Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: rocmPackages_6.llvm.rocmcxx

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-40894
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

Affected products

CMC
  • <25.6.0
Guardian
  • <25.6.0

Matching in nixpkgs

pkgs.cmctl

Command line utility to interact with a cert-manager instalation on Kubernetes

pkgs.scmccid

PCSC drivers for linux, for the SCM SCR3310 v2.0 card and others

pkgs.adguardian

Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home instance

pkgs.pcmciaUtils

None

  • nixos-unstable 018
    • nixpkgs-unstable 018
    • nixos-unstable-small 018
  • nixos-25.11 018
    • nixos-25.11-small 018
    • nixpkgs-25.11-darwin 018

Package maintainers

Permalink CVE-2025-40895
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
HTML injection in Sensor Map in CMC before 25.6.0

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML tags. If the Sensor Map functionality is enabled in the CMC, when a victim CMC user interacts with it, then the injected HTML may render in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

Affected products

CMC
  • <25.6.0

Matching in nixpkgs

pkgs.cmctl

Command line utility to interact with a cert-manager instalation on Kubernetes

pkgs.scmccid

PCSC drivers for linux, for the SCM SCR3310 v2.0 card and others

pkgs.pcmciaUtils

None

  • nixos-unstable 018
    • nixpkgs-unstable 018
    • nixos-unstable-small 018
  • nixos-25.11 018
    • nixos-25.11-small 018
    • nixpkgs-25.11-darwin 018

Package maintainers