Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-10230 10.0 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 6 days ago Samba: command injection in wins server hook script A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. rhcos samba <4.23.2 <4.21.5 <4.21.9 samba4 pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable ??? nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.sambamba SAM/BAM processing tool nixos-25.05 1.0.1 nixpkgs-25.05-darwin 1.0.1 nixos-25.05-small 1.0.1 nixos-unstable 1.0.1 nixos-unstable-small 1.0.1 nixpkgs-unstable 1.0.1 pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 Package maintainers: 2 @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @jbedo Justin Bedő <cu@cua0.org> CVE-2025-11060 5.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 6 days ago Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records. surrealdb <2.1.9 <3.3.0-alpha.7 <2.2.8 <2.3.8 openshift-service-mesh/istio-cni-rhel9 openshift-service-mesh/istio-pilot-rhel9 openshift-service-mesh/istio-proxyv2-rhel9 openshift-service-mesh/istio-rhel9-operator openshift-service-mesh/istio-must-gather-rhel9 openshift-service-mesh/istio-sail-operator-bundle openshift-service-mesh-tech-preview/istio-ztunnel-rhel9 openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9 pkgs.surrealdb Scalable, distributed, collaborative, document-graph database, for the realtime web nixos-25.05 2.3.2 nixpkgs-25.05-darwin 2.3.2 nixos-25.05-small 2.3.2 nixos-unstable 2.3.8 nixos-unstable-small 2.3.8 nixpkgs-unstable 2.3.8 pkgs.surrealdb-migrations Awesome SurrealDB migration tool, with a user-friendly CLI and a versatile Rust library that enables seamless integration into any project nixos-25.05 2.2.2 nixpkgs-25.05-darwin 2.2.2 nixos-25.05-small 2.2.2 nixos-unstable 2.3.0 nixos-unstable-small 2.3.0 nixpkgs-unstable 2.3.0 Package maintainers: 3 @sikmir Nikolay Korotkiy <sikmir@disroot.org> @happysalada Raphael Megzari <raphael@megzari.com> @siriobalmelli Sirio Balmelli <sirio@b-ad.ch> CVE-2023-43786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 2 weeks, 6 days ago Libx11: stack exhaustion from infinite recursion in putsubimage() A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. libX11 * libXpm <3.5.17 pkgs.xorg.libX11 nixos-25.05 1.8.12 nixpkgs-25.05-darwin 1.8.12 nixos-25.05-small 1.8.12 pkgs.xorg.libXpm nixos-25.05 3.5.17 nixpkgs-25.05-darwin 3.5.17 nixos-25.05-small 3.5.17 pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11 pkgs.tests.pkg-config.defaultPkgConfigPackages.xpm Test whether libXpm-3.5.17 exposes pkg-config modules xpm nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small CVE-2023-43785 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 6 days ago Libx11: out-of-bounds memory access in _xkbreadkeysyms() A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. libX11 <1.8.7 * pkgs.xorg.libX11 nixos-25.05 1.8.12 nixpkgs-25.05-darwin 1.8.12 nixos-25.05-small 1.8.12 pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11 CVE-2023-43787 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 6 days ago Libx11: integer overflow in xcreateimage() leading to a heap overflow A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. libX11 <1.8.7 * pkgs.xorg.libX11 nixos-25.05 1.8.12 nixpkgs-25.05-darwin 1.8.12 nixos-25.05-small 1.8.12 pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11 CVE-2025-62229 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 6 days ago Xorg: xmayland: use-after-free in xpresentnotify structure creation A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0 CVE-2025-62230 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): HIGH created 2 weeks, 6 days ago Xorg: xwayland: use-after-free in xkb client resource removal A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0 CVE-2025-62402 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 2 weeks, 6 days ago Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. apache-airflow <3.1.1 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co> CVE-2025-62231 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): HIGH created 2 weeks, 6 days ago Xorg: xmayland: value overflow in xkbsetcompatmap() A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0 CVE-2025-54941 4.6 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 2 weeks, 6 days ago Apache Airflow: Command injection in "example_dag_decorator" An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly. apache-airflow << 3.0.5 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co>
CVE-2025-10230 10.0 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 6 days ago Samba: command injection in wins server hook script A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. rhcos samba <4.23.2 <4.21.5 <4.21.9 samba4 pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable ??? nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.sambamba SAM/BAM processing tool nixos-25.05 1.0.1 nixpkgs-25.05-darwin 1.0.1 nixos-25.05-small 1.0.1 nixos-unstable 1.0.1 nixos-unstable-small 1.0.1 nixpkgs-unstable 1.0.1 pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3 Package maintainers: 2 @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @jbedo Justin Bedő <cu@cua0.org>
pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable ??? nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
pkgs.sambamba SAM/BAM processing tool nixos-25.05 1.0.1 nixpkgs-25.05-darwin 1.0.1 nixos-25.05-small 1.0.1 nixos-unstable 1.0.1 nixos-unstable-small 1.0.1 nixpkgs-unstable 1.0.1
pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-25.05 4.20.8 nixpkgs-25.05-darwin 4.20.8 nixos-25.05-small 4.20.8 nixos-unstable 4.22.3 nixos-unstable-small 4.22.3 nixpkgs-unstable 4.22.3
CVE-2025-11060 5.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 6 days ago Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records. surrealdb <2.1.9 <3.3.0-alpha.7 <2.2.8 <2.3.8 openshift-service-mesh/istio-cni-rhel9 openshift-service-mesh/istio-pilot-rhel9 openshift-service-mesh/istio-proxyv2-rhel9 openshift-service-mesh/istio-rhel9-operator openshift-service-mesh/istio-must-gather-rhel9 openshift-service-mesh/istio-sail-operator-bundle openshift-service-mesh-tech-preview/istio-ztunnel-rhel9 openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9 pkgs.surrealdb Scalable, distributed, collaborative, document-graph database, for the realtime web nixos-25.05 2.3.2 nixpkgs-25.05-darwin 2.3.2 nixos-25.05-small 2.3.2 nixos-unstable 2.3.8 nixos-unstable-small 2.3.8 nixpkgs-unstable 2.3.8 pkgs.surrealdb-migrations Awesome SurrealDB migration tool, with a user-friendly CLI and a versatile Rust library that enables seamless integration into any project nixos-25.05 2.2.2 nixpkgs-25.05-darwin 2.2.2 nixos-25.05-small 2.2.2 nixos-unstable 2.3.0 nixos-unstable-small 2.3.0 nixpkgs-unstable 2.3.0 Package maintainers: 3 @sikmir Nikolay Korotkiy <sikmir@disroot.org> @happysalada Raphael Megzari <raphael@megzari.com> @siriobalmelli Sirio Balmelli <sirio@b-ad.ch>
pkgs.surrealdb Scalable, distributed, collaborative, document-graph database, for the realtime web nixos-25.05 2.3.2 nixpkgs-25.05-darwin 2.3.2 nixos-25.05-small 2.3.2 nixos-unstable 2.3.8 nixos-unstable-small 2.3.8 nixpkgs-unstable 2.3.8
pkgs.surrealdb-migrations Awesome SurrealDB migration tool, with a user-friendly CLI and a versatile Rust library that enables seamless integration into any project nixos-25.05 2.2.2 nixpkgs-25.05-darwin 2.2.2 nixos-25.05-small 2.2.2 nixos-unstable 2.3.0 nixos-unstable-small 2.3.0 nixpkgs-unstable 2.3.0
CVE-2023-43786 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 2 weeks, 6 days ago Libx11: stack exhaustion from infinite recursion in putsubimage() A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. libX11 * libXpm <3.5.17 pkgs.xorg.libX11 nixos-25.05 1.8.12 nixpkgs-25.05-darwin 1.8.12 nixos-25.05-small 1.8.12 pkgs.xorg.libXpm nixos-25.05 3.5.17 nixpkgs-25.05-darwin 3.5.17 nixos-25.05-small 3.5.17 pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11 pkgs.tests.pkg-config.defaultPkgConfigPackages.xpm Test whether libXpm-3.5.17 exposes pkg-config modules xpm nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small
pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11
pkgs.tests.pkg-config.defaultPkgConfigPackages.xpm Test whether libXpm-3.5.17 exposes pkg-config modules xpm nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small
CVE-2023-43785 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 6 days ago Libx11: out-of-bounds memory access in _xkbreadkeysyms() A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. libX11 <1.8.7 * pkgs.xorg.libX11 nixos-25.05 1.8.12 nixpkgs-25.05-darwin 1.8.12 nixos-25.05-small 1.8.12 pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11
pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11
CVE-2023-43787 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 6 days ago Libx11: integer overflow in xcreateimage() leading to a heap overflow A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. libX11 <1.8.7 * pkgs.xorg.libX11 nixos-25.05 1.8.12 nixpkgs-25.05-darwin 1.8.12 nixos-25.05-small 1.8.12 pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11
pkgs.tests.pkg-config.defaultPkgConfigPackages.x11 Test whether libX11-1.8.12 exposes pkg-config modules x11 nixos-25.05 libX11 nixpkgs-25.05-darwin libX11 nixos-25.05-small libX11
CVE-2025-62229 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 6 days ago Xorg: xmayland: use-after-free in xpresentnotify structure creation A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
CVE-2025-62230 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): HIGH created 2 weeks, 6 days ago Xorg: xwayland: use-after-free in xkb client resource removal A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
CVE-2025-62402 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 2 weeks, 6 days ago Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. apache-airflow <3.1.1 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co>
pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3
CVE-2025-62231 7.3 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): LOW Availability impact (A): HIGH created 2 weeks, 6 days ago Xorg: xmayland: value overflow in xkbsetcompatmap() A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-25.05 1.14.0 nixpkgs-25.05-darwin 1.14.0 nixos-25.05-small 1.14.0 nixos-unstable 1.15.0 nixos-unstable-small 1.15.0 nixpkgs-unstable 1.15.0
CVE-2025-54941 4.6 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 2 weeks, 6 days ago Apache Airflow: Command injection in "example_dag_decorator" An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly. apache-airflow << 3.0.5 pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3 Package maintainers: 3 @bhipple Benjamin Hipple <bhipple@protonmail.com> @gbpdt Graham Bennett <nix@pdtpartners.com> @ingenieroariel Ariel Nunez <ariel@nunez.co>
pkgs.apache-airflow Programmatically author, schedule and monitor data pipelines nixos-25.05 2.7.3 nixpkgs-25.05-darwin 2.7.3 nixos-25.05-small 2.7.3 nixos-unstable 2.7.3 nixos-unstable-small 2.7.3 nixpkgs-unstable 2.7.3