Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-3910 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 4 weeks, 2 days ago Org.keycloak.authentication: two factor authentication bypass A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. keycloak <26.1.* <25.* <26.2.2 <26.0.11 rhbk/keycloak-rhel9 * keycloak-rhel9-container * org.keycloak.authentication rhbk/keycloak-rhel9-operator * rhbk/keycloak-operator-bundle * keycloak-rhel9-operator-container * keycloak-rhel9-operator-bundle-container * pkgs.keycloak Identity and access management for modern applications and services nixos-25.05 26.1.4 nixpkgs-25.05-darwin 26.1.4 nixos-25.05-small 26.2.5 nixos-unstable 26.0.6 nixos-unstable-small 26.1.4 nixpkgs-unstable 26.1.4 pkgs.terraform-providers.keycloak nixos-25.05 5.2.0 nixpkgs-25.05-darwin 5.2.0 nixos-25.05-small 5.2.0 nixos-unstable 5.2.0 nixos-unstable-small 5.2.0 nixpkgs-unstable 4.4.0 pkgs.python311Packages.python-keycloak Provides access to the Keycloak API nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python312Packages.python-keycloak Provides access to the Keycloak API nixos-25.05 4.0.0 nixpkgs-25.05-darwin 4.0.0 nixos-25.05-small 4.0.0 nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python313Packages.python-keycloak Provides access to the Keycloak API nixos-25.05 4.0.0 nixpkgs-25.05-darwin 4.0.0 nixos-25.05-small 4.0.0 nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python312Packages.python-keycloak.x86_64-linux Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.aarch64-linux Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.x86_64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.aarch64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0 Package maintainers: 3 @talyz Kim Lindberger <kim.lindberger@gmail.com> @NickCao Nick Cao <nickcao@nichi.co> @ngerstle Nicholas Gerstle <ngerstle@gmail.com> CVE-2023-5871 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 4 weeks, 2 days ago Libnbd: malicious nbd server may crash libnbd A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. libnbd * virt:rhel/libnbd pkgs.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.22.1 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.20.2 pkgs.libnbd.x86_64-linux Network Block Device client library in userspace nixos-unstable ??? nixos-unstable-small 1.20.2 pkgs.libnbd.aarch64-linux Network Block Device client library in userspace nixos-unstable ??? nixos-unstable-small 1.20.2 pkgs.python311Packages.libnbd Network Block Device client library in userspace nixos-unstable 1.20.2 nixos-unstable-small 1.20.2 nixpkgs-unstable 1.20.2 pkgs.python312Packages.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.20.2 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.22.1 pkgs.python313Packages.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.22.1 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.22.1 pkgs.python312Packages.libnbd.x86_64-linux Network Block Device client library in userspace nixos-unstable 1.20.2 pkgs.python312Packages.libnbd.aarch64-linux Network Block Device client library in userspace nixos-unstable 1.20.2 Package maintainers: 1 @akshatagarwl Akshat Agarwal <humancalico@disroot.org> CVE-2025-8197 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month ago Libsoup: global-buffer-overflow A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access. libsoup libsoup3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-25.05 3.6.5 nixpkgs-25.05-darwin 3.6.5 nixos-25.05-small 3.6.5 nixos-unstable 3.6.0 nixos-unstable-small 3.6.5 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-25.05 2.74.3 nixpkgs-25.05-darwin 2.74.3 nixos-25.05-small 2.74.3 nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small nixos-unstable ??? nixos-unstable-small 2.4 nixpkgs-unstable Package maintainers: 6 @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> CVE-2025-8114 4.7 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month ago : null pointer dereference in libssh kex session id calculation A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. rhcos libssh libssh2 pkgs.libssh SSH client library nixos-25.05 0.11.1 nixpkgs-25.05-darwin 0.11.1 nixos-25.05-small 0.11.1 nixos-unstable 0.11.1 nixos-unstable-small 0.11.1 nixpkgs-unstable 0.11.1 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-25.05 1.11.1 nixpkgs-25.05-darwin 1.11.1 nixos-25.05-small 1.11.1 nixos-unstable 1.11.1 nixos-unstable-small 1.11.1 nixpkgs-unstable 1.11.1 pkgs.libssh.x86_64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.aarch64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.x86_64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.x86_64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh.aarch64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.aarch64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh2.x86_64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-25.05 0.1.0.0 nixpkgs-25.05-darwin 0.1.0.0 nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0 pkgs.libssh2.aarch64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh2 FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable 0.2.0.9 nixos-unstable-small 0.2.0.9 nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 pkgs.python311Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.haskellPackages.libssh.x86_64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.aarch64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.x86_64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.x86_64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh.aarch64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.aarch64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.x86_64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.aarch64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit.x86_64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.x86_64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-25.05 