CVE-2025-58942 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed 3 packages python312Packages.aioridwell python313Packages.aioridwell home-assistant-component-tests.ridwell 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress Dwell theme <= 1.7.0 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwell: from n/a through <= 1.7.0. Affected products dwell =<<= 1.7.0 Matching in nixpkgs Package maintainers: 3 @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @dotlambda Robert Schütz <rschuetz17@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch>
CVE-2025-58708 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed package tests.haskell.upstreamStackHpackVersion 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress 777 theme <= 1.3 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes 777 triple-seven allows PHP Local File Inclusion.This issue affects 777: from n/a through <= 1.3. Affected products triple-seven =<<= 1.3 Matching in nixpkgs Package maintainers: 1 @cdepillabout Dennis Gosnell <cdep.illabout@gmail.com>
CVE-2025-62759 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed 10 packages dsseries git-series python312Packages.eseries python312Packages.pyseries python313Packages.pyseries haskellPackages.timezone-series epson-workforce-635-nx625-series pkgsRocm.python3Packages.pyseries azure-cli-extensions.timeseriesinsights epson-inkjet-printer-workforce-840-series 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress Series plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series allows Stored XSS.This issue affects Series: from n/a through 2.0.1. Affected products series =<2.0.1 Matching in nixpkgs Package maintainers: 10 @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com> @katexochen Paul Meyer <katexochen0@gmail.com> @callahad Dan Callahan <dan.callahan@gmail.com> @heichro heichro @jorsn Johannes Rosenberger <johannes@jorsn.eu> @vmandela Venkateswara Rao Mandela <venkat.mandela@gmail.com> @edef1c edef <edef@edef.eu> @Aleksanaa Aleksana QwQ <me@aleksana.moe> @Sigmanificient Yohann Boniface <sigmanificient@gmail.com> @GaetanLepage Gaetan Lepage <gaetan@glepage.com>
CVE-2025-58709 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed 37 packages spago etlegacy spago-legacy ifstat-legacy libewf-legacy geolite-legacy etlegacy-assets etlegacy-unwrapped rquickshare-legacy perlPackages.MenloLegacy adwaita-icon-theme-legacy perl538Packages.MenloLegacy perl540Packages.MenloLegacy haskellPackages.spago-legacy python312Packages.legacy-cgi python313Packages.legacy-cgi intel-compute-runtime-legacy1 ocamlPackages.legacy_diffable php81Extensions.openssl-legacy php82Extensions.openssl-legacy php83Extensions.openssl-legacy php84Extensions.openssl-legacy python312Packages.spacy-legacy python313Packages.spacy-legacy python312Packages.legacy-api-wrap python313Packages.legacy-api-wrap python312Packages.packaging-legacy python312Packages.pyoppleio-legacy python313Packages.packaging-legacy python313Packages.pyoppleio-legacy python312Packages.llama-index-legacy python313Packages.llama-index-legacy ocamlPackages.janeStreet.legacy_diffable pkgsRocm.python3Packages.llama-index-legacy python312Packages.azure-servicemanagement-legacy python313Packages.azure-servicemanagement-legacy gnomeExtensions.legacy-gtk3-theme-scheme-auto-switcher 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress Legacy theme <= 1.9 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through <= 1.9. Affected products legacy =<<= 1.9 Matching in nixpkgs Package maintainers: 24 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @drupol Pol Dellaiera <pol.dellaiera@protonmail.com> @ashleyghooper Ashley Hooper <ashleyghooper@gmail.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @honnip Jung seungwoo <me@honnip.page> @peterhoeg Peter Hoeg <peter@hoeg.com> @fleaz Felix Breidenstein <mail@felixbreidenstein.de> @D3vil0p3r Antonio Voza <vozaanthony@gmail.com> @Ma27 Maximilian Bosch <maximilian@mbosch.me> @aanderse Aaron Andersen <aaron@fosslib.net> @talyz Kim Lindberger <kim.lindberger@gmail.com> @piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com> @olcai Erik Timan <dev@timan.info> @mwilsoncoding Max Wilson <nixpkgs@maxwilson.dev> @dotlambda Robert Schütz <rschuetz17@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mattmelling Matt Melling <mattmelling@fastmail.com> @luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com> @PerchunPak Perchun Pak <nixpkgs@perchun.it> @bcdarwin Ben Darwin <bcdarwin@gmail.com> @JamieMagee Jamie Magee <jamie.magee@gmail.com>
CVE-2025-62137 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed 2 packages sshuttle cargo-shuttle 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shuttlethemes Shuttle allows Stored XSS.This issue affects Shuttle: from n/a through 1.5.0. Affected products shuttle =<1.5.0 Matching in nixpkgs Package maintainers: 3 @figsoda figsoda <figsoda@pm.me> @carlosdagos Carlos D'Agostino <m@cdagostino.io> @domenkozar Domen Kozar <domen@dev.si>
