Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2025-31002
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 months, 2 weeks ago
WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.

Affected products

squeeze
  • =<1.6

Matching in nixpkgs

pkgs.squeezelite

Lightweight headless squeezebox client emulator

pkgs.squeezelite-pulse

Lightweight headless squeezebox client emulator

pkgs.postgresqlPackages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

  • nixos-unstable -

pkgs.python312Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

  • nixos-unstable -

pkgs.python313Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

  • nixos-unstable -

pkgs.postgresql13Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

  • nixos-unstable -

pkgs.postgresql14Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

  • nixos-unstable -

pkgs.postgresql15Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

  • nixos-unstable -

pkgs.postgresql16Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

  • nixos-unstable -

pkgs.postgresql18Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

  • nixos-unstable -

pkgs.home-assistant-component-tests.squeezebox

Open source home automation that puts local control and privacy first

Package maintainers: 5

CVE-2025-31375
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 2 weeks ago
WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0.

Affected products

scheduled
  • =<1.0

Matching in nixpkgs

pkgs.azure-cli-extensions.scheduled-query

Microsoft Azure Command-Line Tools Scheduled_query Extension

Package maintainers: 2

CVE-2025-3416
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months, 2 weeks ago
Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Affected products

gjs
polkit
firefox
mozjs60
openssl
rpm-ostree
389-ds-base
rust-bootupd
rust-openssl
  • <0.10.72
mingw-openssl
kata-containers
keylime-agent-rust
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
389-ds:1.4/389-ds-base
firefox:flatpak/firefox
python3.12-cryptography
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
rhtpa/rhtpa-trustification-service-rhel9

Matching in nixpkgs

pkgs.gjs

JavaScript bindings for GNOME

  • nixos-unstable -

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

  • nixos-unstable -

pkgs.openssl

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.xulrunner

Web browser built from Firefox source tree

pkgs.cmd-polkit

Easily create polkit authentication agents by using commands

  • nixos-unstable -

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

  • nixos-unstable -

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

  • nixos-unstable -

pkgs.openssl_1_1

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.openssl_3_0

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.openssl_3_5

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

  • nixos-unstable -

pkgs.polkit_gnome

Dbus session bus service that is used to bring up authentication dialogs

  • nixos-unstable -

pkgs.tpm2-openssl

OpenSSL Provider for TPM2 integration

  • nixos-unstable -

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

  • nixos-unstable -

pkgs.openssl_legacy

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable -

pkgs.hyprpolkitagent

Polkit authentication agent written in QT/QML

  • nixos-unstable -

pkgs.mate.mate-polkit

Integrates polkit authentication for MATE desktop

  • nixos-unstable -

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

pkgs.pcscliteWithPolkit

Middleware to access a smart card using SCard API (PC/SC)

