Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2025-30192
created 4 months ago
A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.

Affected products

pdns-recursor
  • ==5.2.4
  • ==5.1.6
  • ==5.0.12

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

  • nixos-unstable -

Package maintainers: 1

CVE-2025-7783
created 4 months ago
Usage of unsafe random function in form-data for choosing boundary

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

Affected products

form-data
  • ==3.0.0 - 3.0.3
  • ==< 2.5.4
  • ==4.0.0 - 4.0.3

Matching in nixpkgs

pkgs.python312Packages.streaming-form-data

Streaming parser for multipart/form-data

  • nixos-unstable -

pkgs.python313Packages.streaming-form-data

Streaming parser for multipart/form-data

  • nixos-unstable -

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Reads & decodes HTTP multipart/form-data requests.

  • nixos-unstable -

Package maintainers: 1

CVE-2025-3753
created 4 months ago
Unsafe use of eval() method in rosbag tool

A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.

Affected products

rosbag
  • ==Indigo Igloo
  • ==Kinetic Kame
  • ==Melodic Morenia
  • ==Noetic Ninjemys

Matching in nixpkgs

pkgs.python312Packages.rosbags

Pure Python library to read, modify, convert, and write rosbag files

pkgs.python313Packages.rosbags

Pure Python library to read, modify, convert, and write rosbag files

Package maintainers: 1

CVE-2025-40924
created 4 months ago
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Affected products

Catalyst-Plugin-Session
  • <0.44

Matching in nixpkgs

pkgs.perlPackages.CatalystPluginSession

Generic Session plugin - ties together server side storage and client side state required to maintain session data

  • nixos-unstable -

pkgs.perl538Packages.CatalystPluginSession

Generic Session plugin - ties together server side storage and client side state required to maintain session data

  • nixos-unstable -

pkgs.perl540Packages.CatalystPluginSession

Generic Session plugin - ties together server side storage and client side state required to maintain session data

  • nixos-unstable -

pkgs.perlPackages.CatalystPluginSessionStoreFile

File storage backend for session data

  • nixos-unstable -

pkgs.perlPackages.CatalystPluginSessionStateCookie

Maintain session IDs using cookies

  • nixos-unstable -

pkgs.perl538Packages.CatalystPluginSessionStoreFile

File storage backend for session data

  • nixos-unstable -

pkgs.perl540Packages.CatalystPluginSessionStoreFile

File storage backend for session data

  • nixos-unstable -

pkgs.perlPackages.CatalystPluginSessionDynamicExpiry

Per-session custom expiry times

  • nixos-unstable -

pkgs.perlPackages.CatalystPluginSessionStoreFastMmap

FastMmap session storage backend

  • nixos-unstable -

pkgs.perl538Packages.CatalystPluginSessionStateCookie

Maintain session IDs using cookies

  • nixos-unstable -

pkgs.perl540Packages.CatalystPluginSessionStateCookie

Maintain session IDs using cookies

  • nixos-unstable -

pkgs.perl538Packages.CatalystPluginSessionDynamicExpiry

Per-session custom expiry times

  • nixos-unstable -

pkgs.perl538Packages.CatalystPluginSessionStoreFastMmap

FastMmap session storage backend

  • nixos-unstable -

pkgs.perl540Packages.CatalystPluginSessionDynamicExpiry

Per-session custom expiry times

  • nixos-unstable -

pkgs.perl540Packages.CatalystPluginSessionStoreFastMmap

FastMmap session storage backend

  • nixos-unstable -
CVE-2025-40918
created 4 months ago
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.

Affected products

Authen-SASL
  • =<2.1800

Matching in nixpkgs

pkgs.perlPackages.AuthenSASL

SASL Authentication framework

  • nixos-unstable -

pkgs.perl538Packages.AuthenSASL

SASL Authentication framework

  • nixos-unstable -

pkgs.perl540Packages.AuthenSASL

SASL Authentication framework

  • nixos-unstable -

pkgs.perlPackages.AuthenSASLSASLprep

Stringprep Profile for User Names and Passwords (RFC 4013)

  • nixos-unstable -

pkgs.perl538Packages.AuthenSASLSASLprep

Stringprep Profile for User Names and Passwords (RFC 4013)

  • nixos-unstable -

pkgs.perl540Packages.AuthenSASLSASLprep

Stringprep Profile for User Names and Passwords (RFC 4013)

  • nixos-unstable -

Package maintainers: 1

CVE-2025-52803
created 4 months ago
WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3.

Affected products

sala
  • =<1.1.3

Matching in nixpkgs

pkgs.python312Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

  • nixos-unstable -

pkgs.python313Packages.datasalad

Pure-Python library with a collection of utilities for working with Git and git-annex

  • nixos-unstable -

pkgs.python312Packages.schema-salad

Semantic Annotations for Linked Avro Data

pkgs.python313Packages.schema-salad

Semantic Annotations for Linked Avro Data

Package maintainers: 2

CVE-2025-40923
created 4 months ago
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Affected products

Plack-Middleware-Session
  • <0.35

Matching in nixpkgs

pkgs.perlPackages.PlackMiddlewareSession

Middleware for session management

  • nixos-unstable -

pkgs.perl538Packages.PlackMiddlewareSession

Middleware for session management

  • nixos-unstable -

pkgs.perl540Packages.PlackMiddlewareSession

Middleware for session management

  • nixos-unstable -
CVE-2025-7519
created 4 months ago
Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

