Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2025-31746
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 1 week ago
WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4.

Affected products

clients
  • =<1.1.4

Matching in nixpkgs

pkgs.xlsclients

Utility to list client applications running on a X11 display

pkgs.argus-clients

Clients for ARGUS

pkgs.xorg.xlsclients

Utility to list client applications running on a X11 display

pkgs.haskellPackages.clientsession

Securely store session data in a client-side cookie

pkgs.haskellPackages.wai-session-clientsession

Session store based on clientsession

Package maintainers: 1

CVE-2025-32051
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months, 1 week ago
Libsoup: segmentation fault when parsing malformed data uri

A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

Affected products

libsoup
  • <3.6.1
libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

  • nixos-unstable ???
    • nixpkgs-unstable

Package maintainers: 6

CVE-2025-30596
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months, 1 week ago
WordPress include-file <= 1 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound include-file allows Path Traversal. This issue affects include-file: from n/a through 1.

Affected products

include-file
  • =<1

Matching in nixpkgs

pkgs.haskellPackages.include-file

Inclusion of files in executables at compile-time

CVE-2025-32049
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 months, 1 week ago
Libsoup: denial of service attack to websocket server

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

Affected products

libsoup
  • *
  • =<3.6.4
libsoup3
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

  • nixos-unstable ???
    • nixpkgs-unstable

Package maintainers: 6

CVE-2025-2784
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 3 months, 1 week ago
Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Affected products

libsoup
  • <3.6.5
  • *
libsoup3
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

  • nixos-unstable ???
    • nixpkgs-unstable

Package maintainers: 6

CVE-2025-32052
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months, 1 week ago
Libsoup: heap buffer overflow in sniff_unknown()

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

Affected products

libsoup
  • <3.6.1
  • *
libsoup3
mingw-freetype
  • *
spice-client-win
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

  • nixos-unstable ???
    • nixpkgs-unstable

Package maintainers: 6

CVE-2025-3155
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 months, 1 week ago
Yelp: arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Affected products

yelp
  • <42.2-8
  • *
yelp-xsl
  • *

Matching in nixpkgs

pkgs.yelp

Help viewer for GNOME

pkgs.yelp-xsl

Yelp's universal stylesheets for Mallard and DocBook

pkgs.yelp-tools

Small programs that help you create, edit, manage, and publish your Mallard or DocBook documentation

Package maintainers: 4

CVE-2025-32053
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 3 months, 1 week ago
Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()

A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

Affected products

libsoup
  • <3.6.1
  • *
libsoup3
mingw-freetype
  • *
spice-client-win
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

  • nixos-unstable ???
    • nixpkgs-unstable

Package maintainers: 6

CVE-2008-0888
created 3 months, 1 week ago
The NEEDBITS macro in the inflate_dynamic function in inflate.c for …

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Affected products

unzip
  • <6.0

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

pkgs.ripunzip

Tool to unzip files in parallel

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

Package maintainers: 3

CVE-2025-30673
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 3 months, 1 week ago
Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

Affected products

Sub-HandlesVia
  • <0.050002

Matching in nixpkgs

pkgs.perlPackages.SubHandlesVia

Alternative handles_via implementation

pkgs.perl538Packages.SubHandlesVia

Alternative handles_via implementation

pkgs.perl540Packages.SubHandlesVia

Alternative handles_via implementation