libssh2 nixpkgs-25.05-darwin libssh2 nixos-25.05-small libssh2 nixos-unstable libssh2 nixos-unstable-small libssh2 nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> CVE-2025-4878 3.6 LOW CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month ago Libssh: use of uninitialized variable in privatekey_from_file() A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. rhcos libssh <0.11.2 libssh2 pkgs.libssh SSH client library nixos-25.05 0.11.1 nixpkgs-25.05-darwin 0.11.1 nixos-25.05-small 0.11.1 nixos-unstable 0.11.1 nixos-unstable-small 0.11.1 nixpkgs-unstable 0.11.1 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-25.05 1.11.1 nixpkgs-25.05-darwin 1.11.1 nixos-25.05-small 1.11.1 nixos-unstable 1.11.1 nixos-unstable-small 1.11.1 nixpkgs-unstable 1.11.1 pkgs.libssh.x86_64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.aarch64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.x86_64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.x86_64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh.aarch64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.aarch64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh2.x86_64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-25.05 0.1.0.0 nixpkgs-25.05-darwin 0.1.0.0 nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0 pkgs.libssh2.aarch64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh2 FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable 0.2.0.9 nixos-unstable-small 0.2.0.9 nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 pkgs.python311Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.haskellPackages.libssh.x86_64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.aarch64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.x86_64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.x86_64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh.aarch64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.aarch64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.x86_64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.aarch64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit.x86_64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.x86_64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-25.05 libssh2 nixpkgs-25.05-darwin libssh2 nixos-25.05-small libssh2 nixos-unstable libssh2 nixos-unstable-small libssh2 nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> CVE-2025-7783 created 1 month, 1 week ago Usage of unsafe random function in form-data for choosing boundary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. form-data ==< 2.5.4 ==4.0.0 - 4.0.3 ==3.0.0 - 3.0.3 pkgs.python311Packages.streaming-form-data Streaming parser for multipart/form-data nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0 pkgs.python312Packages.streaming-form-data Streaming parser for multipart/form-data nixos-25.05 1.13.0 nixpkgs-25.05-darwin 1.13.0 nixos-25.05-small 1.13.0 nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0 pkgs.python313Packages.streaming-form-data Streaming parser for multipart/form-data nixos-25.05 1.13.0 nixpkgs-25.05-darwin 1.13.0 nixos-25.05-small 1.13.0 nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0 pkgs.chickenPackages_5.chickenEggs.multipart-form-data Reads & decodes HTTP multipart/form-data requests. nixos-25.05 0.2 nixpkgs-25.05-darwin 0.2 nixos-25.05-small 0.2 nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2 pkgs.python312Packages.streaming-form-data.x86_64-linux Streaming parser for multipart/form-data nixos-unstable 1.13.0 pkgs.python312Packages.streaming-form-data.aarch64-linux Streaming parser for multipart/form-data nixos-unstable 1.13.0 pkgs.python312Packages.streaming-form-data.x86_64-darwin Streaming parser for multipart/form-data nixos-unstable 1.13.0 pkgs.python312Packages.streaming-form-data.aarch64-darwin Streaming parser for multipart/form-data nixos-unstable 1.13.0 Package maintainers: 1 @zhaofengli Zhaofeng Li <hello@zhaofeng.li> CVE-2025-52803 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 1 month, 1 week ago WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. sala =<1.1.3 pkgs.python311Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.python312Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-25.05 0.4.0 nixpkgs-25.05-darwin 0.4.0 nixos-25.05-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.python313Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-25.05 0.4.0 nixpkgs-25.05-darwin 0.4.0 nixos-25.05-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.python311Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 nixos-unstable-small 8.7.20241021092521 nixpkgs-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-25.05 8.8.20250205075315 nixpkgs-25.05-darwin 8.8.20250205075315 nixos-25.05-small 8.8.20250205075315 nixos-unstable 8.8.20250205075315 nixos-unstable-small 8.7.20241021092521 nixpkgs-unstable 8.8.20250205075315 pkgs.python313Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-25.05 8.8.20250205075315 nixpkgs-25.05-darwin 8.8.20250205075315 nixos-25.05-small 8.8.20250205075315 nixos-unstable 8.8.20250205075315 nixos-unstable-small 8.8.20250205075315 nixpkgs-unstable 8.8.20250205075315 