Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Dismissed
(no matching packages found)
Permalink CVE-2026-24243
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
NVIDIA Megatron Bridge for Linux contains a vulnerability where an …

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Affected products

Megatron-Bridge
  • ==Versions 0.0 to 0.4.0
Dismissed
(no matching packages found)
Permalink CVE-2026-11887
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new bookings.

References

Affected products

Salon Booking System
  • <10.30.20
Dismissed
(no matching packages found)
Permalink CVE-2026-20457
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
In Modem, there is a possible system crash due to …

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.

Affected products

MediaTek chipset
  • ==MT6990
  • ==MT6853
  • ==MT6893
  • ==MT6781
  • ==MT6767
  • ==MT6768
  • ==MT6875
  • ==MT6983
  • ==MT8781
  • ==MT6789
  • ==MT8766R
  • ==MT8766
  • ==MT6779
  • ==MT6989
  • ==MT6873
  • ==MT6985
  • ==MT8667
  • ==MT6895
  • ==MT8786
  • ==MT6885
  • ==MT6771
  • ==MT8797
  • ==MT6896
  • ==MT6980
  • ==MT6769
  • ==MT6833
  • ==MT6883
  • ==MT8791
  • ==MT6891
  • ==MT6890
  • ==MT6855
  • ==MT6762
  • ==MT8673
  • ==MT8768
  • ==MT8771
  • ==MT8796
  • ==MT6889
  • ==MT6880
  • ==MT8675
  • ==MT2735
  • ==MT6877
  • ==MT8798
  • ==MT6783
  • ==MT6879
  • ==MT8789
  • ==MT6785
  • ==MT2737
  • ==MT6763
  • ==MT6886
  • ==MT8791T
  • ==MT8788
  • ==MT6765
  • ==MT8893
  • ==MT6761
  • ==MT8765
  • ==MT8666
  • ==MT6739
  • ==MT8795T
  • ==MT8788E
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
mm/mincore: handle non-swap entries before !CONFIG_SWAP guard

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIG_SWAP guard mincore_swap() also fields migration/hwpoison entries (and shmem swapin-error entries), which can exist on !CONFIG_SWAP builds when CONFIG_MIGRATION or CONFIG_MEMORY_FAILURE is enabled. The !IS_ENABLED(CONFIG_SWAP) guard ran before the non-swap-entry early return, so mincore_pte_range() can spuriously WARN and report these pages nonresident on !CONFIG_SWAP kernels. Move the guard below the non-swap-entry check so only true swap entries trip the WARN, and migration/hwpoison entries take the existing "uptodate / non-shmem" path.

Affected products

Linux
  • =<*
  • <0c25b8734367574e21aeb8468c2e522713134da7
  • <6.18
  • ==6.18
  • =<6.18.*
  • <3481d4372ae34243f7025925314385b852c50f7e
  • =<7.0.*
  • <a8f91ddf67f669f547bb9fb559738da6f8ee2cf3
Dismissed
(no matching packages found)
Permalink CVE-2026-13246
6.4 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
GiveWP <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'block_id' Shortcode Attribute

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_id' (and other) shortcode attributes of the 'givewp_campaign_comments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in CampaignCommentsShortcode::parseAttributes() and BlockRenderController::render(), where the blockId value is interpolated directly into a single-quoted HTML attribute without esc_attr(). This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affected products

GiveWP – Donation Plugin and Fundraising Platform
  • =<4.16.0
Dismissed
(no matching packages found)
Permalink CVE-2026-51946
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows …

SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote attacker to execute arbitrary code and obtain sensitive information via the the __sort_type URL parameter on all /admin/info/{table} endpoints

Affected products

n/a
  • ==n/a
Dismissed
(no matching packages found)
Permalink CVE-2026-24245
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
NVIDIA Megatron Bridge for Linux contains a vulnerability where an …

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Affected products

Megatron-Bridge
  • ==Versions 0.0 to 0.4.0
Dismissed
(no matching packages found)
Permalink CVE-2026-20459
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (no matching packages found) suggestion
In Modem, there is a possible system crash due to …

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842.

