Nixpkgs Security Tracker

CVE-2023-43787

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 2 days, 14 hours ago by @LeSuisse Activity log

Created automatic suggestion 4 weeks, 1 day ago
@LeSuisse removed
2 packages
- xorg.libX11
- tests.pkg-config.defaultPkgConfigPackages.x11
2 days, 14 hours ago
@LeSuisse dismissed 2 days, 14 hours ago

Libx11: integer overflow in xcreateimage() leading to a heap overflow

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

Affected products

libX11

<1.8.7
*

Matching in nixpkgs

CVE-2023-43786

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 2 days, 14 hours ago by @LeSuisse Activity log

Created automatic suggestion 4 weeks, 1 day ago
@LeSuisse removed
4 packages
- xorg.libX11
- tests.pkg-config.defaultPkgConfigPackages.x11
- xorg.libXpm
- tests.pkg-config.defaultPkgConfigPackages.xpm
2 days, 14 hours ago
@LeSuisse dismissed 2 days, 14 hours ago

Libx11: stack exhaustion from infinite recursion in putsubimage()

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.

Affected products

libX11

*

libXpm

<3.5.17

Matching in nixpkgs

CVE-2023-43785

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 days, 14 hours ago by @LeSuisse Activity log

Created automatic suggestion 4 weeks, 1 day ago
@LeSuisse removed
2 packages
- xorg.libX11
- tests.pkg-config.defaultPkgConfigPackages.x11
2 days, 14 hours ago
@LeSuisse dismissed 2 days, 14 hours ago

Libx11: out-of-bounds memory access in _xkbreadkeysyms()

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.

Affected products

libX11

<1.8.7
*

Matching in nixpkgs

CVE-2021-4472

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 days, 14 hours ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 4 days ago
@LeSuisse removed
3 packages
- mistralclient
- python312Packages.python-mistralclient
- python313Packages.python-mistralclient
2 days, 14 hours ago
@LeSuisse dismissed 2 days, 14 hours ago

Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.