pkgs.python312Packages.schema-salad.x86_64-linux Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad.aarch64-linux Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad.x86_64-darwin Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad.aarch64-darwin Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 Package maintainers: 2 @gador Florian Brandes <florian.brandes@posteo.de> @veprbl Dmitry Kalinkin <veprbl@gmail.com> CVE-2025-40923 7.3 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 1 month, 1 week ago Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems. Plack-Middleware-Session <0.35 pkgs.perl538Packages.PlackMiddlewareSession Middleware for session management nixos-25.05 0.33 nixpkgs-25.05-darwin 0.33 nixos-25.05-small 0.33 nixos-unstable 0.33 nixos-unstable-small 0.33 nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession Middleware for session management nixos-25.05 0.33 nixpkgs-25.05-darwin 0.33 nixos-25.05-small 0.33 nixos-unstable 0.33 nixos-unstable-small 0.33 nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.x86_64-linux Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.aarch64-linux Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.x86_64-darwin Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.aarch64-darwin Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33 CVE-2025-40918 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month, 1 week ago Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy. Authen-SASL =<2.1800 pkgs.perl538Packages.AuthenSASL SASL Authentication framework nixos-25.05 2.1700 nixpkgs-25.05-darwin 2.1700 nixos-25.05-small 2.1700 nixos-unstable 2.1700 nixos-unstable-small 2.1700 nixpkgs-unstable 2.1700 pkgs.perl540Packages.AuthenSASL SASL Authentication framework nixos-25.05 2.1700 nixpkgs-25.05-darwin 2.1700 nixos-25.05-small 2.1700 nixos-unstable 2.1700 nixos-unstable-small 2.1700 nixpkgs-unstable 2.1700 pkgs.perl538Packages.AuthenSASLSASLprep Stringprep Profile for User Names and Passwords (RFC 4013) nixos-25.05 1.100 nixpkgs-25.05-darwin 1.100 nixos-25.05-small 1.100 nixos-unstable 1.100 nixos-unstable-small 1.100 nixpkgs-unstable 1.100 pkgs.perl540Packages.AuthenSASLSASLprep Stringprep Profile for User Names and Passwords (RFC 4013) nixos-25.05 1.100 nixpkgs-25.05-darwin 1.100 nixos-25.05-small 1.100 nixos-unstable 1.100 nixos-unstable-small 1.100 nixpkgs-unstable 1.100 Package maintainers: 1 @stigtsp Stig Palmquist <stig@stig.io> CVE-2025-7424 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 2 weeks ago Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. rhcos libxslt pkgs.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.43 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43 pkgs.libxslt.x86_64-linux C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.libxslt.aarch64-linux C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.libxslt.x86_64-darwin C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.libxslt.aarch64-darwin C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.python311Packages.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.42 nixos-unstable-small 1.1.42 nixpkgs-unstable 1.1.42 pkgs.python312Packages.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.42 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43 pkgs.python313Packages.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.43 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43 pkgs.python312Packages.libxslt.x86_64-linux C library and tools to do XSL transformations nixos-unstable 1.1.42 pkgs.python312Packages.libxslt.aarch64-linux C library and tools to do XSL transformations nixos-unstable 1.1.42 pkgs.python312Packages.libxslt.x86_64-darwin C library and tools to do XSL transformations nixos-unstable 1.1.42 pkgs.python312Packages.libxslt.aarch64-darwin C library and tools to do XSL transformations nixos-unstable 1.1.42 Package maintainers: 1 @jtojnar Jan Tojnar <jtojnar@gmail.com>
CVE-2025-3910 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 4 weeks, 2 days ago Org.keycloak.authentication: two factor authentication bypass A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. keycloak <26.1.* <25.* <26.2.2 <26.0.11 rhbk/keycloak-rhel9 * keycloak-rhel9-container * org.keycloak.authentication rhbk/keycloak-rhel9-operator * rhbk/keycloak-operator-bundle * keycloak-rhel9-operator-container * keycloak-rhel9-operator-bundle-container * pkgs.keycloak Identity and access management for modern applications and services nixos-25.05 26.1.4 nixpkgs-25.05-darwin 26.1.4 nixos-25.05-small 26.2.5 nixos-unstable 26.0.6 nixos-unstable-small 26.1.4 nixpkgs-unstable 26.1.4 pkgs.terraform-providers.keycloak nixos-25.05 5.2.0 nixpkgs-25.05-darwin 5.2.0 nixos-25.05-small 5.2.0 nixos-unstable 5.2.0 nixos-unstable-small 5.2.0 nixpkgs-unstable 4.4.0 pkgs.python311Packages.python-keycloak Provides access to the Keycloak API nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python312Packages.python-keycloak Provides access to the Keycloak API nixos-25.05 4.0.0 nixpkgs-25.05-darwin 4.0.0 nixos-25.05-small 4.0.0 nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python313Packages.python-keycloak Provides access to the Keycloak API nixos-25.05 4.0.0 nixpkgs-25.05-darwin 4.0.0 nixos-25.05-small 4.0.0 nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0 pkgs.python312Packages.python-keycloak.x86_64-linux Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.aarch64-linux Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.x86_64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0 pkgs.python312Packages.python-keycloak.aarch64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0 Package maintainers: 3 @talyz Kim Lindberger <kim.lindberger@gmail.com> @NickCao Nick Cao <nickcao@nichi.co> @ngerstle Nicholas Gerstle <ngerstle@gmail.com>
