Nixpkgs security tracker

Permalink CVE-2025-60206

8.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 months, 4 weeks ago

WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3.

References

Affected products

alone

=<<= 7.8.3

Matching in nixpkgs

pkgs.selendroid

Test automation for native or hybrid Android apps and the mobile web

nixos-unstable 0.17.0
- nixpkgs-unstable 0.17.0
- nixos-unstable-small 0.17.0
nixos-25.11 0.17.0
- nixpkgs-25.11-darwin 0.17.0

pkgs.stalonetray

Stand alone tray

nixos-unstable 0.8.5
- nixpkgs-unstable 0.8.5
- nixos-unstable-small 0.8.5
nixos-25.11 0.8.5
- nixpkgs-25.11-darwin 0.8.5

pkgs.art-standalone

Art and dependencies with modifications to make it work on Linux

nixos-unstable 0-unstable-2025-07-09
- nixpkgs-unstable 0-unstable-2025-07-09
- nixos-unstable-small 0-unstable-2025-07-09
nixos-25.11 0-unstable-2025-09-03
- nixpkgs-25.11-darwin 0-unstable-2025-09-03

pkgs.argp-standalone

Standalone version of arguments parsing functions from Glibc

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0
nixos-25.11 1.5.0
- nixpkgs-25.11-darwin 1.5.0

pkgs.cbqn-standalone

BQN implementation in C

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.htmlunit-driver

WebDriver server for running Selenium tests on the HtmlUnit headless browser

nixos-unstable 2.27
- nixpkgs-unstable 2.27
- nixos-unstable-small 2.27
nixos-25.11 2.27
- nixpkgs-25.11-darwin 2.27

pkgs.cbqn-standalone-replxx

BQN implementation in C

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.selenium-server-standalone

Selenium Server for remote WebDriver

nixos-unstable 3.141.59
- nixpkgs-unstable 3.141.59
- nixos-unstable-small 3.141.59
nixos-25.11 3.141.59
- nixpkgs-25.11-darwin 3.141.59

Package maintainers

@Amar1729 Amar Paul <amar.paul16@gmail.com>
@onny Jonas Heinrich <onny@project-insanity.org>
@Synthetica9 Patrick Hilhorst <nix@hilhorst.be>
@shnarazk Narazaki Shuji <shujinarazaki@protonmail.com>
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
@Detegr Antti Keränen <detegr@rbx.email>
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
@coreyoconnor Corey O'Connor <coreyoconnor@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>

Permalink CVE-2025-52718

7.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 9 months, 2 weeks ago

WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.