Affected products

MediaTek chipset
  • ==MT6988
  • ==MT6983
  • ==MT6982
  • ==MT8755
  • ==MT8786
  • ==MT8667
  • ==MT6991
  • ==MT8873
  • ==MT6771
  • ==MT6980
  • ==MT6899
  • ==MT8791
  • ==MT6891
  • ==MT8796
  • ==MT6881
  • ==MT2735
  • ==MT8775
  • ==MT6858
  • ==MT6783
  • ==MT2737
  • ==MT8666
  • ==MT6739
  • ==MT8795T
  • ==MT8788E
  • ==MT8781
  • ==MT6768
  • ==MT6986D
  • ==MT8766R
  • ==MT6779
  • ==MT6873
  • ==MT6895
  • ==MT6885
  • ==MT8797
  • ==MT6896
  • ==MT8792
  • ==MT8673
  • ==MT8768
  • ==MT6889
  • ==MT6986
  • ==MT2716
  • ==MT6877
  • ==MT8798
  • ==MT6886
  • ==MT8863
  • ==MT6990
  • ==MT6781
  • ==MT6789
  • ==MT8676
  • ==MT8766
  • ==MT6985
  • ==MT8668
  • ==MT6769
  • ==MT6833
  • ==MT6883
  • ==MT6762
  • ==MT6855
  • ==MT6835
  • ==MT8675
  • ==MT6785
  • ==MT6763
  • ==MT8788
  • ==MT8883
  • ==MT8893
  • ==MT6993
  • ==MT6853
  • ==MT6893
  • ==MT6767
  • ==MT6875
  • ==MT6878
  • ==MT6989
  • ==MT6813
  • ==MT6890
  • ==MT8771
  • ==MT6880
  • ==MT8678
  • ==MT8793
  • ==MT6879
  • ==MT8789
  • ==MT8791T
  • ==MT6897
  • ==MT6765
  • ==MT6761
  • ==MT8765
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
drm/i915/gem: Fix phys BO pread/pwrite with offset

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sg_page() returns struct page pointer not (void *) so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used. Last impacted platform with overlay or cursor planes using phys mapping was Gen3/945G/Lakeport. (cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)

Affected products

Linux
  • =<*
  • <40f738991058eb3e3530c3006a5bd6fd5e29f035
  • ==5.7
  • <32d4c5d328a3ff995420f4f85163e1e403f43628
  • =<6.12.*
  • <1ec8fc63e9cdb22da54e48e536c9204020416fc6
  • <d21ad938398bca695a511307de38a65889e3b354
  • =<5.10.*
  • <5.7
  • =<6.1.*
  • =<6.6.*
  • <14469860e2e39b7095dcd658d2bad38a11110a68
  • =<6.18.*
  • <07c33be968d9e0cab6cba38c81850a09942fcb2e
  • =<5.15.*
  • <dd51a2eeb93bc6faa892ff9083911dd23f82c187
  • =<7.0.*
  • <3bd168dd835b93a3862cd05b0d13c432b115f9d6
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 2 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
drm/amd/display: Use krealloc_array() in dal_vector_reserve()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_reserve() [Why & How] dal_vector_reserve() computes the allocation size as "capacity * vector->struct_size" using uint32_t arithmetic, which can silently wrap to a small value on overflow. This would cause krealloc to return a smaller buffer than expected, leading to heap overflows on subsequent vector appends. Replace krealloc() with krealloc_array() which performs an internal overflow check and returns NULL on wrap, preventing the issue. (cherry picked from commit 37668568641ccc4cc1dbca4923d0a16609dd5707)

Affected products

Linux
  • =<*
  • <de988c7a31f0774f07894cfe4802996f318e2870
  • ==4.15
  • <a914aa802669e073f014dae2e5708633b5cecd34
  • <e09689286385a66311ac6922af95339d7a3cef8d
  • =<6.12.*
  • =<6.1.*
  • <201151e120f0062bcda21cad5d007b82725ad23b
  • =<6.6.*
  • <4.15
  • =<6.18.*
  • <da48bc4461b8a5ebfb9264c9b191a701d8e99009
  • =<5.15.*
  • <b15825deac1acff72638bbc8f05b89ceef8dfb13
  • =<7.0.*
  • <31180638a33acad12c863132704a76536fb66211