Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-2313
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 9 months ago
If kernel headers need to be extracted, bpftrace will attempt …

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

Affected products

bpftrace
  • <v0.20.2

Matching in nixpkgs

pkgs.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxPackages_zen.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_6_1.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxPackages_zen.bpftrace.x86_64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_5_10.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxPackages_zen.bpftrace.aarch64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_libre.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_latest_libre.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_5_10.bpftrace.x86_64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_5_10.bpftrace.aarch64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_latest_libre.bpftrace.x86_64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_latest_libre.bpftrace.aarch64-linux

High-level tracing language for Linux eBPF

Package maintainers: 4

CVE-2024-43437
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 9 months ago
Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

Affected products

moodle
  • <4.3.6
  • <4.1.12
  • <4.4.2
  • <4.2.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers: 2

CVE-2023-26020
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months ago
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

Affected products

Studio
  • =<4.0.1
  • =<3.1.26

Matching in nixpkgs

pkgs.rstudio.x86_64-linux

Set of integrated tools for the R language

pkgs.rstudio-server.x86_64-linux

Set of integrated tools for the R language

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.x86_64-linux

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.aarch64-linux

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.x86_64-darwin

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.aarch64-darwin

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.x86_64-linux

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.aarch64-linux

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.x86_64-darwin

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.aarch64-darwin

See relevant code examples from GitHub for over 100K different APIs right in your editor

Package maintainers: 3

CVE-2025-27274
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 9 months, 2 weeks ago
WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability

Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11.

Affected products

gpx-viewer
  • =<2.2.11

Matching in nixpkgs

pkgs.gpx-viewer

Simple tool to visualize tracks and waypoints stored in a gpx file

Package maintainers: 1

CVE-2023-3899
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 3 weeks ago
Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Affected products

subscription-manager
  • *

Matching in nixpkgs

pkgs.python311Packages.graphql-subscription-manager

Python3 library for graphql subscription manager

pkgs.python312Packages.graphql-subscription-manager

Python3 library for graphql subscription manager

pkgs.python312Packages.graphql-subscription-manager.x86_64-linux

Python3 library for graphql subscription manager

pkgs.python312Packages.graphql-subscription-manager.aarch64-linux

Python3 library for graphql subscription manager

pkgs.python312Packages.graphql-subscription-manager.x86_64-darwin

Python3 library for graphql subscription manager

pkgs.python312Packages.graphql-subscription-manager.aarch64-darwin

Python3 library for graphql subscription manager

Package maintainers: 1

CVE-2025-26595
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 3 weeks ago
Xorg: xwayland: buffer overflow in xkbvmodmasktext()

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

Affected products

xserver
  • <24.1.6
  • <21.1.16
tigervnc
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2025-26597
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 3 weeks ago
Xorg: xwayland: buffer overflow in xkbchangetypesofkey()

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

Affected products

xserver
  • <24.1.6
  • <21.1.16
tigervnc
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2025-26594
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 3 weeks ago
X.org: xwayland: use-after-free of the root cursor

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

Affected products

xserver
  • <24.1.6
  • <21.1.16
tigervnc
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2025-26599
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 3 weeks ago
Xorg: xwayland: use of uninitialized pointer in compredirectwindow()

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

Affected products

xserver
  • <24.1.6
  • <21.1.16
tigervnc
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

CVE-2025-26932
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 3 weeks ago
WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5.

Affected products

chatbot
  • =<6.3.5

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B.

  • nixos-unstable 11
    • nixos-unstable-small 11
    • nixpkgs-unstable 11

Package maintainers: 1