Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-45775
created 4 months ago
Grub2: commands/extcmd: missing check for failed allocation

A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.

Affected products

grub2
  • =<2.12
  • *
rhcos

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

Package maintainers: 4

CVE-2025-26778
created 4 months ago
WordPress Gallery Custom Links Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS. This issue affects Gallery: from n/a through 2.2.1.

Affected products

gallery
  • =<2.2.1

Matching in nixpkgs

pkgs.fgallery

Static photo gallery generator

  • nixos-unstable -

pkgs.gallery-dl

Command-line program to download image-galleries and -collections from several image hosting sites

  • nixos-unstable -

pkgs.tilinggallery

CLI tool for generating aperiodic tilings

  • nixos-unstable -

pkgs.lomiri.lomiri-gallery-app

Photo gallery application for Ubuntu Touch devices

  • nixos-unstable -

pkgs.kdePackages.kirigami-gallery

Kirigami component gallery application

pkgs.azure-cli-extensions.image-gallery

Support for Azure Image Gallery

pkgs.azure-cli-extensions.gallery-service-artifact

Microsoft Azure Command-Line Tools GalleryServiceArtifact Extension

CVE-2025-1244
created 4 months ago
Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Affected products

emacs
  • <29.4.0
  • *
openshift-builds/openshift-builds-git-cloner-rhel9
  • *
registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9
  • *

Matching in nixpkgs

pkgs.cask

Project management for Emacs

  • nixos-unstable -

pkgs.qemacs

Very small but powerful UNIX editor

  • nixos-unstable -

pkgs.uemacs

Linus Torvalds's random version of microemacs with his personal modifications

pkgs.emacspeak

Emacs extension that provides spoken output

  • nixos-unstable -

pkgs.emacs30-nox

Extensible, customizable GNU text editor

  • nixos-unstable -

pkgs.emacs30-gtk3

Extensible, customizable GNU text editor

pkgs.emacs30-pgtk

Extensible, customizable GNU text editor

  • nixos-unstable -

pkgs.emacsMacport

Extensible, customizable GNU text editor - macport variant

pkgs.pinentry-emacs

GnuPG’s interface to passphrase input

  • nixos-unstable -

pkgs.emacsNativeComp

Extensible, customizable GNU text editor

  • nixos-unstable -

pkgs.emacs-lsp-booster

Emacs LSP performance booster

  • nixos-unstable -

pkgs.parinfer-rust-emacs

Emacs centric fork of parinfer-rust

  • nixos-unstable -

pkgs.emacsclient-commands

Collection of small shell utilities that connect to a local Emacs server

pkgs.emacs-all-the-icons-fonts

Icon fonts for emacs all-the-icons

  • nixos-unstable -

pkgs.haskellPackages.emacs-module

Utilities to write Emacs dynamic modules

  • nixos-unstable -

pkgs.haskellPackages.yi-keymap-emacs

Emacs keymap for Yi editor

  • nixos-unstable -

pkgs.haskellPackages.yi-emacs-colours

Simple mapping from colour names used in emacs to Color

pkgs.vscode-extensions.tuttieee.emacs-mcx

Awesome Emacs Keymap - VSCode emacs keybinding with multi cursor support

  • nixos-unstable -

pkgs.gnomeExtensions.emacs-search-provider

Search for your Emacs projects easily

  • nixos-unstable -
    • nixpkgs-unstable 4
CVE-2022-31631
created 4 months ago
PDO::quote() may return unquoted string

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Affected products

pdo_sqlite
  • <8.1.15
  • <8.0.27
  • <8.2.2

Matching in nixpkgs

pkgs.php81Extensions.pdo_sqlite

PHP upstream extension: pdo_sqlite

  • nixos-unstable -

pkgs.php82Extensions.pdo_sqlite

PHP upstream extension: pdo_sqlite

  • nixos-unstable -

pkgs.php83Extensions.pdo_sqlite

PHP upstream extension: pdo_sqlite

  • nixos-unstable -

pkgs.php84Extensions.pdo_sqlite

PHP upstream extension: pdo_sqlite

  • nixos-unstable -

Package maintainers: 4

CVE-2024-12243
created 4 months ago
Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Affected products

rhcos
gnutls
  • *
  • <3.8.8
  • =<3.7.11
  • =<3.6.16
discovery/discovery-ui-rhel9
  • *
discovery/discovery-server-rhel9
  • *
registry.redhat.io/discovery/discovery-ui-rhel9
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