pkgs.keycloak Identity and access management for modern applications and services nixos-25.05 26.1.4 nixpkgs-25.05-darwin 26.1.4 nixos-25.05-small 26.2.5 nixos-unstable 26.0.6 nixos-unstable-small 26.1.4 nixpkgs-unstable 26.1.4
pkgs.terraform-providers.keycloak nixos-25.05 5.2.0 nixpkgs-25.05-darwin 5.2.0 nixos-25.05-small 5.2.0 nixos-unstable 5.2.0 nixos-unstable-small 5.2.0 nixpkgs-unstable 4.4.0
pkgs.python311Packages.python-keycloak Provides access to the Keycloak API nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0
pkgs.python312Packages.python-keycloak Provides access to the Keycloak API nixos-25.05 4.0.0 nixpkgs-25.05-darwin 4.0.0 nixos-25.05-small 4.0.0 nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0
pkgs.python313Packages.python-keycloak Provides access to the Keycloak API nixos-25.05 4.0.0 nixpkgs-25.05-darwin 4.0.0 nixos-25.05-small 4.0.0 nixos-unstable 4.0.0 nixos-unstable-small 4.0.0 nixpkgs-unstable 4.0.0
pkgs.python312Packages.python-keycloak.x86_64-linux Provides access to the Keycloak API nixos-unstable 4.0.0
pkgs.python312Packages.python-keycloak.aarch64-linux Provides access to the Keycloak API nixos-unstable 4.0.0
pkgs.python312Packages.python-keycloak.x86_64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0
pkgs.python312Packages.python-keycloak.aarch64-darwin Provides access to the Keycloak API nixos-unstable 4.0.0
CVE-2023-5871 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 4 weeks, 2 days ago Libnbd: malicious nbd server may crash libnbd A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. libnbd * virt:rhel/libnbd pkgs.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.22.1 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.20.2 pkgs.libnbd.x86_64-linux Network Block Device client library in userspace nixos-unstable ??? nixos-unstable-small 1.20.2 pkgs.libnbd.aarch64-linux Network Block Device client library in userspace nixos-unstable ??? nixos-unstable-small 1.20.2 pkgs.python311Packages.libnbd Network Block Device client library in userspace nixos-unstable 1.20.2 nixos-unstable-small 1.20.2 nixpkgs-unstable 1.20.2 pkgs.python312Packages.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.20.2 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.22.1 pkgs.python313Packages.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.22.1 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.22.1 pkgs.python312Packages.libnbd.x86_64-linux Network Block Device client library in userspace nixos-unstable 1.20.2 pkgs.python312Packages.libnbd.aarch64-linux Network Block Device client library in userspace nixos-unstable 1.20.2 Package maintainers: 1 @akshatagarwl Akshat Agarwal <humancalico@disroot.org>
pkgs.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.22.1 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.20.2
pkgs.libnbd.x86_64-linux Network Block Device client library in userspace nixos-unstable ??? nixos-unstable-small 1.20.2
pkgs.libnbd.aarch64-linux Network Block Device client library in userspace nixos-unstable ??? nixos-unstable-small 1.20.2
pkgs.python311Packages.libnbd Network Block Device client library in userspace nixos-unstable 1.20.2 nixos-unstable-small 1.20.2 nixpkgs-unstable 1.20.2
pkgs.python312Packages.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.20.2 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.22.1
pkgs.python313Packages.libnbd Network Block Device client library in userspace nixos-25.05 1.22.1 nixpkgs-25.05-darwin 1.22.1 nixos-25.05-small 1.22.1 nixos-unstable 1.22.1 nixos-unstable-small 1.22.1 nixpkgs-unstable 1.22.1
pkgs.python312Packages.libnbd.x86_64-linux Network Block Device client library in userspace nixos-unstable 1.20.2
pkgs.python312Packages.libnbd.aarch64-linux Network Block Device client library in userspace nixos-unstable 1.20.2
CVE-2025-8197 5.5 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month ago Libsoup: global-buffer-overflow A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access. libsoup libsoup3 pkgs.libsoup_3 HTTP client/server library for GNOME nixos-25.05 3.6.5 nixpkgs-25.05-darwin 3.6.5 nixos-25.05-small 3.6.5 nixos-unstable 3.6.0 nixos-unstable-small 3.6.5 nixpkgs-unstable 3.6.0 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-25.05 2.74.3 nixpkgs-25.05-darwin 2.74.3 nixos-25.05-small 2.74.3 nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3 pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0 pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small nixos-unstable ??? nixos-unstable-small 2.4 nixpkgs-unstable Package maintainers: 6 @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com>
pkgs.libsoup_3 HTTP client/server library for GNOME nixos-25.05 3.6.5 nixpkgs-25.05-darwin 3.6.5 nixos-25.05-small 3.6.5 nixos-unstable 3.6.0 nixos-unstable-small 3.6.5 nixpkgs-unstable 3.6.0
pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-25.05 2.74.3 nixpkgs-25.05-darwin 2.74.3 nixos-25.05-small 2.74.3 nixos-unstable 2.74.3 nixos-unstable-small 2.74.3 nixpkgs-unstable 2.74.3
pkgs.libsoup_3.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_3.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.x86_64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_3.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 3.6.0
pkgs.libsoup_2_4.aarch64-linux HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.x86_64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.libsoup_2_4.aarch64-darwin HTTP client/server library for GNOME nixos-unstable ??? nixos-unstable-small 2.74.3
