CVE-2025-32283 updated 6 days, 10 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 47 packages solarus solargraph coc-solargraph solarc-gtk-theme solarus-launcher dircolors-solarized solarus-quest-editor rubyPackages.solargraph numix-solarized-gtk-theme vimPlugins.coc-solargraph nodePackages.coc-solargraph rubyPackages_3_1.solargraph rubyPackages_3_2.solargraph rubyPackages_3_3.solargraph rubyPackages_3_4.solargraph rubyPackages_3_5.solargraph python312Packages.zeversolar python313Packages.zeversolar rubyPackages.yard-solargraph prometheus-solaredge-exporter python312Packages.aiosolaredge python312Packages.pysolarmanv5 python312Packages.solarlog-cli python313Packages.aiosolaredge python313Packages.pysolarmanv5 python313Packages.solarlog-cli python312Packages.solaredge-web python313Packages.solaredge-web python312Packages.forecast-solar python313Packages.forecast-solar rubyPackages_3_1.yard-solargraph rubyPackages_3_2.yard-solargraph rubyPackages_3_3.yard-solargraph rubyPackages_3_4.yard-solargraph rubyPackages_3_5.yard-solargraph python312Packages.solaredge-local python312Packages.zeversolarlocal python313Packages.solaredge-local python313Packages.zeversolarlocal nodePackages_latest.coc-solargraph vscode-extensions.castwide.solargraph home-assistant-component-tests.solarlog home-assistant-component-tests.solaredge home-assistant-component-tests.zeversolar home-assistant-custom-components.solarman home-assistant-component-tests.forecast_solar vscode-extensions.brandonkirbyson.solarized-palenight 6 days, 10 hours ago @LeSuisse dismissed 6 days, 10 hours ago WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5. Affected products solar =<<= 3.5 Matching in nixpkgs Package maintainers: 12 @polyfloyd polyfloyd <floyd@polyfloyd.net> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @dotlambda Robert Schütz <rschuetz17@gmail.com> @offlinehacker Jaka Hudoklin <jaka@x-truder.net> @paepckehh Michael Paepcke <git@paepcke.de> @SebTM Sebastian Sellmeier <mail@sebastian-sellmeier.de> @bbenno Benno Bielmeier <nix@bbenno.com> @pyrox0 Pyrox <pyrox@pyrox.dev> @Scrumplex Sefa Eyeoglu <contact@scrumplex.net> @JamieMagee Jamie Magee <jamie.magee@gmail.com> @marcin-serwin Marcin Serwin <marcin@serwin.dev>
CVE-2025-67532 updated 6 days, 10 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 11 packages charasay gnome-characters keepass-charactercopy unicode-character-database haskellPackages.character-ps coqPackages.mathcomp-character python312Packages.characteristic python313Packages.characteristic magnetophonDSP.CharacterCompressor python312Packages.character-encoding-utils python313Packages.character-encoding-utils 6 days, 10 hours ago @LeSuisse dismissed 6 days, 10 hours ago WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. Affected products hara =<<= 1.2.17 Matching in nixpkgs Package maintainers: 11 @hmajid2301 Haseeb Majid <hello@haseebmajid.dev> @vbgl Vincent Laporte <Vincent.Laporte@gmail.com> @CohenCyril Cyril Cohen <cyril.cohen@inria.fr> @jwiegley John Wiegley <johnw@newartisans.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @jtojnar Jan Tojnar <jtojnar@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @magnetophon Bart Brouns <bart@magnetophon.nl> @TakWolf TakWolf <takwolf@foxmail.com> @h7x4 h7x4 <h7x4@nani.wtf>
CVE-2025-68556 updated 6 days, 10 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 18 packages happy triggerhappy haskellPackages.happy haskellPackages.happy-dot haskellPackages.happy-lib haskellPackages.happy-meta ocamlPackages.happy-eyeballs haskellPackages.happy-arbitrary ocamlPackages.happy-eyeballs-lwt gnomeExtensions.happy-appy-hotkey ocamlPackages.mimic-happy-eyeballs python312Packages.aiohappyeyeballs python313Packages.aiohappyeyeballs ocamlPackages.happy-eyeballs-mirage tests.testers.testBuildFailure.happy tests.testers.testBuildFailure'.happy tests.testers.testBuildFailure.happyStructuredAttrs tests.testers.testBuildFailure'.happyStructuredAttrs 6 days, 10 hours ago @LeSuisse dismissed 6 days, 10 hours ago WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9. Affected products happy-helpdesk-support-ticket-system =<1.0.9 Matching in nixpkgs Package maintainers: 8 @honnip Jung seungwoo <me@honnip.page> @ulysses4ever Artem Pelenitsyn <a@pelenitsyn.top> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @ConnorBaker Connor Baker <ConnorBaker01@gmail.com> @tgharib Taha Gharib <xrcrod@gmail.com> @vbgl Vincent Laporte <Vincent.Laporte@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