  • nixos-unstable -

pkgs.guile-gnutls

Guile bindings for GnuTLS library

  • nixos-unstable -

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

Package maintainers: 3

CVE-2024-12133
created 4 months ago
Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

Affected products

rhcos
libtasn1
  • <4.20.0
  • *
discovery/discovery-ui-rhel9
  • *
discovery/discovery-server-rhel9
  • *
registry.redhat.io/discovery/discovery-ui-rhel9
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *

Matching in nixpkgs

pkgs.libtasn1

ASN.1 library

  • nixos-unstable -
CVE-2024-11831
created 4 months ago
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

Affected products

pcs
ceph
  • *
pybind
grafana
libarrow
dotnet6.0
dotnet7.0
dotnet8.0
  • *
nodejs-webpack
quay/quay-rhel8
mta/mta-ui-rhel9
mta/mta-cli-rhel9
rh-dotnet60-dotnet
rhdh-hub-container
odf4/mcg-core-rhel8
odf4/mcg-core-rhel9
odh-dashboard-rhel8
rhdh/rhdh-hub-rhel9
devspaces/code-rhel8
rhacm2/console-rhel8
rhacm2/console-rhel9
serialize-javascript
  • <6.0.2
automation-controller
rhceph/rhceph-8-rhel9
  • *
aap-cloud-ui-container
odf4/odf-console-rhel9
  • *
odh-operator-container
openshift3/ose-console
devspaces/traefik-rhel8
odh-dashboard-container
rhdh-operator-container
odh-model-registry-rhel8
automation-eda-controller
devspaces/dashboard-rhel8
rhosdt/jaeger-agent-rhel8
rhosdt/jaeger-query-rhel8
discovery-server-container
3scale-amp-system-container
rhosdt/jaeger-ingester-rhel8
odf4/ocs-client-console-rhel9
  • *
odh-ml-pipelines-driver-rhel8
odh-notebook-controller-rhel8
rhosdt/jaeger-collector-rhel8
nodejs-uglifyjs-webpack-plugin
rhosdt/jaeger-all-in-one-rhel8
odh-ml-pipelines-launcher-rhel8
openshift-logging/kibana6-rhel8
rhosdt/jaeger-es-rollover-rhel8
odh-kf-notebook-controller-rhel8
nodejs-compression-webpack-plugin
openshift-service-mesh/kiali-rhel8
nodejs-css-minimizer-webpack-plugin
odf4/odf-multicluster-console-rhel8
odf4/odf-multicluster-console-rhel9
  • *
odh-ml-pipelines-api-server-v2-rhel8
rhosdt/jaeger-es-index-cleaner-rhel8
openshift4/ose-monitoring-plugin-rhel9
openshift-service-mesh/kiali-ossmc-rhel8
rhtpa/rhtpa-trustification-service-rhel9
advanced-cluster-security/rhacs-main-rhel8
  • *
odh-ml-pipelines-persistenceagent-v2-rhel8
openshift-pipelines/pipelines-hub-ui-rhel8
  • *
odh-ml-pipelines-scheduledworkflow-v2-rhel8
openshift-pipelines/pipelines-hub-api-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-rhel8-operator
odh-data-science-pipelines-argo-argoexec-rhel8
ansible-automation-platform-24/lightspeed-rhel8
ansible-automation-platform-25/lightspeed-rhel8
advanced-cluster-security/rhacs-central-db-rhel8
advanced-cluster-security/rhacs-scanner-v4-rhel8
openshift-pipelines-console-plugin-rhel8-container
openshift-pipelines/pipelines-console-plugin-rhel8
  • *
openshift-pipelines/pipelines-console-plugin-rhel9
  • *
advanced-cluster-security/rhacs-scanner-v4-db-rhel8
openshift-pipelines/pipelines-hub-db-migration-rhel8
odh-data-science-pipelines-argo-workflowcontroller-rhel8
migration-toolkit-virtualization/mtv-console-plugin-rhel9
openshift-lightspeed-beta/lightspeed-console-plugin-rhel9