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-25.05 ??? nixpkgs-25.05-darwin nixos-25.05-small nixos-unstable ??? nixos-unstable-small 2.4 nixpkgs-unstable
CVE-2025-8114 4.7 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 1 month ago : null pointer dereference in libssh kex session id calculation A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. rhcos libssh libssh2 pkgs.libssh SSH client library nixos-25.05 0.11.1 nixpkgs-25.05-darwin 0.11.1 nixos-25.05-small 0.11.1 nixos-unstable 0.11.1 nixos-unstable-small 0.11.1 nixpkgs-unstable 0.11.1 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-25.05 1.11.1 nixpkgs-25.05-darwin 1.11.1 nixos-25.05-small 1.11.1 nixos-unstable 1.11.1 nixos-unstable-small 1.11.1 nixpkgs-unstable 1.11.1 pkgs.libssh.x86_64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.aarch64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.x86_64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.x86_64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh.aarch64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.aarch64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh2.x86_64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-25.05 0.1.0.0 nixpkgs-25.05-darwin 0.1.0.0 nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0 pkgs.libssh2.aarch64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh2 FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable 0.2.0.9 nixos-unstable-small 0.2.0.9 nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 pkgs.python311Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.haskellPackages.libssh.x86_64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.aarch64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.x86_64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.x86_64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh.aarch64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.aarch64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.x86_64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.aarch64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit.x86_64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.x86_64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-25.05 libssh2 nixpkgs-25.05-darwin libssh2 nixos-25.05-small libssh2 nixos-unstable libssh2 nixos-unstable-small libssh2 nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
pkgs.libssh SSH client library nixos-25.05 0.11.1 nixpkgs-25.05-darwin 0.11.1 nixos-25.05-small 0.11.1 nixos-unstable 0.11.1 nixos-unstable-small 0.11.1 nixpkgs-unstable 0.11.1
pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-25.05 1.11.1 nixpkgs-25.05-darwin 1.11.1 nixos-25.05-small 1.11.1 nixos-unstable 1.11.1 nixos-unstable-small 1.11.1 nixpkgs-unstable 1.11.1
pkgs.libssh2.x86_64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.libssh2.aarch64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.libssh2.x86_64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.haskellPackages.libssh libssh bindings nixos-25.05 0.1.0.0 nixpkgs-25.05-darwin 0.1.0.0 nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0
pkgs.libssh2.aarch64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.haskellPackages.libssh2 FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable 0.2.0.9 nixos-unstable-small 0.2.0.9 nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2-conduit Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1
pkgs.python311Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2
pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2
pkgs.haskellPackages.libssh.aarch64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.libssh.x86_64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.libssh2.x86_64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh.aarch64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.libssh2.aarch64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2.x86_64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2.aarch64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2-conduit.x86_64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.haskellPackages.libssh2-conduit.aarch64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.haskellPackages.libssh2-conduit.x86_64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.haskellPackages.libssh2-conduit.aarch64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-25.05 libssh2 nixpkgs-25.05-darwin libssh2 nixos-25.05-small libssh2 nixos-unstable libssh2 nixos-unstable-small libssh2 nixpkgs-unstable libssh2
CVE-2025-4878 3.6 LOW CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month ago Libssh: use of uninitialized variable in privatekey_from_file() A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. rhcos libssh <0.11.2 libssh2 pkgs.libssh SSH client library nixos-25.05 0.11.1 nixpkgs-25.05-darwin 0.11.1 nixos-25.05-small 0.11.1 nixos-unstable 0.11.1 nixos-unstable-small 0.11.1 nixpkgs-unstable 0.11.1 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-25.05 1.11.1 nixpkgs-25.05-darwin 1.11.1 nixos-25.05-small 1.11.1 nixos-unstable 1.11.1 nixos-unstable-small 1.11.1 nixpkgs-unstable 1.11.1 pkgs.libssh.x86_64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.aarch64-linux SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh.x86_64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.x86_64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh.aarch64-darwin SSH client library nixos-unstable ??? nixos-unstable-small 0.11.1 pkgs.libssh2.aarch64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.libssh2.x86_64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-25.05 0.1.0.0 nixpkgs-25.05-darwin 0.1.0.0 nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0 pkgs.libssh2.aarch64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1 pkgs.haskellPackages.libssh2 FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable 0.2.0.9 nixos-unstable-small 0.2.0.9 nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1 pkgs.python311Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2 pkgs.haskellPackages.libssh.x86_64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.aarch64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh.x86_64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.x86_64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh.aarch64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.haskellPackages.libssh2.aarch64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.x86_64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2.aarch64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9 pkgs.haskellPackages.libssh2-conduit.x86_64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.x86_64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.haskellPackages.libssh2-conduit.aarch64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-25.05 libssh2 nixpkgs-25.05-darwin libssh2 nixos-25.05-small libssh2 nixos-unstable libssh2 nixos-unstable-small libssh2 nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
pkgs.libssh SSH client library nixos-25.05 0.11.1 nixpkgs-25.05-darwin 0.11.1 nixos-25.05-small 0.11.1 nixos-unstable 0.11.1 nixos-unstable-small 0.11.1 nixpkgs-unstable 0.11.1
pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-25.05 1.11.1 nixpkgs-25.05-darwin 1.11.1 nixos-25.05-small 1.11.1 nixos-unstable 1.11.1 nixos-unstable-small 1.11.1 nixpkgs-unstable 1.11.1
pkgs.libssh2.x86_64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.libssh2.aarch64-linux Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.libssh2.x86_64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.haskellPackages.libssh libssh bindings nixos-25.05 0.1.0.0 nixpkgs-25.05-darwin 0.1.0.0 nixos-25.05-small 0.1.0.0 nixos-unstable 0.1.0.0 nixos-unstable-small 0.1.0.0 nixpkgs-unstable 0.1.0.0
pkgs.libssh2.aarch64-darwin Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixos-unstable-small 1.11.1
pkgs.haskellPackages.libssh2 FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable 0.2.0.9 nixos-unstable-small 0.2.0.9 nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2-conduit Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable 0.2.1 nixos-unstable-small 0.2.1 nixpkgs-unstable 0.2.1
pkgs.python311Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2
pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-25.05 1.2.2 nixpkgs-25.05-darwin 1.2.2 nixos-25.05-small 1.2.2 nixos-unstable 1.2.2 nixos-unstable-small 1.2.2 nixpkgs-unstable 1.2.2
pkgs.haskellPackages.libssh.aarch64-linux libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.libssh.x86_64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.libssh2.x86_64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh.aarch64-darwin libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.libssh2.aarch64-linux FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2.x86_64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2.aarch64-darwin FFI bindings to libssh2 SSH2 client library (http://libssh2.org/) nixos-unstable ??? nixpkgs-unstable 0.2.0.9
pkgs.haskellPackages.libssh2-conduit.x86_64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.haskellPackages.libssh2-conduit.aarch64-linux Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.haskellPackages.libssh2-conduit.x86_64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.haskellPackages.libssh2-conduit.aarch64-darwin Conduit wrappers for libssh2 FFI bindings (see libssh2 package) nixos-unstable ??? nixpkgs-unstable 0.2.1
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-25.05 libssh2 nixpkgs-25.05-darwin libssh2 nixos-25.05-small libssh2 nixos-unstable libssh2 nixos-unstable-small libssh2 nixpkgs-unstable libssh2
CVE-2025-7783 created 1 month, 1 week ago Usage of unsafe random function in form-data for choosing boundary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. form-data ==< 2.5.4 ==4.0.0 - 4.0.3 ==3.0.0 - 3.0.3 pkgs.python311Packages.streaming-form-data Streaming parser for multipart/form-data nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0 pkgs.python312Packages.streaming-form-data Streaming parser for multipart/form-data nixos-25.05 1.13.0 nixpkgs-25.05-darwin 1.13.0 nixos-25.05-small 1.13.0 nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0 pkgs.python313Packages.streaming-form-data Streaming parser for multipart/form-data nixos-25.05 1.13.0 nixpkgs-25.05-darwin 1.13.0 nixos-25.05-small 1.13.0 nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0 pkgs.chickenPackages_5.chickenEggs.multipart-form-data Reads & decodes HTTP multipart/form-data requests. nixos-25.05 0.2 nixpkgs-25.05-darwin 0.2 nixos-25.05-small 0.2 nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2 pkgs.python312Packages.streaming-form-data.x86_64-linux Streaming parser for multipart/form-data nixos-unstable 1.13.0 pkgs.python312Packages.streaming-form-data.aarch64-linux Streaming parser for multipart/form-data nixos-unstable 1.13.0 pkgs.python312Packages.streaming-form-data.x86_64-darwin Streaming parser for multipart/form-data nixos-unstable 1.13.0 pkgs.python312Packages.streaming-form-data.aarch64-darwin Streaming parser for multipart/form-data nixos-unstable 1.13.0 Package maintainers: 1 @zhaofengli Zhaofeng Li <hello@zhaofeng.li>
pkgs.python311Packages.streaming-form-data Streaming parser for multipart/form-data nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0
