Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2025-2157
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year ago
Foreman: disclosure of executed commands and outputs in foreman / red hat satellite

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.

References

Affected products

foreman
  • ==6.16
  • ==6.17

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

Package maintainers

Permalink CVE-2023-20579
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Improper Access Control in the AMD SPI protection feature may …

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

Affected products

PI
  • ==Various
  • ==various
  • ==various
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
  • ==various
AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics
  • ==various
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

Permalink CVE-2023-6787
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 year, 1 month ago
Keycloak: session hijacking via re-authentication

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.

References

Affected products

keycloak
  • <24.0.3
  • <22.0.10
keycloak-core
rh-sso7-keycloak
rhbk/keycloak-rhel9
  • *
rhbk/keycloak-rhel9-operator
  • *
rhbk/keycloak-operator-bundle
  • *

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

Package maintainers

Permalink CVE-2024-8176
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

References

Affected products

expat
  • *
rhcos
firefox
libexpat
  • <2.7.0
xmlrpc-c
  • *
lua-expat
mingw-expat
thunderbird
compat-expat1
firefox:flatpak/firefox
discovery/discovery-ui-rhel9
  • *
thunderbird:flatpak/thunderbird
discovery/discovery-server-rhel9
  • *
Red Hat JBoss Core Services 2.4.62.SP1
devworkspace/devworkspace-project-clone-rhel9
  • *
registry.redhat.io/discovery/discovery-ui-rhel9
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9
  • *

Matching in nixpkgs

pkgs.expat

Stream-oriented XML parser library written in C

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

This GNOME extension makes it easy to launch Firefox with a specific profile from the indicator menu.

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 2

Package maintainers

Permalink CVE-2022-28652
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 year, 1 month ago
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

Affected products

apport
  • <2.21.0

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-0650
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Ovn: egress acls may be bypassed via specially crafted udp packet

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

References

Affected products

ovn
  • ==24.03.5
  • ==22.03.8
  • ==24.09.2
ovn2.11
ovn2.12
ovn2.13
ovn-2021
ovn22.03
  • *
ovn22.06
  • *
ovn22.09
  • *
ovn22.12
  • *
ovn23.03
  • *
ovn23.06
  • *
ovn23.09
  • *
ovn24.03
  • *
ovn24.09
  • *

Matching in nixpkgs

pkgs.novnc

VNC client web application

pkgs.turbovnc

High-speed version of VNC derived from TightVNC

pkgs.nanovna-saver

A tool for reading, displaying and saving data from the NanoVNA

Package maintainers

Permalink CVE-2024-2313
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 year, 1 month ago
If kernel headers need to be extracted, bpftrace will attempt …

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

Affected products

bpftrace
  • <v0.20.2

Matching in nixpkgs

pkgs.bpftrace

High-level tracing language for Linux eBPF

Package maintainers

Permalink CVE-2024-43437
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 1 month ago
Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

Affected products

moodle
  • <4.2.9
  • <4.3.6
  • <4.1.12
  • <4.4.2

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Permalink CVE-2023-26020
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

Affected products

Studio
  • =<4.0.1
  • =<3.1.26

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-27274
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 1 month ago
WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability

Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11.

Affected products

gpx-viewer
  • =<2.2.11

Matching in nixpkgs

pkgs.gpx-viewer

Simple tool to visualize tracks and waypoints stored in a gpx file

Package maintainers

  • @dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <>