Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 3 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
The issue was addressed with improved checks. This issue is …

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.

Affected products

macOS
  • <26.5.2
Safari
  • <26.5.2
iOS and iPadOS
  • <26.5.2
Dismissed
(max. allowed matches exceeded)
Permalink CVE-2026-13510
2.9 LOW
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): Low (L)
  • Vulnerable System Impact Integrity (VI): None (N)
  • Vulnerable System Impact Availability (VA): None (N)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Exploit Maturity (E): POC (P)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
  • Modified Vulnerable System Impact Integrity (MVI): None (N)
  • Modified Vulnerable System Impact Availability (MVA): None (N)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
SimStudioAI sim Password Protection deployment.ts weak hash

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

Affected products

sim
  • ==0.6.19
  • ==0.6.13
  • ==0.6.64
  • ==0.6.56
  • ==0.6.57
  • ==0.6.59
  • ==0.6.76
  • ==0.6.6
  • ==0.6.29
  • ==0.6.61
  • ==0.6.2
  • ==0.6.4
  • ==0.6.34
  • ==0.6.25
  • ==0.6.78
  • ==0.6.54
  • ==0.6.3
  • ==0.6.32
  • ==0.6.80
  • ==0.6.60
  • ==0.6.10
  • ==0.6.20
  • ==0.6.50
  • ==0.6.71
  • ==0.6.89
  • ==0.6.33
  • ==0.6.86
  • ==0.6.1
  • ==0.6.87
  • ==0.6.72
  • ==0.6.48
  • ==0.6.22
  • ==0.6.74
  • ==0.6.31
  • ==0.6.92
  • ==0.6.0
  • ==0.6.24
  • ==0.6.35
  • ==0.6.28
  • ==0.6.43
  • ==0.6.91
  • ==0.6.42
  • ==0.6.65
  • ==0.6.63
  • ==0.6.23
  • ==0.6.79
  • ==0.6.26
  • ==0.6.37
  • ==0.6.5
  • ==0.6.84
  • ==0.6.88
  • ==0.6.53
  • ==0.6.44
  • ==0.6.7
  • ==0.6.83
  • ==0.6.8
  • ==0.6.52
  • ==0.6.82
  • ==0.6.49
  • ==0.6.85
  • ==0.6.75
  • ==0.6.9
  • ==0.6.90
  • ==0.6.77
  • ==0.6.30
  • ==0.6.46
  • ==0.6.21
  • ==0.6.51
  • ==0.6.39
  • ==0.6.40
  • ==0.6.55
  • ==0.6.12
  • ==0.6.68
  • ==0.6.81
  • ==0.6.66
  • ==0.6.69
  • ==0.6.14
  • ==0.6.73
  • ==0.6.47
  • ==0.6.15
  • ==0.6.36
  • ==0.6.18
  • ==0.6.38
  • ==0.6.62
  • ==0.6.58
  • ==0.6.17
  • ==0.6.41
  • ==0.6.45
  • ==0.6.70
  • ==0.6.16
  • ==0.6.27
  • ==0.6.11
  • ==0.6.67
Dismissed
(hardware only)
Permalink CVE-2026-13516
7.4 HIGH
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Exploit Maturity (E): POC (P)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (hardware only) suggestion
Tenda JD12L WifiGuestSet fromSetWifiGusetBasic stack-based overflow

A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Affected products

JD12L
  • ==16.03.53.23
Dismissed
(hardware only)
Permalink CVE-2026-13515
7.4 HIGH
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Exploit Maturity (E): POC (P)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (hardware only) suggestion
Tenda JD12L SetPptpServerCfg formSetPPTPServer stack-based overflow

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Affected products

JD12L
  • ==16.03.53.23
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 6 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected() Fixes a NULL pointer dereference when ras_core is NULL and ras_core->dev is accessed in the error path. Reported by: Dan Carpenter <dan.carpenter@linaro.org>

Affected products

Linux
  • ==6.19
  • =<*
  • <6b606216e03fa2b53cc179d8383b683a140fe6e1
  • <f2f2ed3d359509c311cc6626226e4578d7eb77d8
  • =<7.0.*
  • <6.19
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 6 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from wbt_alloc() and wbt_init(). However, both are expected failure paths: - wbt_alloc() can return NULL under memory pressure (-ENOMEM) - wbt_init() can fail with -EBUSY if wbt is already registered syzbot triggers this by injecting memory allocation failures during MTD partition creation via ioctl(BLKPG), causing a spurious warning. wbt_init_enable_default() is a best-effort initialization called from blk_register_queue() with a void return type. Failure simply means the disk operates without writeback throttling, which is harmless. Replace WARN_ON_ONCE with plain if-checks, consistent with how wbt_set_lat() in the same file already handles these failures. Add a pr_warn() for the wbt_init() failure to retain diagnostic information without triggering a full stack trace.