CVE-2025-67936 updated 6 days, 10 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 3 packages ocamlPackages.curly haskellPackages.curly-expander haskellPackages.recurly-client 6 days, 10 hours ago @LeSuisse dismissed 6 days, 10 hours ago WordPress Curly theme < 3.3 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3. Affected products curly =<< 3.3 Matching in nixpkgs Package maintainers: 1 @sternenseemann Lukas Epple <sternenseemann@systemli.org>
CVE-2025-60206 updated 6 days, 10 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 8 packages selenium-server-standalone cbqn-standalone-replxx htmlunit-driver cbqn-standalone argp-standalone art-standalone selendroid stalonetray 6 days, 10 hours ago @LeSuisse dismissed 6 days, 10 hours ago WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. Affected products alone =<<= 7.8.3 Matching in nixpkgs Package maintainers: 9 @Amar1729 Amar Paul <amar.paul16@gmail.com> @shnarazk Narazaki Shuji <shujinarazaki@protonmail.com> @Detegr Antti Keränen <detegr@rbx.email> @sternenseemann Lukas Epple <sternenseemann@systemli.org> @Synthetica9 Patrick Hilhorst <nix@hilhorst.be> @coreyoconnor Corey O'Connor <coreyoconnor@gmail.com> @offlinehacker Jaka Hudoklin <jaka@x-truder.net> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @onny Jonas Heinrich <onny@project-insanity.org>
CVE-2025-67568 updated 6 days, 10 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 10 packages python312Packages.baseline python313Packages.baseline python312Packages.baselines python313Packages.baselines pkgsRocm.python3Packages.baselines python312Packages.stable-baselines3 python313Packages.stable-baselines3 pkgsRocm.python3Packages.stable-baselines3 python312Packages.robotframework-databaselibrary python313Packages.robotframework-databaselibrary 6 days, 10 hours ago @LeSuisse dismissed 6 days, 10 hours ago WordPress Basel theme <= 5.9.1 - Broken Access Control vulnerability Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1. Affected products basel =<<= 5.9.1 Matching in nixpkgs Package maintainers: 4 @dnr David Reiss <dnr@dnr.im> @timokau Timo Kaufmann <timokau@zoho.com> @talkara Taito Horiuchi <taito.horiuchi@relexsolutions.com> @DerDennisOP Dennis <dennish@wuitz.de>
CVE-2025-60212 updated 6 days, 22 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed package ocamlPackages.reactivedata 6 days, 22 hours ago @LeSuisse dismissed 6 days, 22 hours ago WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2. Affected products veda =<<= 4.2 Matching in nixpkgs Package maintainers: 1 @vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
CVE-2025-68546 updated 6 days, 22 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 3 packages nika-fonts python312Packages.minikanren python313Packages.minikanren 6 days, 22 hours ago @LeSuisse dismissed 6 days, 22 hours ago WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14. Affected products Nika =<1.2.14 Matching in nixpkgs Package maintainers: 1 @Etjean Etienne Jean <et.jean@outlook.fr>
CVE-2025-52750 updated 6 days, 22 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed package emu2 6 days, 22 hours ago @LeSuisse dismissed 6 days, 22 hours ago WordPress Emu2 plugin <= 0.83b - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juergen Schulze Emu2 emu2-email-users-2 allows Reflected XSS.This issue affects Emu2: from n/a through <= 0.83b. Affected products emu2-email-users-2 =<<= 0.83b Matching in nixpkgs
CVE-2025-64230 updated 6 days, 22 hours ago by @LeSuisse Activity log Created automatic suggestion 1 week ago @LeSuisse removed 5 packages typstPackages.efilrst_0_3_2 typstPackages.efilrst_0_3_1 typstPackages.efilrst_0_3_0 typstPackages.efilrst_0_2_0 typstPackages.efilrst_0_1_0 6 days, 22 hours ago @LeSuisse dismissed 6 days, 22 hours ago WordPress Filr plugin <= 1.2.10 - Arbitrary File Deletion vulnerability Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through <= 1.2.10. Affected products filr-protection =<<= 1.2.10 Matching in nixpkgs Package maintainers: 1 @cherrypiejam Gongqi Huang