Matching in nixpkgs

pkgs.vpcs

Simple virtual PC simulator

  • nixos-unstable -

pkgs.pcsx2

Playstation 2 emulator

  • nixos-unstable -

pkgs.rpcs3

PS3 emulator/debugger

  • nixos-unstable -

pkgs.pcstat

Page Cache stat: get page cache stats for files on Linux

  • nixos-unstable -

pkgs.grafana

Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB

  • nixos-unstable -

pkgs.pcsclite

Middleware to access a smart card using SCard API (PC/SC)

  • nixos-unstable -

pkgs.appcsxcad

Minimal Application using the QCSXCAD library

  • nixos-unstable -

pkgs.pcsctools

Tools used to test a PC/SC driver, card or reader

  • nixos-unstable -

pkgs.pcsx2-bin

Playstation 2 emulator (precompiled binary, repacked from official website)

  • nixos-unstable -

pkgs.grafanactl

Tool designed to simplify interaction with Grafana instances

  • nixos-unstable -

pkgs.baidupcs-go

Baidu Netdisk commandline client, mimicking Linux shell file handling commands

  • nixos-unstable -

pkgs.mcp-grafana

MCP server for Grafana

  • nixos-unstable -

pkgs.grafana-loki

Like Prometheus, but for logs

  • nixos-unstable -

pkgs.pcsc-safenet

Safenet Authentication Client

pkgs.rpcsvc-proto

This package contains rpcsvc proto.x files from glibc, which are missing in libtirpc

  • nixos-unstable -

pkgs.grafana-alloy

Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles

  • nixos-unstable -

pkgs.grafana-kiosk

Kiosk Utility for Grafana

  • nixos-unstable -

pkgs.pcsc-cyberjack

REINER SCT cyberJack USB chipcard reader user space driver

  • nixos-unstable -

pkgs.grafana-to-ntfy

Bridge to forward Grafana alerts to ntfy.sh notification service

pkgs.pcsc-scm-scl011

SCM Microsystems SCL011 chipcard reader user space driver

  • nixos-unstable -

pkgs.pcscliteWithPolkit

Middleware to access a smart card using SCard API (PC/SC)

  • nixos-unstable -

pkgs.grafana-dash-n-grab

Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities

  • nixos-unstable -

pkgs.libretro.pcsx_rearmed

Port of PCSX ReARMed to libretro

pkgs.vsmartcard-pcsc-relay

Relays a smart card using an contact-less interface

pkgs.haskellPackages.gpcsets

Generalized Pitch Class Sets for Haskell

pkgs.terraform-providers.grafana

  • nixos-unstable -

pkgs.python312Packages.grafanalib

Library for building Grafana dashboards

  • nixos-unstable -

pkgs.python313Packages.grafanalib

Library for building Grafana dashboards

  • nixos-unstable -

pkgs.haskellPackages.amazonka-grafana

Amazon Managed Grafana SDK

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-oncall-app

Developer-friendly incident response for Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-clock-panel

Clock panel for Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-pyroscope-app

Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data

  • nixos-unstable -

pkgs.python312Packages.mypy-boto3-grafana

Type annotations for boto3 grafana

pkgs.python313Packages.mypy-boto3-grafana

Type annotations for boto3 grafana

pkgs.grafanaPlugins.grafana-piechart-panel

Pie chart panel for Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-polystat-panel

Hexagonal multi-stat panel for Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-worldmap-panel

World Map panel for Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-lokiexplore-app

Browse Loki logs without the need for writing complex queries

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-mqtt-datasource

Visualize streaming MQTT data from within Grafana

pkgs.grafanaPlugins.grafana-exploretraces-app

Opinionated traces app

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-github-datasource

Allows GitHub API data to be visually represented in Grafana dashboards

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-sentry-datasource

Integrate Sentry data into Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-discourse-datasource

Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-metricsdrilldown-app

Queryless experience for browsing Prometheus-compatible metrics. Quickly find related metrics without writing PromQL queries

  • nixos-unstable -

pkgs.python312Packages.types-aiobotocore-grafana

Type annotations for aiobotocore grafana

  • nixos-unstable -

pkgs.python313Packages.types-aiobotocore-grafana

Type annotations for aiobotocore grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-clickhouse-datasource

Connects Grafana to ClickHouse

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-opensearch-datasource

Empowers you to seamlessly integrate JSON data into Grafana

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-googlesheets-datasource

Integrate JSON data into Grafana

  • nixos-unstable -

Package maintainers: 46

CVE-2024-45497
created 4 months ago
Openshift-api: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.