  • nixos-unstable -

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable -

pkgs.libsForQt5.polkit-qt

Qt wrapper around PolKit

pkgs.rubyPackages.openssl

  • nixos-unstable -

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

pkgs.gnomeExtensions.gjs-osk

A new Onscreen Keyboard built using GNOME JS

  • nixos-unstable -
    • nixpkgs-unstable 38

pkgs.kdePackages.polkit-qt-1

Qt wrapper around Polkit-1 client libraries

pkgs.php81Extensions.openssl

PHP upstream extension: openssl

  • nixos-unstable -

pkgs.php82Extensions.openssl

PHP upstream extension: openssl

  • nixos-unstable -

pkgs.php83Extensions.openssl

PHP upstream extension: openssl

  • nixos-unstable -

pkgs.php84Extensions.openssl

PHP upstream extension: openssl

  • nixos-unstable -

pkgs.haskellPackages.hopenssl

FFI Bindings to OpenSSL's EVP Digest Interface

  • nixos-unstable -

pkgs.rubyPackages_3_1.openssl

  • nixos-unstable -

pkgs.rubyPackages_3_2.openssl

  • nixos-unstable -

pkgs.rubyPackages_3_3.openssl

  • nixos-unstable -

pkgs.rubyPackages_3_4.openssl

  • nixos-unstable -

pkgs.bruteforce-salted-openssl

Try to find the password of file encrypted with OpenSSL

  • nixos-unstable -

pkgs.plasma5Packages.polkit-qt

Qt wrapper around PolKit

pkgs.python312Packages.pypugjs

PugJS syntax template adapter for Django, Jinja2, Mako and Tornado templates

  • nixos-unstable -

pkgs.python313Packages.pypugjs

PugJS syntax template adapter for Django, Jinja2, Mako and Tornado templates

  • nixos-unstable -

pkgs.lomiri.lomiri-polkit-agent

Policy kit agent for the Lomiri desktop

  • nixos-unstable -

pkgs.python312Packages.pyopenssl

Python wrapper around the OpenSSL library

  • nixos-unstable -

pkgs.python313Packages.pyopenssl

Python wrapper around the OpenSSL library

  • nixos-unstable -

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

pkgs.python312Packages.aioopenssl

TLS-capable transport using OpenSSL for asyncio

  • nixos-unstable -

pkgs.python313Packages.aioopenssl

TLS-capable transport using OpenSSL for asyncio

  • nixos-unstable -

pkgs.luaPackages.lua-resty-openssl

No summary

pkgs.kdePackages.polkit-kde-agent-1

Daemon providing a Polkit authentication UI for Plasma

pkgs.pantheon.pantheon-agent-polkit

Polkit Agent for the Pantheon Desktop

  • nixos-unstable -

pkgs.php81Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

  • nixos-unstable -

pkgs.php82Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

  • nixos-unstable -

pkgs.php83Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

  • nixos-unstable -

pkgs.php84Extensions.openssl-legacy

PHP upstream extension: openssl-legacy

  • nixos-unstable -

pkgs.python312Packages.cryptography

Package which provides cryptographic recipes and primitives

  • nixos-unstable -

pkgs.haskellPackages.openssl-streams

OpenSSL network support for io-streams

pkgs.lua51Packages.lua-resty-openssl

No summary

pkgs.lua52Packages.lua-resty-openssl

No summary

pkgs.lua53Packages.lua-resty-openssl

No summary

pkgs.lua54Packages.lua-resty-openssl

No summary

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable -
    • nixpkgs-unstable 4

pkgs.luajitPackages.lua-resty-openssl

No summary

pkgs.haskellPackages.openssl-createkey

Create OpenSSL keypairs

  • nixos-unstable -

pkgs.python312Packages.types-pyopenssl

Typing stubs for pyopenssl

pkgs.python313Packages.types-pyopenssl

Typing stubs for pyopenssl

pkgs.haskellPackages.cryptonite-openssl

Crypto stuff using OpenSSL cryptographic library

  • nixos-unstable -

pkgs.haskellPackages.http-client-openssl

http-client backend using the OpenSSL library

  • nixos-unstable -

pkgs.chickenPackages_5.chickenEggs.openssl

Bindings to the OpenSSL SSL/TLS library

  • nixos-unstable -

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssl

Test whether openssl-3.5.1 exposes pkg-config modules libssl

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.openssl

Test whether openssl-3.5.1 exposes pkg-config modules openssl

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.pkg-config.defaultPkgConfigPackages.libcrypto

Test whether openssl-3.5.1 exposes pkg-config modules libcrypto

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.tests.testers.hasPkgConfigModules.openssl-has-openssl

Test whether openssl-3.5.1 exposes pkg-config modules openssl

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

  • nixos-unstable -

pkgs.tests.testers.hasPkgConfigModules.openssl-has-all-meta-pkgConfigModules

Test whether openssl-3.5.1 exposes pkg-config modules libcrypto, libssl, openssl

  • nixos-unstable -
    • nixpkgs-unstable

Package maintainers: 48

CVE-2025-3359
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months, 2 weeks ago
Gnuplot: segmentation fault via io_str_init_static_internal function

A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.