pkgs.python312Packages.streaming-form-data Streaming parser for multipart/form-data nixos-25.05 1.13.0 nixpkgs-25.05-darwin 1.13.0 nixos-25.05-small 1.13.0 nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0
pkgs.python313Packages.streaming-form-data Streaming parser for multipart/form-data nixos-25.05 1.13.0 nixpkgs-25.05-darwin 1.13.0 nixos-25.05-small 1.13.0 nixos-unstable 1.13.0 nixos-unstable-small 1.13.0 nixpkgs-unstable 1.13.0
pkgs.chickenPackages_5.chickenEggs.multipart-form-data Reads & decodes HTTP multipart/form-data requests. nixos-25.05 0.2 nixpkgs-25.05-darwin 0.2 nixos-25.05-small 0.2 nixos-unstable 0.2 nixos-unstable-small 0.2 nixpkgs-unstable 0.2
pkgs.python312Packages.streaming-form-data.x86_64-linux Streaming parser for multipart/form-data nixos-unstable 1.13.0
pkgs.python312Packages.streaming-form-data.aarch64-linux Streaming parser for multipart/form-data nixos-unstable 1.13.0
pkgs.python312Packages.streaming-form-data.x86_64-darwin Streaming parser for multipart/form-data nixos-unstable 1.13.0
pkgs.python312Packages.streaming-form-data.aarch64-darwin Streaming parser for multipart/form-data nixos-unstable 1.13.0
CVE-2025-52803 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 1 month, 1 week ago WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. sala =<1.1.3 pkgs.python311Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.python312Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-25.05 0.4.0 nixpkgs-25.05-darwin 0.4.0 nixos-25.05-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.python313Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-25.05 0.4.0 nixpkgs-25.05-darwin 0.4.0 nixos-25.05-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0 pkgs.python311Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 nixos-unstable-small 8.7.20241021092521 nixpkgs-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-25.05 8.8.20250205075315 nixpkgs-25.05-darwin 8.8.20250205075315 nixos-25.05-small 8.8.20250205075315 nixos-unstable 8.8.20250205075315 nixos-unstable-small 8.7.20241021092521 nixpkgs-unstable 8.8.20250205075315 pkgs.python313Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-25.05 8.8.20250205075315 nixpkgs-25.05-darwin 8.8.20250205075315 nixos-25.05-small 8.8.20250205075315 nixos-unstable 8.8.20250205075315 nixos-unstable-small 8.8.20250205075315 nixpkgs-unstable 8.8.20250205075315 pkgs.python312Packages.schema-salad.x86_64-linux Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad.aarch64-linux Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad.x86_64-darwin Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 pkgs.python312Packages.schema-salad.aarch64-darwin Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 Package maintainers: 2 @gador Florian Brandes <florian.brandes@posteo.de> @veprbl Dmitry Kalinkin <veprbl@gmail.com>
pkgs.python311Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.python312Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-25.05 0.4.0 nixpkgs-25.05-darwin 0.4.0 nixos-25.05-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.python313Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-25.05 0.4.0 nixpkgs-25.05-darwin 0.4.0 nixos-25.05-small 0.4.0 nixos-unstable 0.4.0 nixos-unstable-small 0.4.0 nixpkgs-unstable 0.4.0
pkgs.python311Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521 nixos-unstable-small 8.7.20241021092521 nixpkgs-unstable 8.7.20241021092521
pkgs.python312Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-25.05 8.8.20250205075315 nixpkgs-25.05-darwin 8.8.20250205075315 nixos-25.05-small 8.8.20250205075315 nixos-unstable 8.8.20250205075315 nixos-unstable-small 8.7.20241021092521 nixpkgs-unstable 8.8.20250205075315
pkgs.python313Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-25.05 8.8.20250205075315 nixpkgs-25.05-darwin 8.8.20250205075315 nixos-25.05-small 8.8.20250205075315 nixos-unstable 8.8.20250205075315 nixos-unstable-small 8.8.20250205075315 nixpkgs-unstable 8.8.20250205075315
pkgs.python312Packages.schema-salad.x86_64-linux Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521
pkgs.python312Packages.schema-salad.aarch64-linux Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521
pkgs.python312Packages.schema-salad.x86_64-darwin Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521
pkgs.python312Packages.schema-salad.aarch64-darwin Semantic Annotations for Linked Avro Data nixos-unstable 8.7.20241021092521
CVE-2025-40923 7.3 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 1 month, 1 week ago Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems. Plack-Middleware-Session <0.35 pkgs.perl538Packages.PlackMiddlewareSession Middleware for session management nixos-25.05 0.33 nixpkgs-25.05-darwin 0.33 nixos-25.05-small 0.33 nixos-unstable 0.33 nixos-unstable-small 0.33 nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession Middleware for session management nixos-25.05 0.33 nixpkgs-25.05-darwin 0.33 nixos-25.05-small 0.33 nixos-unstable 0.33 nixos-unstable-small 0.33 nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.x86_64-linux Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.aarch64-linux Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.x86_64-darwin Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33 pkgs.perl540Packages.PlackMiddlewareSession.aarch64-darwin Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33
pkgs.perl538Packages.PlackMiddlewareSession Middleware for session management nixos-25.05 0.33 nixpkgs-25.05-darwin 0.33 nixos-25.05-small 0.33 nixos-unstable 0.33 nixos-unstable-small 0.33 nixpkgs-unstable 0.33
