.haskellPackages.include-file.aarch64-darwin

Inclusion of files in executables at compile-time

CVE-2025-30617
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 8 months, 3 weeks ago
WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allows Cross Site Request Forgery. This issue affects Rewrite: from n/a through 0.2.1.

Affected products

rewrite
  • =<0.2.1

Matching in nixpkgs

pkgs.rewritefs.x86_64-linux

A FUSE filesystem intended to be used like Apache mod_rewrite

pkgs.rewritefs.aarch64-linux

A FUSE filesystem intended to be used like Apache mod_rewrite

pkgs.haskellPackages.rest-rewrite

Rewriting library with online termination checking

pkgs.rubyPackages.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_1.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_2.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_3.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_4.cocoapods-git_url_rewriter

pkgs.rubyPackages_3_1.cocoapods-git_url_rewriter.x86_64-linux

pkgs.rubyPackages_3_2.cocoapods-git_url_rewriter.x86_64-linux

pkgs.rubyPackages_3_3.cocoapods-git_url_rewriter.x86_64-linux

pkgs.rubyPackages_3_4.cocoapods-git_url_rewriter.x86_64-linux

pkgs.rubyPackages_3_1.cocoapods-git_url_rewriter.aarch64-linux

pkgs.rubyPackages_3_1.cocoapods-git_url_rewriter.x86_64-darwin

pkgs.rubyPackages_3_2.cocoapods-git_url_rewriter.aarch64-linux

pkgs.rubyPackages_3_2.cocoapods-git_url_rewriter.x86_64-darwin

pkgs.rubyPackages_3_3.cocoapods-git_url_rewriter.aarch64-linux

pkgs.rubyPackages_3_3.cocoapods-git_url_rewriter.x86_64-darwin

pkgs.rubyPackages_3_4.cocoapods-git_url_rewriter.aarch64-linux

pkgs.rubyPackages_3_4.cocoapods-git_url_rewriter.x86_64-darwin

pkgs.rubyPackages_3_1.cocoapods-git_url_rewriter.aarch64-darwin

pkgs.rubyPackages_3_2.cocoapods-git_url_rewriter.aarch64-darwin

pkgs.rubyPackages_3_3.cocoapods-git_url_rewriter.aarch64-darwin

pkgs.rubyPackages_3_4.cocoapods-git_url_rewriter.aarch64-darwin

Package maintainers: 3

CVE-2025-30621
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 8 months, 3 weeks ago
WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.

Affected products

translator
  • =<0.3

Matching in nixpkgs

pkgs.gtranslator

GNOME translation making program

pkgs.deep-translator

Python tool to translate between different languages by using multiple translators

pkgs.krunner-translator

Plugin for KRunner which integrates a translator, supports Google Translate, Bing Translator, youdao and Baidu Fanyi

pkgs.python311Packages.deep-translator

Python tool to translate between different languages by using multiple translators

pkgs.python312Packages.deep-translator

Python tool to translate between different languages by using multiple translators

pkgs.azure-cli-extensions.cli-translator

Translate ARM template to executable Azure CLI scripts

pkgs.python311Packages.aws-sam-translator

Python library to transform SAM templates into AWS CloudFormation templates

pkgs.python312Packages.aws-sam-translator

Python library to transform SAM templates into AWS CloudFormation templates