Affected products

gnuplot
  • <6.1

Matching in nixpkgs

pkgs.gnuplot

Portable command-line driven graphing utility for many platforms

  • nixos-unstable -

pkgs.gnuplot_qt

Portable command-line driven graphing utility for many platforms

  • nixos-unstable -

pkgs.feedgnuplot

General purpose pipe-oriented plotting tool

  • nixos-unstable -

pkgs.gnuplot_aquaterm

Portable command-line driven graphing utility for many platforms

  • nixos-unstable -

pkgs.haskellPackages.gnuplot

2D and 3D plots using gnuplot

  • nixos-unstable -

pkgs.chickenPackages_5.chickenEggs.gnuplot-pipe

A simple interface to Gnuplot

  • nixos-unstable -

pkgs.vimPlugins.nvim-treesitter-parsers.gnuplot

  • nixos-unstable -
    • nixpkgs-unstable

Package maintainers: 3

CVE-2025-30195
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months, 2 weeks ago
A crafted zone can lead to an illegal memory access in the PowerDNS Recursor

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention.

Affected products

pdns-recursor
  • ==5.2.0

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

  • nixos-unstable -

Package maintainers: 1

CVE-2025-3360
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months, 2 weeks ago
Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

Affected products

glib
  • <2.82.5
bootc
glib2
loupe
librsvg2
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

pkgs.mlxbf-bootctl

Control BlueField boot partitions

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable -

pkgs.rubyPackages.glib2

pkgs.rubyPackages_3_1.glib2

pkgs.rubyPackages_3_2.glib2

pkgs.rubyPackages_3_3.glib2

pkgs.rubyPackages_3_4.glib2

Package maintainers: 5

CVE-2025-31384
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 2 weeks ago
WordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.

Affected products

videos
  • =<1.0.5

Matching in nixpkgs

pkgs.pantheon.elementary-videos

Video player and library app designed for elementary OS

  • nixos-unstable -

Package maintainers: 2

CVE-2025-31407
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 2 weeks ago
WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.

Affected products

tiger
  • =<2.0

Matching in nixpkgs

pkgs.libtiger

Rendering library for Kate streams using Pango and Cairo

  • nixos-unstable -

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

  • nixos-unstable -

pkgs.wiredtiger

  • nixos-unstable -

pkgs.tigerbeetle

Financial accounting database designed to be distributed and fast

pkgs.tigerjython

Simple development environment for programming in Python

  • nixos-unstable -

pkgs.tree-sitter-grammars.tree-sitter-tiger

  • nixos-unstable -

pkgs.chickenPackages_5.chickenEggs.tiger-hash

Tiger/192 Message Digest

  • nixos-unstable -

pkgs.vimPlugins.nvim-treesitter-parsers.tiger

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-tiger

Python bindings for tree-sitter-tiger

  • nixos-unstable -

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-tiger

Python bindings for tree-sitter-tiger

  • nixos-unstable -

Package maintainers: 8

CVE-2025-32250
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 2 weeks ago
WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar allows Cross Site Request Forgery. This issue affects Rollbar: from n/a through 2.7.1.

Affected products

rollbar
  • =<2.7.1

Matching in nixpkgs

pkgs.haskellPackages.rollbar

error tracking through rollbar.com

  • nixos-unstable -

pkgs.python312Packages.rollbar

Error tracking and logging from Python to Rollbar

  • nixos-unstable -

pkgs.python313Packages.rollbar

Error tracking and logging from Python to Rollbar

  • nixos-unstable -
CVE-2025-32272
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 3 months, 2 weeks ago
WordPress Wishlist Plugin <= 1.0.44 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44.

Affected products

wishlist
  • =<1.0.44

Matching in nixpkgs

pkgs.wishlist

Single entrypoint for multiple SSH endpoints

  • nixos-unstable -

Package maintainers: 2