Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 1 day ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`.

References

Affected products

curl
  • =<8.2.0
  • =<7.20.1
  • =<7.71.1
  • =<7.16.2
  • =<7.40.0
  • =<7.21.1
  • =<7.15.3
  • =<7.41.0
  • =<7.50.1
  • =<7.56.0
  • =<7.72.0
  • =<7.68.0
  • =<7.64.0
  • =<7.31.0
  • =<7.64.1
  • =<7.19.1
  • =<7.63.0
  • =<7.76.0
  • =<7.21.3
  • =<7.59.0
  • =<7.36.0
  • =<8.6.0
  • =<7.74.0
  • =<7.58.0
  • =<8.1.2
  • =<7.67.0
  • =<7.48.0
  • =<7.12.0
  • =<8.15.0
  • =<7.65.1
  • =<7.54.1
  • =<7.55.0
  • =<7.25.0
  • =<7.77.0
  • =<8.7.1
  • =<8.11.0
  • =<7.79.1
  • =<7.83.1
  • =<7.12.2
  • =<7.21.2
  • =<7.38.0
  • =<8.16.0
  • =<7.14.0
  • =<7.18.2
  • =<7.66.0
  • =<7.33.0
  • =<8.12.1
  • =<7.46.0
  • =<7.21.7
  • =<7.37.1
  • =<8.10.0
  • =<7.18.1
  • =<7.37.0
  • =<7.62.0
  • =<7.53.0
  • =<7.16.0
  • =<8.18.0
  • =<7.51.0
  • =<7.19.7
  • =<7.29.0
  • =<7.28.0
  • =<7.61.1
  • =<7.76.1
  • =<7.49.0
  • =<7.73.0
  • =<7.75.0
  • =<7.15.1
  • =<7.16.4
  • =<7.45.0
  • =<7.16.1
  • =<8.14.0
  • =<8.20.0
  • =<7.70.0
  • =<8.5.0
  • =<7.65.2
  • =<8.8.0
  • =<7.42.0
  • =<7.79.0
  • =<8.4.0
  • =<7.88.0
  • =<8.12.0
  • =<7.50.3
  • =<8.0.1
  • =<8.2.1
  • =<7.21.5
  • =<7.52.0
  • =<7.53.1
  • =<8.13.0
  • =<7.47.1
  • =<7.82.0
  • =<7.19.0
  • =<7.22.0
  • =<7.65.3
  • =<7.34.0
  • =<7.21.4
  • =<7.19.3
  • =<7.47.0
  • =<7.12.3
  • =<7.69.0
  • =<8.3.0
  • =<7.30.0
  • =<7.19.4
  • =<8.0.0
  • =<7.84.0
  • =<7.65.0
  • =<7.78.0
  • =<7.85.0
  • =<7.21.0
  • =<7.18.0
  • =<7.39.0
  • =<7.81.0
  • =<7.60.0
  • =<7.32.0
  • =<7.15.4
  • =<7.21.6
  • =<7.52.1
  • =<7.14.1
  • =<7.57.0
  • =<8.1.1
  • =<7.17.0
  • =<7.19.2
  • =<8.14.1
  • =<7.50.0
  • =<8.19.0
  • =<7.13.2
  • =<7.55.1
  • =<8.9.1
  • =<7.87.0
  • =<7.88.1
  • =<7.35.0
  • =<7.42.1
  • =<7.27.0
  • =<7.50.2
  • =<7.15.2
  • =<7.13.1
  • =<7.24.0
  • =<8.9.0
  • =<7.15.0
  • =<8.11.1
  • =<7.71.0
  • =<8.17.0
  • =<8.1.0
  • =<8.10.1
  • =<7.19.5
  • =<7.61.0
  • =<7.69.1
  • =<7.54.0
  • =<7.19.6
  • =<7.12.1
  • =<7.20.0
  • =<7.16.3
  • =<7.83.0
  • =<7.80.0
  • =<7.43.0
  • =<7.13.0
  • =<7.23.1
  • =<7.15.5
  • =<7.86.0
  • =<7.23.0
  • =<7.17.1
  • =<7.28.1
  • =<7.56.1
  • =<7.49.1
  • =<8.7.0
  • =<7.26.0
  • =<7.44.0
Dismissed
(no matching packages found)
Permalink CVE-2026-12557
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 2 weeks, 1 day ago Activity log
  • Created & dismissed (no matching packages found) suggestion
Ninja Forms - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion via debug-log/delete-all and debug-log/get-all REST Endpoints

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all plugin debug log entries stored in the wp_nf3_log table or permanently delete all rows from that table.

Affected products

Ninja Forms - File Uploads
  • =<3.3.29
Dismissed
(no matching packages found)
created 2 weeks, 1 day ago Activity log
  • Created & dismissed (no matching packages found) suggestion
Gitea redirect handling permits open redirects through backslash paths

Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.

Affected products

Gitea Open Source Git Server
  • =<1.25.4
Dismissed
(no matching packages found)
Permalink CVE-2026-11900
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 2 weeks, 1 day ago Activity log
  • Created & dismissed (no matching packages found) suggestion
Ad Inserter <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure via 'data' Shortcode Attribute

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the [adinserter] shortcode. This is due to the replace_ai_tags() function processing a {reusable-block-N} tag pattern that calls get_post_field('post_content', N) without verifying the requesting user's capability with current_user_can('read_post'), without restricting the post type to 'wp_block', and without checking the post status. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the full content of arbitrary posts including Private, Draft, Pending, Trashed, and password-protected posts owned by other users, by placing the shortcode in a post they own and previewing it.

Affected products

Ad Inserter – Ad Manager & AdSense Ads
  • =<2.8.16
Dismissed
(no matching packages found)
Permalink CVE-2026-14606
7.1 HIGH
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Exploit Maturity (E): POC (P)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
created 2 weeks, 1 day ago Activity log
  • Created & dismissed (no matching packages found) suggestion
RT-Thread SWM341 CAN SWM341.h CAN_Receive stack-based overflow

A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipulation results in stack-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

RT-Thread
  • ==5.0.1
  • ==5.0.2
  • ==5.0.0
Dismissed
(exclusively hosted service)
Permalink CVE-2026-57100
9.9 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (exclusively hosted service) suggestion
Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

Affected products

Microsoft Entra Provisioning Service
  • ==-
Dismissed
(no matching packages found)
Permalink CVE-2026-57678
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
WordPress Slider Revolution plugin 7.0.0-7.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.

Affected products

Slider Revolution
  • =<7.0.16
Dismissed
(no matching packages found)
Permalink CVE-2026-55118
8.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
A malicious actor with access to the network,low privileges and …

A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.

Affected products

UniFi Network Application
  • <10.4.57
Dismissed
(no matching packages found)
Permalink CVE-2026-13368
9.2 CRITICAL
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Attack Requirement (AT): Present (P)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Attack Requirement (MAT): Present (P)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authentication

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have a Mobile VPN with IKEv2 configured to use an external LDAP authentication server. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.

Affected products

Fireware OS
  • =<12.12
  • =<2026.2
  • =<11.12.4+541730
  • =<12.5.18
Dismissed
(no matching packages found)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read …

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().

Affected products

n/a
  • ==n/a