pkgs.perl540Packages.PlackMiddlewareSession Middleware for session management nixos-25.05 0.33 nixpkgs-25.05-darwin 0.33 nixos-25.05-small 0.33 nixos-unstable 0.33 nixos-unstable-small 0.33 nixpkgs-unstable 0.33
pkgs.perl540Packages.PlackMiddlewareSession.x86_64-linux Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33
pkgs.perl540Packages.PlackMiddlewareSession.aarch64-linux Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33
pkgs.perl540Packages.PlackMiddlewareSession.x86_64-darwin Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33
pkgs.perl540Packages.PlackMiddlewareSession.aarch64-darwin Middleware for session management nixos-unstable ??? nixpkgs-unstable 0.33
CVE-2025-40918 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month, 1 week ago Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy. Authen-SASL =<2.1800 pkgs.perl538Packages.AuthenSASL SASL Authentication framework nixos-25.05 2.1700 nixpkgs-25.05-darwin 2.1700 nixos-25.05-small 2.1700 nixos-unstable 2.1700 nixos-unstable-small 2.1700 nixpkgs-unstable 2.1700 pkgs.perl540Packages.AuthenSASL SASL Authentication framework nixos-25.05 2.1700 nixpkgs-25.05-darwin 2.1700 nixos-25.05-small 2.1700 nixos-unstable 2.1700 nixos-unstable-small 2.1700 nixpkgs-unstable 2.1700 pkgs.perl538Packages.AuthenSASLSASLprep Stringprep Profile for User Names and Passwords (RFC 4013) nixos-25.05 1.100 nixpkgs-25.05-darwin 1.100 nixos-25.05-small 1.100 nixos-unstable 1.100 nixos-unstable-small 1.100 nixpkgs-unstable 1.100 pkgs.perl540Packages.AuthenSASLSASLprep Stringprep Profile for User Names and Passwords (RFC 4013) nixos-25.05 1.100 nixpkgs-25.05-darwin 1.100 nixos-25.05-small 1.100 nixos-unstable 1.100 nixos-unstable-small 1.100 nixpkgs-unstable 1.100 Package maintainers: 1 @stigtsp Stig Palmquist <stig@stig.io>
pkgs.perl538Packages.AuthenSASL SASL Authentication framework nixos-25.05 2.1700 nixpkgs-25.05-darwin 2.1700 nixos-25.05-small 2.1700 nixos-unstable 2.1700 nixos-unstable-small 2.1700 nixpkgs-unstable 2.1700
pkgs.perl540Packages.AuthenSASL SASL Authentication framework nixos-25.05 2.1700 nixpkgs-25.05-darwin 2.1700 nixos-25.05-small 2.1700 nixos-unstable 2.1700 nixos-unstable-small 2.1700 nixpkgs-unstable 2.1700
pkgs.perl538Packages.AuthenSASLSASLprep Stringprep Profile for User Names and Passwords (RFC 4013) nixos-25.05 1.100 nixpkgs-25.05-darwin 1.100 nixos-25.05-small 1.100 nixos-unstable 1.100 nixos-unstable-small 1.100 nixpkgs-unstable 1.100
pkgs.perl540Packages.AuthenSASLSASLprep Stringprep Profile for User Names and Passwords (RFC 4013) nixos-25.05 1.100 nixpkgs-25.05-darwin 1.100 nixos-25.05-small 1.100 nixos-unstable 1.100 nixos-unstable-small 1.100 nixpkgs-unstable 1.100
CVE-2025-7424 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 2 weeks ago Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. rhcos libxslt pkgs.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.43 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43 pkgs.libxslt.x86_64-linux C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.libxslt.aarch64-linux C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.libxslt.x86_64-darwin C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.libxslt.aarch64-darwin C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42 pkgs.python311Packages.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.42 nixos-unstable-small 1.1.42 nixpkgs-unstable 1.1.42 pkgs.python312Packages.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.42 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43 pkgs.python313Packages.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.43 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43 pkgs.python312Packages.libxslt.x86_64-linux C library and tools to do XSL transformations nixos-unstable 1.1.42 pkgs.python312Packages.libxslt.aarch64-linux C library and tools to do XSL transformations nixos-unstable 1.1.42 pkgs.python312Packages.libxslt.x86_64-darwin C library and tools to do XSL transformations nixos-unstable 1.1.42 pkgs.python312Packages.libxslt.aarch64-darwin C library and tools to do XSL transformations nixos-unstable 1.1.42 Package maintainers: 1 @jtojnar Jan Tojnar <jtojnar@gmail.com>
pkgs.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.43 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43
pkgs.libxslt.x86_64-linux C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42
pkgs.libxslt.aarch64-linux C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42
pkgs.libxslt.x86_64-darwin C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42
pkgs.libxslt.aarch64-darwin C library and tools to do XSL transformations nixos-unstable ??? nixos-unstable-small 1.1.42
pkgs.python311Packages.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.42 nixos-unstable-small 1.1.42 nixpkgs-unstable 1.1.42
pkgs.python312Packages.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.42 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43
pkgs.python313Packages.libxslt C library and tools to do XSL transformations nixos-25.05 1.1.43 nixpkgs-25.05-darwin 1.1.43 nixos-25.05-small 1.1.43 nixos-unstable 1.1.43 nixos-unstable-small 1.1.43 nixpkgs-unstable 1.1.43
pkgs.python312Packages.libxslt.x86_64-linux C library and tools to do XSL transformations nixos-unstable 1.1.42
pkgs.python312Packages.libxslt.aarch64-linux C library and tools to do XSL transformations nixos-unstable 1.1.42
pkgs.python312Packages.libxslt.x86_64-darwin C library and tools to do XSL transformations nixos-unstable 1.1.42
pkgs.python312Packages.libxslt.aarch64-darwin C library and tools to do XSL transformations nixos-unstable 1.1.42