Nixpkgs security tracker

Untriaged

Permalink CVE-2026-28020

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

WordPress Chroma theme <= 1.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through <= 1.11.

References

https://patchstack.com/database/Wordpress/Theme/chroma/vulnerability/wordpress-… vdb-entry

Affected products

chroma

=<<= 1.11

Matching in nixpkgs

pkgs.chroma

General purpose syntax highlighter in pure Go

nixos-unstable 2.22.0
- nixpkgs-unstable 2.22.0
- nixos-unstable-small 2.22.0
nixos-25.11 2.20.0
- nixos-25.11-small 2.20.0
- nixpkgs-25.11-darwin 2.20.0

pkgs.chromaprint

AcoustID audio fingerprinting library

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.polychromatic

Graphical front-end and tray applet for configuring Razer peripherals on GNU/Linux

nixos-unstable 0.9.3
- nixpkgs-unstable 0.9.3
- nixos-unstable-small 0.9.3
nixos-25.11 0.9.3
- nixos-25.11-small 0.9.3
- nixpkgs-25.11-darwin 0.9.3

pkgs.gnomeExtensions.achroma

Toggle your display to monochrome/grayscale mode with a single click. Useful for reducing eye strain, improving focus, or accessibility.

nixos-unstable -
- nixpkgs-unstable 5
- nixos-unstable-small 5

pkgs.python312Packages.chromadb

AI-native open-source embedding database

nixos-25.11 1.3.5
- nixos-25.11-small 1.3.5
- nixpkgs-25.11-darwin 1.3.5

pkgs.python313Packages.chromadb

AI-native open-source embedding database

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0
nixos-25.11 1.3.5
- nixos-25.11-small 1.3.5
- nixpkgs-25.11-darwin 1.3.5

pkgs.python312Packages.chroma-hnswlib

Header-only C++/python library for fast approximate nearest neighbors

nixos-25.11 0.8.2
- nixos-25.11-small 0.8.2
- nixpkgs-25.11-darwin 0.8.2

pkgs.python313Packages.chroma-hnswlib

Header-only C++/python library for fast approximate nearest neighbors

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2
nixos-25.11 0.8.2
- nixos-25.11-small 0.8.2
- nixpkgs-25.11-darwin 0.8.2

pkgs.python314Packages.chroma-hnswlib

Header-only C++/python library for fast approximate nearest neighbors

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2

pkgs.pkgsRocm.python3Packages.chromadb

AI-native open-source embedding database

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0
nixos-25.11 1.3.5
- nixos-25.11-small 1.3.5
- nixpkgs-25.11-darwin 1.3.5

pkgs.python312Packages.langchain-chroma

Integration package connecting Chroma and LangChain

nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python313Packages.langchain-chroma

Integration package connecting Chroma and LangChain

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.pkgsRocm.python3Packages.langchain-chroma

Integration package connecting Chroma and LangChain

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python312Packages.llama-index-vector-stores-chroma

LlamaIndex Vector Store Integration for Chroma

nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

pkgs.python313Packages.llama-index-vector-stores-chroma

LlamaIndex Vector Store Integration for Chroma

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5
nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

pkgs.pkgsRocm.python3Packages.llama-index-vector-stores-chroma

LlamaIndex Vector Store Integration for Chroma

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5
nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

Package maintainers

@sternenseemann Lukas Epple <sternenseemann@systemli.org>
@evanjs Evan Stoll <evanjsx@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
@sarahec Sarah Clark <seclark@nextquestion.net>
@honnip Jung seungwoo <me@honnip.page>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.chroma

pkgs.chromaprint

pkgs.polychromatic

pkgs.gnomeExtensions.achroma

pkgs.python312Packages.chromadb

pkgs.python313Packages.chromadb

pkgs.python312Packages.chroma-hnswlib

pkgs.python313Packages.chroma-hnswlib

pkgs.python314Packages.chroma-hnswlib

pkgs.pkgsRocm.python3Packages.chromadb

pkgs.python312Packages.langchain-chroma

pkgs.python313Packages.langchain-chroma

pkgs.pkgsRocm.python3Packages.langchain-chroma

pkgs.python312Packages.llama-index-vector-stores-chroma

pkgs.python313Packages.llama-index-vector-stores-chroma

pkgs.pkgsRocm.python3Packages.llama-index-vector-stores-chroma

Package maintainers