CVE-2025-67935 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed 10 packages pngoptimizer meshoptimizer openorbitaloptimizer elmPackages.elm-optimize-level-2 akkuPackages.cyclone-iset-optimize haskellPackages.amazonka-compute-optimizer python312Packages.mypy-boto3-compute-optimizer python313Packages.mypy-boto3-compute-optimizer python312Packages.types-aiobotocore-compute-optimizer python313Packages.types-aiobotocore-compute-optimizer 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4. Affected products optimizewp =<< 2.4 Matching in nixpkgs Package maintainers: 7 @turboMaCk Marek Fajkus <marek.faj@gmail.com> @bouk Bouke van der Bijl <i@bou.ke> @lillycham Lilly Cham <lillycat332@gmail.com> @syvb Smitty van Bodegom <me@smitop.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mbalatsko Maksym Balatsko <mbalatsko@gmail.com> @sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
CVE-2025-60053 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed 3 packages python312Packages.maxcube-api python313Packages.maxcube-api home-assistant-component-tests.maxcube 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress MaxCube theme <= 1.3.1 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through <= 1.3.1. Affected products maxcube =<<= 1.3.1 Matching in nixpkgs Package maintainers: 3 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @dotlambda Robert Schütz <rschuetz17@gmail.com> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
CVE-2025-67528 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 4 hours ago @LeSuisse removed 31 packages furnace xournalpp journalist lazyjournal qjournalctl tui-journal journalwatch annapurna-sil journaldriver systemd-journal2gelf kdePackages.kjournald perlPackages.LogJournald perl538Packages.LogJournald perl540Packages.LogJournald python312Packages.swh-journal python313Packages.swh-journal python312Packages.waterfurnace typstPackages.starter-journal-article_0_4_0 typstPackages.starter-journal-article_0_3_3 typstPackages.starter-journal-article_0_3_2 typstPackages.starter-journal-article_0_3_1 typstPackages.starter-journal-article_0_3_0 typstPackages.starter-journal-article_0_2_0 typstPackages.starter-journal-article_0_1_1 haskellPackages.logging-facade-journald typstPackages.starter-journal-article python313Packages.logging-journald python312Packages.logging-journald haskellPackages.libsystemd-journal haskellPackages.journalctl-stream python313Packages.waterfurnace 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. Affected products urna =<<= 2.5.12 Matching in nixpkgs Package maintainers: 26 @kmein Kierán Meinhardt <kmein@posteo.de> @OPNA2608 Cosima Neidahl <opna2608@protonmail.com> @tazjin Vincent Ambo <mail@tazj.in> @Moraxyc Moraxyc Xu <i@qaq.li> @florianjacob Florian Jacob <projects+nixos@florianjacob.de> @K900 Ilya K. <me@0upti.me> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com> @nyanloutre Paul Trehiou <paul@nyanlout.re> @FRidh Frederik Rietdijk <fridh@fridh.nl> @mjm Matt Moriarity <matt@mattmoriarity.com> @peterhoeg Peter Hoeg <peter@hoeg.com> @bkchr Bastian Köcher <nixos@kchr.de> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @NickCao Nick Cao <nickcao@nichi.co> @pluiedev Leah Amelia Chen <hi@pluie.me> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @drupol Pol Dellaiera <pol.dellaiera@protonmail.com> @romildo José Romildo Malaquias <malaquias@gmail.com> @fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com> @fpletz Franz Pletz <fpletz@fnordicwalking.de> @figsoda figsoda <figsoda@pm.me> @cherrypiejam Gongqi Huang @sikmir Nikolay Korotkiy <sikmir@disroot.org>
CVE-2025-52739 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 3 hours ago @LeSuisse removed 4 packages python313Packages.schema-salad python312Packages.schema-salad python313Packages.datasalad python312Packages.datasalad 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. Affected products Sala =<1.1.3 Matching in nixpkgs Package maintainers: 2 @gador Florian Brandes <florian.brandes@posteo.de> @veprbl Dmitry Kalinkin <veprbl@gmail.com>
CVE-2026-0906 updated 2 days, 23 hours ago by @LeSuisse Activity log Created automatic suggestion 3 days, 3 hours ago @LeSuisse removed 25 packages chromedriver netflix mkchromecast chrome-export go-chromecast google-chrome chrome-token-signing chrome-pak-customizer curl-impersonate-chrome undetected-chromedriver electron-chromedriver_33 grafanaPlugins.ventura-psychrometric-panel python313Packages.undetected-chromedriver python312Packages.undetected-chromedriver python313Packages.pychromecast python312Packages.pychromecast noto-fonts-monochrome-emoji ocamlPackages.chrome-trace xorg.xf86videoopenchrome electron-chromedriver_39 electron-chromedriver_38 electron-chromedriver_37 electron-chromedriver_36 electron-chromedriver_35 electron-chromedriver_34 2 days, 23 hours ago @LeSuisse dismissed 2 days, 23 hours ago Incorrect security UI in Google Chrome on Android prior to … Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) Affected products Chrome <144.0.7559.59 Matching in nixpkgs Package maintainers: 15 @bdesham Benjamin Esham <benjamin@esham.io> @UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com> @mmahut Marek Mahut <marek.mahut@gmail.com> @emilylange Emily Lange <nix@emilylange.de> @networkException networkException <nix@nwex.de> @GGG-KILLER GGG <gggkiller2@gmail.com> @yayayayaka Yaya <github@uwu.is> @liam-murphy14 Liam Murphy <liam.murphy137@gmail.com> @zi3m5f zi3m5f <k7n3o3a6f@mozmail.com> @johnrtitor Masum Reza <masumrezarock100@gmail.com> @Shou Benedict Aas <x+g@shou.io> @roberth Robert Hensing <nixpkgs@roberthensing.nl> @nicoonoclaste nicoo <nicoo@debian.org> @abbradar Nikolay Amiantov <ab@fmap.me> @nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>