Nixpkgs Security Tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for a revision.

CVE-2025-58806
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months ago
  • @LeSuisse removed
    6 packages
    • haskellPackages.bugsnag
    • python312Packages.bugsnag
    • python313Packages.bugsnag
    • haskellPackages.bugsnag-hs
    • haskellPackages.bugsnag-wai
    • haskellPackages.bugsnag-yesod
    2 months, 2 weeks ago
  • @LeSuisse dismissed 2 months, 2 weeks ago
WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3.

Affected products

bugsnag
  • =<1.6.3

Matching in nixpkgs

CVE-2025-58801
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months ago
  • @LeSuisse removed package responder 2 months, 2 weeks ago
  • @LeSuisse dismissed 2 months, 2 weeks ago
WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8.

Affected products

responder
  • =<4.3.8

Matching in nixpkgs

CVE-2025-58820
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months ago
  • @LeSuisse removed package haskellPackages.data-carousel 2 months, 2 weeks ago
  • @LeSuisse dismissed 2 months, 2 weeks ago
WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8.

Affected products

carousel
  • =<1.8

Matching in nixpkgs

CVE-2025-58822
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months ago
  • @LeSuisse removed package wordpressPackages.plugins.wp-mail-smtp 2 months, 2 weeks ago
  • @LeSuisse dismissed 2 months, 2 weeks ago
WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3.

Affected products

wp-mail
  • =<1.3

Matching in nixpkgs

CVE-2025-54709
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months ago
  • @LeSuisse removed
    4 packages
    • python312Packages.datasalad
    • python313Packages.datasalad
    • python312Packages.schema-salad
    • python313Packages.schema-salad
    2 months, 2 weeks ago
  • @LeSuisse dismissed 2 months, 2 weeks ago
WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6.

Affected products

sala
  • =<1.1.6

Matching in nixpkgs

CVE-2025-58997
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months ago
  • @LeSuisse removed
    8 packages
    • libmowgli
    • python312Packages.aioautomower
    • python313Packages.aioautomower
    • python312Packages.automower-ble
    • python313Packages.automower-ble
    • home-assistant-component-tests.lawn_mower
    • home-assistant-component-tests.husqvarna_automower
    • home-assistant-component-tests.husqvarna_automower_ble
    2 months, 2 weeks ago
  • @LeSuisse dismissed 2 months, 2 weeks ago
WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.

Affected products

mow
  • =<4.10

Matching in nixpkgs

CVE-2025-58993
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months ago
  • @LeSuisse removed
    6 packages
    • haskellPackages.timeless-tutorials
    • typstPackages.tutor_0_8_0
    • typstPackages.tutor_0_7_0
    • typstPackages.tutor_0_6_1
    • typstPackages.tutor_0_4_0
    • typstPackages.tutor_0_3_0
    2 months, 2 weeks ago
  • @LeSuisse dismissed 2 months, 2 weeks ago
WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4.

Affected products

tutor
  • =<3.7.4

Matching in nixpkgs

CVE-2025-57924
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @mweinelt removed package darwin.developer_cmds 2 months, 3 weeks ago
  • @mweinelt dismissed 2 months, 3 weeks ago
WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6.

Affected products

developer
  • =<1.2.6

Matching in nixpkgs

CVE-2025-58199
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @mweinelt removed
    3 packages
    • fastly
    • prometheus-fastly-exporter
    • terraform-providers.fastly
    2 months, 3 weeks ago
  • @mweinelt dismissed 2 months, 3 weeks ago
WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28.

Affected products

fastly
  • =<1.2.28

Matching in nixpkgs

CVE-2025-57996
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created automatic suggestion 3 months, 3 weeks ago
  • @mweinelt removed
    3 packages
    • buckets
    • python312Packages.bucketstore
    • python313Packages.bucketstore
    2 months, 3 weeks ago
  • @mweinelt dismissed 2 months, 3 weeks ago
WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9.

Affected products

buckets
  • =<0.3.9

Matching in nixpkgs