Affected products

Linux
  • <e9b004ff83067cdf96774b45aea4b239ace99a2f
  • ==7.0
  • =<*
  • <fd7a982657077469802594a5165bc30b9a55af70
  • =<7.0.*
  • <7.0
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 6 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
arm64: Reserve an extra page for early kernel mapping

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of [data, end) segment may overflow into the next page of init_pg_end[1] which is the gap page before early_init_stack[2]: [1] crash_arm64_v9.0.1> vtop ffffffed00601000 VIRTUAL PHYSICAL ffffffed00601000 83401000 PAGE DIRECTORY: ffffffecffd62000 PGD: ffffffecffd62da0 => 10000000833fb003 PMD: ffffff80033fb018 => 10000000833fe003 PTE: ffffff80033fe008 => 68000083401f03 PAGE: 83401000 PTE PHYSICAL FLAGS 68000083401f03 83401000 (VALID|SHARED|AF|NG|PXN|UXN) PAGE PHYSICAL MAPPING INDEX CNT FLAGS fffffffec00d0040 83401000 0 0 1 4000 reserved [2] ffffffed002c8000 (r) __pi__data ffffffed0054e000 (d) __pi___bss_start ffffffed005f5000 (b) __pi_init_pg_dir ffffffed005fe000 (b) __pi_init_pg_end ffffffed005ff000 (B) early_init_stack ffffffed00608000 (b) __pi__end For 4K pages, the early kernel mapping may use 2MB block entries but the kernel segments are only 64KB aligned. Segment boundaries that fall within a 2MB block therefore require a PTE table so that different attributes can be applied on either side of the boundary. KERNEL_SEGMENT_COUNT still correctly counts the five permanent kernel VMAs registered by declare_kernel_vmas(). However, since commit 5973a62efa34 ("arm64: map [_text, _stext) virtual address range non-executable+read-only"), the early mapper also maps [_text, _stext) separately from [_stext, _etext). This adds one more early-only split and can require one more page-table page than the existing EARLY_SEGMENT_EXTRA_PAGES allowance reserves. Increase the 4K-page early mapping allowance by one page to cover that additional split. [catalin.marinas@arm.com: rewrote part of the commit log] [catalin.marinas@arm.com: expanded the code comment]

Affected products

Linux
  • ==88025faf2aa08c7468d68d8cb31a53b55aae6ee0
  • <4d8e74ad4585672489da6145b3328d415f50db82
  • =<*
  • <6.12.91
  • <dcb89deed40ba55ff7020061712fdabf098cc2cc
  • =<7.0.*
  • <6.18
  • =<6.18.*
  • <6.18
  • =<6.12.*
  • <a4ff33053da0a34b14abb5c96dc5a48379e26fce
  • <9fe9e3acaa14921b0cf0d6cc2de5b562499bf721
  • ==6.18
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 6 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
wifi: mt76: mt7921: Place upper limit on station AID

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd, sourced from Mediatek's OpenWRT feeds. In stock hostapd, station AIDs begin counting at 1, and this configuration is prevented with an upper limit on associated stations. However, the modified hostapd began allocation at 65, which caused the firmware to crash. This fix does not allow these AIDs to work, but will prevent the firmware crash. This crash was only seen on IFTYPE_AP interfaces, and the fix does not appear to have an effect on IFTYPE_STATION behavior.

Affected products

Linux
  • =<*
  • <4d0bf21e3e20619d51d06c0c36207aabab8b712c
  • <5.12
  • =<7.0.*
  • =<6.18.*
  • <6dbe70f9ef14d8ac1c24bf19fd9510978a3ab952
  • <35835ff71e6e618155578b8e3905597edd5f601c
  • <1a4b802afe15c5b33b2dcb37a594aba2fa215d52
  • =<6.12.*
  • ==5.12
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 6 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.

Affected products

Linux
  • <4b3a1bf4c2ffd4c9595d900ead78c9035894a025
  • <cea15f66b7b68b2c50943a6660e0692c6635e4eb
  • <d0e877810baf613b018fd9747440b9d4d9db1428
  • =<6.6.*
  • =<*
  • <5909bedbed38c558bee7cb6758ceedf9bc3a9194
  • =<7.0.*
  • =<6.18.*
  • <ea3ab43a1f3cf2c7cecd75c8be1ee99a5e94a92e
  • <d3ff0c121bbaef026df6248ab7ef6f0b068b0647
  • ==4.17
  • =<6.1.*
  • =<6.12.*
  • <4.17
Dismissed
(max. allowed matches exceeded)
created 2 weeks, 6 days ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() Move the NULL check for 'sta' before dereferencing it to prevent a possible crash.

Affected products

Linux
  • <93d0694fb56de4628a921244d7f100c28acd2def
  • <6.11
  • =<*
  • ==6.11
  • <83ae3a18ba957257b4c406273d2da2caeea2b439
  • =<7.0.*
  • =<6.18.*
  • <28ed0b61f67386c0ba1213227d350005000240fd
  • <b0332428a8d4cf93752eda9e2b0d5585525e689f
  • =<6.12.*