Affected products

openshift
  • ==4.16
openshift-controller-manager
openshift4/ose-openshift-apiserver-rhel7
openshift4/ose-openshift-apiserver-rhel9
openshift4/ose-openshift-controller-manager-rhel9
  • *
org.arquillian.cube/arquillian-cube-openshift-api
openshift4/ose-cluster-openshift-apiserver-operator
  • *
openshift4/ose-cluster-openshift-apiserver-rhel9-operator
  • *

Matching in nixpkgs

pkgs.openshift

Build, deploy, and manage your applications with Docker and Kubernetes

  • nixos-unstable -

pkgs.python312Packages.openshift

Python client for the OpenShift API

  • nixos-unstable -

pkgs.python313Packages.openshift

Python client for the OpenShift API

  • nixos-unstable -

pkgs.python312Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

  • nixos-unstable -

pkgs.python313Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

  • nixos-unstable -

Package maintainers: 4

CVE-2025-22696
created 4 months ago
WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0.

Affected products

document
  • =<1.1.0

Matching in nixpkgs

pkgs.phpdocumentor

PHP documentation generator

  • nixos-unstable -

pkgs.qdocumentview

Widget to render multi-page documents

pkgs.documentation-highlighter

Highlight.js sources for the Nix Ecosystem's documentation

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.onlyoffice-documentserver

ONLYOFFICE Document Server is an online office suite comprising viewers and editors

  • nixos-unstable -

pkgs.kdePackages.libkeduvocdocument

Library to parse, convert, and manipulate KVTML files

pkgs.python312Packages.pydocumentdb

Azure Cosmos DB API

  • nixos-unstable -

pkgs.python313Packages.pydocumentdb

Azure Cosmos DB API

  • nixos-unstable -

pkgs.cudaPackages.cuda_documentation

CUDA Documentation. By downloading and using the packages you accept the terms and conditions of the CUDA EULA

pkgs.sbclPackages.documentation-utils

pkgs.haskellPackages.symantic-document

Symantics combinators for generating documents

pkgs.python312Packages.netbox-documents

Plugin designed to faciliate the storage of site, circuit, device type and device specific documents within NetBox

  • nixos-unstable -

pkgs.python313Packages.netbox-documents

Plugin designed to faciliate the storage of site, circuit, device type and device specific documents within NetBox

  • nixos-unstable -

pkgs.tests.haskell.documentationTarball

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.haskellPackages.pdf-toolbox-document

A collection of tools for processing PDF files

  • nixos-unstable -

pkgs.python312Packages.tableaudocumentapi

Python module for working with Tableau files

  • nixos-unstable -

pkgs.python313Packages.tableaudocumentapi

Python module for working with Tableau files

  • nixos-unstable -

pkgs.haskellPackages.persistent-documentation

Documentation DSL for persistent entities

pkgs.python312Packages.azure-search-documents

Microsoft Azure Cognitive Search Client Library for Python

  • nixos-unstable -

pkgs.python313Packages.azure-search-documents

Microsoft Azure Cognitive Search Client Library for Python

  • nixos-unstable -

pkgs.typstPackages.basic-document-props_0_1_0

Simple document with header, footer, page numbering and mail-adress

  • nixos-unstable -

pkgs.python312Packages.azure-ai-documentintelligence

Azure AI Document Intelligence client library for Python

  • nixos-unstable -

pkgs.python313Packages.azure-ai-documentintelligence

Azure AI Document Intelligence client library for Python

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_1_0_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_1_0_1

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_1_0_2

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_1_1_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_1_1_1

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_1_1_2

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_1_1_3

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_0_10_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_0_10_1

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -

pkgs.typstPackages.unofficial-fhict-document-template_0_11_0

This is a document template for creating professional-looking documents with Typst, tailored for FHICT (Fontys Hogeschool ICT

  • nixos-unstable -
CVE-2025-24684
created 4 months ago
WordPress Media Downloader Plugin <= 0.4.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5.

Affected products

media-downloader
  • =<0.4.7.5

Matching in nixpkgs

pkgs.media-downloader

Qt/C++ GUI front end for yt-dlp and others

  • nixos-unstable -

Package maintainers: 2