Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: tests.fetchpatch.simple

Found 3 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-5567
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 week, 1 day ago
Tenda M3 Destination setAdvPolicyData buffer overflow

A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

Affected products

M3
  • ==1.0.0.10

Matching in nixpkgs

pkgs.fvwm3

Multiple large virtual desktop window manager - Version 3

pkgs.wasm3

Fastest WebAssembly interpreter, and the most universal runtime

pkgs.icbm3d

3D vector-based clone of the atari game Missile Command

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

pkgs.m32edit

Editor for the Midas M32 digital mixer

  • nixos-unstable 4.4.1
    • nixpkgs-unstable 4.4.1
    • nixos-unstable-small 4.4.1
  • nixos-25.11 4.4
    • nixos-25.11-small 4.4
    • nixpkgs-25.11-darwin 4.4

pkgs.stm32flash

Open source flash program for the STM32 ARM processors using the ST bootloader

  • nixos-unstable 0.7
    • nixpkgs-unstable 0.7
    • nixos-unstable-small 0.7
  • nixos-25.11 0.7
    • nixos-25.11-small 0.7
    • nixpkgs-25.11-darwin 0.7

pkgs.stm32cubemx

A graphical tool for configuring STM32 microcontrollers and microprocessors

pkgs.stm32loader

Flash firmware to STM32 microcontrollers in Python

Package maintainers

Untriaged
Permalink CVE-2025-62951
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 3 weeks ago
WordPress Interactive Content – H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icc0rz Interactive Content – H5P h5p allows Stored XSS.This issue affects Interactive Content – H5P: from n/a through <= 1.16.0.

Affected products

h5p
  • =<<= 1.16.0

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-68505
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 3 weeks ago
WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1.

Affected products

h5p
  • =<<= 1.16.1

Matching in nixpkgs

Package maintainers