Affected products

python-mistralclient

rhosp13/openstack-zaqar

rhosp13/openstack-ec2-api

rhosp13/openstack-horizon

rhosp13/openstack-tempest

rhosp13/openstack-aodh-api

rhosp13/openstack-collectd

rhosp13/openstack-heat-all

rhosp13/openstack-heat-api

rhosp13/openstack-keystone

rhosp13/openstack-nova-api

rhosp13/openstack-aodh-base

rhosp13/openstack-heat-base

rhosp13/openstack-nova-base

rhosp13/openstack-panko-api

rhosp13/openstack-cinder-api

rhosp13/openstack-glance-api

rhosp13/openstack-ironic-api

rhosp13/openstack-ironic-pxe

rhosp13/openstack-manila-api

rhosp13/openstack-panko-base

rhosp13/openstack-sahara-api

rhosp13/openstack-swift-base

rhosp13/openstack-cinder-base

rhosp13/openstack-glance-base

rhosp13/openstack-gnocchi-api

rhosp13/openstack-heat-engine

rhosp13/openstack-ironic-base

rhosp13/openstack-manila-base

rhosp13/openstack-mistral-api

rhosp13/openstack-octavia-api

rhosp13/openstack-sahara-base

rhosp-rhel8/openstack-heat-all

rhosp-rhel8/openstack-heat-api

rhosp-rhel9/openstack-heat-all

rhosp-rhel9/openstack-heat-api

rhosp13/openstack-barbican-api

rhosp13/openstack-dependencies

rhosp13/openstack-gnocchi-base

rhosp13/openstack-heat-api-cfn

rhosp13/openstack-horizon-base

rhosp13/openstack-manila-share

rhosp13/openstack-mistral-base

rhosp13/openstack-neutron-base

rhosp13/openstack-nova-compute

rhosp13/openstack-octavia-base

rhosp13/openstack-swift-object

rhosp-rhel8/openstack-heat-base

rhosp-rhel9/openstack-heat-base

rhosp13/openstack-aodh-listener

rhosp13/openstack-aodh-notifier

rhosp13/openstack-barbican-base

rhosp13/openstack-cinder-backup

rhosp13/openstack-cinder-volume

rhosp13/openstack-keystone-base

rhosp13/openstack-sahara-engine

rhosp13/openstack-swift-account

rhosp13/openstack-aodh-evaluator

rhosp13/openstack-gnocchi-statsd

rhosp13/openstack-mistral-engine

rhosp13/openstack-neutron-server

rhosp13/openstack-nova-conductor

rhosp13/openstack-nova-scheduler

rhosp13/openstack-octavia-worker

rhosp-rhel8/openstack-heat-engine

rhosp-rhel8/openstack-mistral-api

rhosp-rhel9/openstack-heat-engine

rhosp13/openstack-barbican-worker

rhosp13/openstack-ceilometer-base

rhosp13/openstack-ceilometer-ipmi

rhosp13/openstack-gnocchi-metricd

rhosp13/openstack-nova-novncproxy

rhosp13/openstack-swift-container

rhosp-rhel8/openstack-heat-api-cfn

rhosp-rhel8/openstack-mistral-base

rhosp-rhel9/openstack-heat-api-cfn

rhosp13/openstack-cinder-scheduler

rhosp13/openstack-ironic-conductor

rhosp13/openstack-ironic-inspector

rhosp13/openstack-manila-scheduler

rhosp13/openstack-mistral-executor

rhosp13/openstack-neutron-l3-agent

rhosp13/openstack-nova-consoleauth

rhosp-rhel8/openstack-tripleoclient

rhosp-rhel9/openstack-tripleoclient

rhosp-rhel8/openstack-mistral-engine

rhosp-rhel8/openstack-nova-scheduler

rhosp13/openstack-ceilometer-central

rhosp13/openstack-ceilometer-compute

rhosp13/openstack-neutron-dhcp-agent

rhosp13/openstack-neutron-server-ovn

rhosp13/openstack-nova-placement-api

rhosp13/openstack-swift-proxy-server

rhosp13/openstack-neutron-sriov-agent

rhosp13/openstack-nova-compute-ironic

rhosp-rhel8/openstack-mistral-executor

rhosp13/openstack-ironic-neutron-agent

rhosp13/openstack-mistral-event-engine

rhosp13/openstack-octavia-housekeeping

rhosp13/openstack-neutron-metadata-agent

rhosp13/openstack-octavia-health-manager

rhosp13/openstack-ceilometer-notification

rhosp-rhel8/openstack-mistral-event-engine

rhosp13/openstack-neutron-openvswitch-agent

rhosp13/openstack-barbican-keystone-listener

rhosp13/openstack-neutron-metadata-agent-ovn

rhosp13/openstack-neutron-server-opendaylight

Matching in nixpkgs

Package maintainers: 3

@vinetos vinetos <vinetosdev@gmail.com>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@anthonyroussel Anthony Roussel <anthony@roussel.dev>

CVE-2025-64363

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 2 weeks, 1 day ago by @pyrox0 Activity log

Created automatic suggestion 4 weeks, 1 day ago
@pyrox0 dismissed 2 weeks, 1 day ago

WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0.

Affected products

kleo

=<< 5.5.0

Matching in nixpkgs

pkgs.libsForQt5.libkleo

nixos-25.05 23.08.5
- nixpkgs-25.05-darwin 23.08.5
- nixos-25.05-small 23.08.5

pkgs.kdePackages.libkleo

Library that provides cryptography support for mails

nixos-25.05 25.04.3
- nixpkgs-25.05-darwin 25.04.3
- nixos-25.05-small 25.04.3
nixos-unstable 25.08.1
- nixos-unstable-small 25.08.1
- nixpkgs-unstable 25.08.1

pkgs.libsForQt5.kleopatra

Certificate manager and unified crypto GUI

nixos-25.05 23.08.5
- nixpkgs-25.05-darwin 23.08.5
- nixos-25.05-small 23.08.5

pkgs.kdePackages.kleopatra

Certificate manager and GUI for OpenPGP and CMS cryptography

nixos-25.05 25.04.3
- nixpkgs-25.05-darwin 25.04.3
- nixos-25.05-small 25.04.3
nixos-unstable 25.08.1
- nixos-unstable-small 25.08.1
- nixpkgs-unstable 25.08.1

pkgs.plasma5Packages.libkleo

nixos-25.05 23.08.5
- nixpkgs-25.05-darwin 23.08.5
- nixos-25.05-small 23.08.5

pkgs.plasma5Packages.kleopatra

Certificate manager and unified crypto GUI

nixos-25.05 23.08.5
- nixpkgs-25.05-darwin 23.08.5
- nixos-25.05-small 23.08.5

Package maintainers: 9

@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@K900 Ilya K. <me@0upti.me>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@vandenoever Jos van den Oever <jos@vandenoever.info>
@nyanloutre Paul Trehiou <paul@nyanlout.re>

CVE-2025-12695

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 weeks, 1 day ago by @pyrox0 Activity log

Created automatic suggestion 4 weeks, 1 day ago
@pyrox0 dismissed 2 weeks, 1 day ago

Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.