Affected products

rhcos
polkit
  • =<126

Matching in nixpkgs

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

  • nixos-unstable -

pkgs.cmd-polkit

Easily create polkit authentication agents by using commands

  • nixos-unstable -

pkgs.polkit_gnome

Dbus session bus service that is used to bring up authentication dialogs

  • nixos-unstable -

pkgs.hyprpolkitagent

Polkit authentication agent written in QT/QML

  • nixos-unstable -

pkgs.mate.mate-polkit

Integrates polkit authentication for MATE desktop

  • nixos-unstable -

pkgs.pcscliteWithPolkit

Middleware to access a smart card using SCard API (PC/SC)

  • nixos-unstable -

pkgs.libsForQt5.polkit-qt

Qt wrapper around PolKit

pkgs.kdePackages.polkit-qt-1

Qt wrapper around Polkit-1 client libraries

pkgs.plasma5Packages.polkit-qt

Qt wrapper around PolKit

pkgs.lomiri.lomiri-polkit-agent

Policy kit agent for the Lomiri desktop

  • nixos-unstable -

pkgs.kdePackages.polkit-kde-agent-1

Daemon providing a Polkit authentication UI for Plasma

pkgs.pantheon.pantheon-agent-polkit

Polkit Agent for the Pantheon Desktop

  • nixos-unstable -
CVE-2025-6491
created 4 months ago
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.

Affected products

soap
  • <8.2.29
  • <8.4.10
  • <8.3.23
  • <8.1.33

Matching in nixpkgs

pkgs.gsoap

C/C++ toolkit for SOAP web services and XML-based applications

pkgs.soapui

Most Advanced REST & SOAP Testing Tool in the World

  • nixos-unstable -

pkgs.liquidsoap

Swiss-army knife for multimedia streaming

  • nixos-unstable -

pkgs.soapyaudio

SoapySDR plugin for amateur radio and audio devices

  • nixos-unstable -

pkgs.soapyairspy

SoapySDR plugin for Airspy devices

  • nixos-unstable -

pkgs.soapyhackrf

SoapySDR plugin for HackRF devices

  • nixos-unstable -

pkgs.soapyrtlsdr

SoapySDR plugin for RTL-SDR devices

  • nixos-unstable -

pkgs.soapybladerf

SoapySDR plugin for BladeRF devices

  • nixos-unstable -

pkgs.soapysdrplay

Soapy SDR module for SDRplay

pkgs.soapyplutosdr

SoapySDR plugin for Pluto SDR devices

  • nixos-unstable -

pkgs.libsForQt5.kdsoap

Qt-based client-side and server-side SOAP component

  • nixos-unstable -

pkgs.kdePackages.kdsoap

Qt-based client-side and server-side SOAP component

  • nixos-unstable -

pkgs.qt6Packages.kdsoap

Qt-based client-side and server-side SOAP component

  • nixos-unstable -

pkgs.php81Extensions.soap

PHP upstream extension: soap

  • nixos-unstable -

pkgs.php82Extensions.soap

PHP upstream extension: soap

  • nixos-unstable -

pkgs.php83Extensions.soap

PHP upstream extension: soap

  • nixos-unstable -

pkgs.php84Extensions.soap

PHP upstream extension: soap

  • nixos-unstable -

pkgs.plasma5Packages.kdsoap

Qt-based client-side and server-side SOAP component

  • nixos-unstable -

pkgs.python312Packages.pysimplesoap

Python simple and lightweight SOAP Library

  • nixos-unstable -

pkgs.python313Packages.pysimplesoap

Python simple and lightweight SOAP Library

  • nixos-unstable -

pkgs.kdePackages.kdsoap-ws-discovery-client

Library for finding WS-Discovery devices in the network using Qt5 and KDSoap.

  • nixos-unstable -

pkgs.python312Packages.soapysdr-with-plugins

Vendor and platform neutral SDR support library

pkgs.python313Packages.soapysdr-with-plugins

Vendor and platform neutral SDR support library

pkgs.vimPlugins.nvim-treesitter-parsers.liquidsoap

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.SoapySDR

Test whether soapysdr-0.8.1-unstable-2025-03-30-03 exposes pkg-config modules SoapySDR

  • nixos-unstable -
    • nixpkgs-unstable
CVE-2025-7425
created 4 months ago
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Affected products

rhcos
  • *
libxml2
  • <2.15.2
  • *
libxslt
rhosdt/jaeger-agent-rhel8
  • *
rhosdt/jaeger-query-rhel8
  • *
rhosdt/jaeger-ingester-rhel8
  • *
rhosdt/jaeger-rhel8-operator
  • *
rhosdt/jaeger-collector-rhel8
  • *
rhosdt/jaeger-operator-bundle
  • *
rhosdt/jaeger-all-in-one-rhel8
  • *
rhosdt/jaeger-es-rollover-rhel8
  • *
discovery/discovery-server-rhel9
  • *
rhosdt/jaeger-es-index-cleaner-rhel8
  • *
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-query-rhel8
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
compliance/openshift-compliance-openscap-rhel8
  • *
compliance/openshift-compliance-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-operator-bundle
  • *
compliance/openshift-compliance-must-gather-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
  • *
compliance/openshift-file-integrity-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

  • nixos-unstable -

pkgs.python312Packages.libxslt

C library and tools to do XSL transformations

  • nixos-unstable -

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations

  • nixos-unstable -

Package maintainers: 1