Nixpkgs security tracker
8.2 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): Present (P)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): Present (P)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Python Liquid: Absolute paths escape filesystem loader search path
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0.
References
-
https://github.com/jg-rp/liquid/security/advisories/GHSA-8p4x-wr7x-3788 x_refsource_CONFIRM
Affected products
- ==< 2.2.0
Matching in nixpkgs
pkgs.liquidctl
Cross-platform CLI and Python drivers for AIO liquid coolers and other devices
pkgs.liquidwar
Quick tactics game
pkgs.liquid-dsp
Digital signal processing library for software-defined radios
pkgs.liquidsoap
Swiss-army knife for multimedia streaming
pkgs.liquidwar5
Classic version of a quick tactics game LiquidWar
pkgs.liquidprompt
Full-featured & carefully designed adaptive prompt for Bash & Zsh
pkgs.rubyPackages.liquid
None
pkgs.linuxPackages.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-6.18.28
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-6.18.32
- nixos-unstable-small 0.1.0-unstable-2025-01-16-6.18.32
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.12.87
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.12.90
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.12.90
pkgs.rubyPackages_3_3.liquid
None
pkgs.rubyPackages_3_4.liquid
None
pkgs.rubyPackages_4_0.liquid
None
pkgs.linuxPackages_zen.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.5
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
pkgs.python312Packages.liquidctl
Cross-platform CLI and Python drivers for AIO liquid coolers and other devices
pkgs.python313Packages.liquidctl
Cross-platform CLI and Python drivers for AIO liquid coolers and other devices
pkgs.python314Packages.liquidctl
Cross-platform CLI and Python drivers for AIO liquid coolers and other devices
pkgs.haskellPackages.liquidhaskell
Liquid Types for Haskell
-
nixos-unstable 0.9.10.1.2
- nixpkgs-unstable 0.9.10.1.2
- nixos-unstable-small 0.9.10.1.2
-
nixos-25.11 0.9.10.1.2
- nixos-25.11-small 0.9.10.1.2
- nixpkgs-25.11-darwin 0.9.10.1.2
pkgs.linuxPackages_latest.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.5
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
pkgs.linuxPackages_xanmod.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-6.18.27
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-6.18.32
- nixos-unstable-small 0.1.0-unstable-2025-01-16-6.18.32
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.18.29
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.18.32
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.18.32
pkgs.haskellPackages.liquid-fixpoint
Predicate Abstraction-based Horn-Clause/Implication Constraint Solver
pkgs.haskellPackages.liquidhaskell-boot
Liquid Types for Haskell
-
nixos-unstable 0.9.10.1.2
- nixpkgs-unstable 0.9.10.1.2
- nixos-unstable-small 0.9.10.1.2
-
nixos-25.11 0.9.10.1.2
- nixos-25.11-small 0.9.10.1.2
- nixpkgs-25.11-darwin 0.9.10.1.2
pkgs.linuxPackages_xanmod_latest.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.4
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
pkgs.linuxPackages_xanmod_stable.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.4
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
pkgs.linuxKernel.packages.linux_6_1.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-6.1.172
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-6.1.173
- nixos-unstable-small 0.1.0-unstable-2025-01-16-6.1.173
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.1.172
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.1.173
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.1.173
pkgs.linuxKernel.packages.linux_6_6.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-6.6.138
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-6.6.140
- nixos-unstable-small 0.1.0-unstable-2025-01-16-6.6.140
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.6.138
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.6.140
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.6.140
pkgs.linuxKernel.packages.linux_7_0.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.5
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
pkgs.linuxKernel.packages.linux_zen.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.5
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
pkgs.linuxKernel.packages.linux_5_10.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-5.10.255
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-5.10.256
- nixos-unstable-small 0.1.0-unstable-2025-01-16-5.10.256
-
nixos-25.11 0.1.0-unstable-2025-01-16-5.10.255
- nixos-25.11-small 0.1.0-unstable-2025-01-16-5.10.256
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-5.10.256
pkgs.linuxKernel.packages.linux_5_15.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-5.15.206
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-5.15.207
- nixos-unstable-small 0.1.0-unstable-2025-01-16-5.15.207
-
nixos-25.11 0.1.0-unstable-2025-01-16-5.15.206
- nixos-25.11-small 0.1.0-unstable-2025-01-16-5.15.207
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-5.15.207
pkgs.linuxKernel.packages.linux_6_12.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-6.12.87
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-6.12.90
- nixos-unstable-small 0.1.0-unstable-2025-01-16-6.12.90
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.12.87
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.12.90
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.12.90
pkgs.linuxKernel.packages.linux_6_18.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-6.18.28
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-6.18.32
- nixos-unstable-small 0.1.0-unstable-2025-01-16-6.18.32
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.18.29
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.18.32
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.18.32
pkgs.vimPlugins.nvim-treesitter-parsers.liquid
Tree-sitter grammar for liquid
-
nixos-unstable 0.0.0+rev=9566ca7
- nixpkgs-unstable 0.0.0+rev=9566ca7
- nixos-unstable-small 0.0.0+rev=9566ca7
pkgs.linuxKernel.packages.linux_xanmod.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-6.18.27
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-6.18.32
- nixos-unstable-small 0.1.0-unstable-2025-01-16-6.18.32
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.18.29
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.18.32
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.18.32
pkgs.linuxKernel.packages.linux_hardened.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.12.87
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.12.87
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.12.87
pkgs.vimPlugins.nvim-treesitter-parsers.liquidsoap
Tree-sitter grammar for liquidsoap
-
nixos-unstable 0.0.0+rev=0169d92
- nixpkgs-unstable 0.0.0+rev=0169d92
- nixos-unstable-small 0.0.0+rev=0169d92
pkgs.linuxKernel.packages.linux_6_12_hardened.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-25.11 0.1.0-unstable-2025-01-16-6.12.87
- nixos-25.11-small 0.1.0-unstable-2025-01-16-6.12.87
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-6.12.87
pkgs.linuxKernel.packages.linux_xanmod_latest.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.4
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
pkgs.linuxKernel.packages.linux_xanmod_stable.liquidtux
Linux kernel hwmon drivers for AIO liquid coolers and other devices
-
nixos-unstable 0.1.0-unstable-2025-01-16-7.0.4
- nixpkgs-unstable 0.1.0-unstable-2025-01-16-7.0.9
- nixos-unstable-small 0.1.0-unstable-2025-01-16-7.0.9
-
nixos-25.11 0.1.0-unstable-2025-01-16-7.0.6
- nixos-25.11-small 0.1.0-unstable-2025-01-16-7.0.9
- nixpkgs-25.11-darwin 0.1.0-unstable-2025-01-16-7.0.9
Package maintainers
-
@ulysses4ever Artem Pelenitsyn <a@pelenitsyn.top>
-
@NickHu Nick Hu <me@nickhu.co.uk>
-
@arcz Artur Cygan <arczicygan@gmail.com>
-
@Gerschtli Tobias Happ <tobias.happ@gmx.de>
-
@D4ndellion Daniel Olsen <daniel@dodsorf.as>
-
@oneingan Juan Rodal <juaningan@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>