Affected products

dspy

==0

Matching in nixpkgs

pkgs.python312Packages.ndspy

Python library for many Nintendo DS file formats

nixos-25.05 4.2.0
- nixpkgs-25.05-darwin 4.2.0
- nixos-25.05-small 4.2.0
nixos-unstable 4.2.0
- nixos-unstable-small 4.2.0
- nixpkgs-unstable 4.2.0

pkgs.python313Packages.ndspy

Python library for many Nintendo DS file formats

nixos-25.05 4.2.0
- nixpkgs-25.05-darwin 4.2.0
- nixos-25.05-small 4.2.0
nixos-unstable 4.2.0
- nixos-unstable-small 4.2.0
- nixpkgs-unstable 4.2.0

Package maintainers: 1

@marius851000 Marius David <mariusdavid@laposte.net>

CVE-2025-10622

8.0 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 2 weeks, 1 day ago by @pyrox0 Activity log

Created automatic suggestion 4 weeks, 1 day ago
@pyrox0 dismissed 2 weeks, 1 day ago

Foreman: os command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

Affected products

foreman

*

satellite:el8/foreman

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

nixos-25.05 0.87.2
- nixpkgs-25.05-darwin 0.87.2
- nixos-25.05-small 0.87.2
nixos-unstable 0.87.2
- nixos-unstable-small 0.87.2
- nixpkgs-unstable 0.87.2

Package maintainers: 1

@zimbatm zimbatm <zimbatm@zimbatm.com>

CVE-2025-66099

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 weeks, 1 day ago by @pyrox0 Activity log

Created automatic suggestion 4 weeks ago
@pyrox0 dismissed 2 weeks, 1 day ago

WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3.

Affected products

chat-help

=<<= 3.1.3

Matching in nixpkgs

pkgs.aider-chat-with-help

AI pair programming in your terminal

nixos-unstable 0.86.1
- nixos-unstable-small 0.86.1
- nixpkgs-unstable 0.86.1

Package maintainers: 2

@happysalada Raphael Megzari <raphael@megzari.com>
@yzx9 Zexin Yuan <yuan.zx@outlook.com>

CVE-2025-60093

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

updated 2 weeks, 5 days ago by @LeSuisse Activity log

Created automatic suggestion 4 weeks, 1 day ago
@LeSuisse dismissed 2 weeks, 5 days ago

WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24.

Affected products

download-manager

=<3.3.24

Matching in nixpkgs

pkgs.lomiri.lomiri-download-manager

Performs uploads and downloads from a centralized location

nixos-25.05 0.2.1
- nixpkgs-25.05-darwin 0.2.1
- nixos-25.05-small 0.2.1
nixos-unstable 0.2.1
- nixos-unstable-small 0.2.1
- nixpkgs-unstable 0.2.1

Package maintainers: 1

@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>

CVE-2025-60092

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 weeks, 5 days ago by @LeSuisse Activity log

Created automatic suggestion 4 weeks, 1 day ago
@LeSuisse dismissed 2 weeks, 5 days ago

WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24.

Affected products

download-manager

=<3.3.24

Matching in nixpkgs

pkgs.lomiri.lomiri-download-manager

Performs uploads and downloads from a centralized location

nixos-25.05 0.2.1
- nixpkgs-25.05-darwin 0.2.1
- nixos-25.05-small 0.2.1
nixos-unstable 0.2.1
- nixos-unstable-small 0.2.1
- nixpkgs-unstable 0.2.1

Package maintainers: 1

@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>

Dismissed suggestions

Affected products

Matching in nixpkgs

Affected products

Matching in nixpkgs

Affected products

Matching in nixpkgs

Affected products

Matching in nixpkgs

Package maintainers: 3

Affected products

Matching in nixpkgs

pkgs.libsForQt5.libkleo

pkgs.kdePackages.libkleo

pkgs.libsForQt5.kleopatra

pkgs.kdePackages.kleopatra

pkgs.plasma5Packages.libkleo

pkgs.plasma5Packages.kleopatra

Package maintainers: 9

Affected products

Matching in nixpkgs

pkgs.python312Packages.ndspy

pkgs.python313Packages.ndspy

Package maintainers: 1

Affected products

Matching in nixpkgs

pkgs.foreman

Package maintainers: 1

Affected products

Matching in nixpkgs

pkgs.aider-chat-with-help

Package maintainers: 2

Affected products

Matching in nixpkgs

pkgs.lomiri.lomiri-download-manager

Package maintainers: 1

Affected products

Matching in nixpkgs

pkgs.lomiri.lomiri-download-manager

Package maintainers: 1