Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2025-5351 4.2 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 4 weeks, 1 day ago Libssh: double free vulnerability in libssh key export functions A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed. rhcos libssh libssh2 pkgs.libssh SSH client library nixos-unstable ??? nixpkgs-unstable 0.11.2 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixpkgs-unstable 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-unstable ??? nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> CVE-2024-9453 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 4 weeks, 1 day ago Jenkins-image: sensitive data disclosure when using openshift jenkins image A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. jenkins pkgs.jenkins Extendable open source continuous integration server nixos-unstable ??? nixpkgs-unstable 2.516.2 pkgs.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2 pkgs.python312Packages.jenkinsapi Python API for accessing resources on a Jenkins continuous-integration server nixos-unstable ??? nixpkgs-unstable 0.3.14 pkgs.python313Packages.jenkinsapi Python API for accessing resources on a Jenkins continuous-integration server nixos-unstable ??? nixpkgs-unstable 0.3.14 pkgs.python312Packages.python-jenkins Python bindings for the remote Jenkins API nixos-unstable ??? nixpkgs-unstable 1.8.3 pkgs.python313Packages.python-jenkins Python bindings for the remote Jenkins API nixos-unstable ??? nixpkgs-unstable 1.8.3 pkgs.python312Packages.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2 pkgs.python313Packages.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2 Package maintainers: 8 @gador Florian Brandes <florian.brandes@posteo.de> @earldouglas James Earl Douglas <james@earldouglas.com> @NeQuissimus Tim Steinbach <tim@nequissimus.com> @Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com> @drets Dmytro Rets <dmitryrets@gmail.com> @despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com> @de11n Elliot Cameron <nixpkgs-commits@deshaw.com> @invokes-su Souvik Sen <nixpkgs-commits@deshaw.com> CVE-2025-5372 5.0 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago Libssh: incorrect return code handling in ssh_kdf() in libssh A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. rhcos libssh libssh2 pkgs.libssh SSH client library nixos-unstable ??? nixpkgs-unstable 0.11.2 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixpkgs-unstable 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-unstable ??? nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> CVE-2025-52799 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1. lms =<9.1 pkgs.lms Lightweight Music Server - Access your self-hosted music using a web interface nixos-unstable ??? nixpkgs-unstable 3.69.0 pkgs.flmsg Digital modem message program nixos-unstable ??? nixpkgs-unstable 4.0.23 pkgs.helmsman Helm Charts (k8s applications) as Code tool nixos-unstable ??? nixpkgs-unstable 4.0.1 pkgs.lmstudio LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs) nixos-unstable ??? nixpkgs-unstable 0.3.25-2 pkgs.python312Packages.calmsize Take a number of bytes and return a human-readable string nixos-unstable ??? nixpkgs-unstable 0.1.3 pkgs.python313Packages.calmsize Take a number of bytes and return a human-readable string nixos-unstable ??? nixpkgs-unstable 0.1.3 pkgs.python312Packages.dlms-cosem Python module to parse DLMS/COSEM nixos-unstable ??? nixpkgs-unstable 25.1.0 pkgs.python313Packages.dlms-cosem Python module to parse DLMS/COSEM nixos-unstable ??? nixpkgs-unstable 25.1.0 pkgs.python312Packages.llama-index-llms-ollama LlamaIndex LLMS Integration for ollama nixos-unstable ??? nixpkgs-unstable 0.7.1 pkgs.python312Packages.llama-index-llms-openai LlamaIndex LLMS Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.5.4 pkgs.python313Packages.llama-index-llms-ollama LlamaIndex LLMS Integration for ollama nixos-unstable ??? nixpkgs-unstable 0.7.1 pkgs.python313Packages.llama-index-llms-openai LlamaIndex LLMS Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.5.4 pkgs.python312Packages.llama-index-llms-openai-like LlamaIndex LLMS Integration for OpenAI like nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python313Packages.llama-index-llms-openai-like LlamaIndex LLMS Integration for OpenAI like nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python312Packages.llama-index-multi-modal-llms-openai LlamaIndex Multi-Modal-Llms Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.6.0 pkgs.python313Packages.llama-index-multi-modal-llms-openai LlamaIndex Multi-Modal-Llms Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.6.0 Package maintainers: 7 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @jherland Johan Herland <johan@herland.net> @dysinger Tim Dysinger <tim@dysinger.net> @sarcasticadmin Robert James Hernandez <rob@sarcasticadmin.com> @Lynty Lynn Dong <ltdong93+nix@gmail.com> @mksafavi MK Safavi <mksafavi@gmail.com> @crertel Chris Ertel <chris@kedagital.com> CVE-2025-53338 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. replace =<0.2.1 pkgs.replace Tool to replace verbatim strings nixos-unstable ??? nixpkgs-unstable 2.24 pkgs.fireplace Cozy fireplace in your terminal nixos-unstable ??? nixpkgs-unstable 0-unstable-2020-02-02 pkgs.qsreplace Accept URLs on stdin, replace all query string values with a user-supplied value nixos-unstable ??? nixpkgs-unstable 0.0.3 pkgs.replacement Tool to execute yaml templates and output text nixos-unstable ??? nixpkgs-unstable 0.4.4 pkgs.replace-secret Replace a string in one file with a secret from a second file nixos-unstable ??? nixpkgs-unstable pkgs.haskellPackages.replace-attoparsec Find, replace, split string patterns with Attoparsec parsers (instead of regex) nixos-unstable ??? nixpkgs-unstable 1.5.0.0 pkgs.haskellPackages.replace-megaparsec Find, replace, split string patterns with Megaparsec parsers (instead of regex) nixos-unstable ??? nixpkgs-unstable 1.5.0.1 pkgs.haskellPackages.text-regex-replace Easy replacement when using text-icu regexes nixos-unstable ??? nixpkgs-unstable 0.1.1.5 pkgs.tests.substitute.legacySingleReplace nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.succeeds nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.succeeds nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-on-directory nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-build-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-check-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-on-directory nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.succeeds-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-build-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.succeeds-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-check-phase-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-check-phase-with-bad-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-bad-exemption nixos-unstable ??? nixpkgs-unstable Package maintainers: 5 @maralorn maralorn <mail@maralorn.de> @multivac61 multivac61 <olafur@genkiinstruments.com> @averagebit averagebit <averagebit@pm.me> @talyz Kim Lindberger <kim.lindberger@gmail.com> @siriobalmelli Sirio Balmelli <sirio@b-ad.ch> CVE-2025-53200 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 4 weeks, 1 day ago WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. chatbot =<6.7.3 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-unstable ??? nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-31428 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. hydro =<2.8 pkgs.hydrogen Advanced drum machine nixos-unstable ??? nixpkgs-unstable 1.2.6 pkgs.hydroxide Third-party, open-source ProtonMail bridge nixos-unstable ??? nixpkgs-unstable 0.2.30 pkgs.libhydrogen Lightweight, secure, easy-to-use crypto library suitable for constrained environments nixos-unstable ??? nixpkgs-unstable 0-unstable-2025-04-06 pkgs.tau-hydrogen GTK icon theme for tauOS nixos-unstable ??? nixpkgs-unstable 1.0.16 pkgs.fishPlugins.hydro Ultra-pure, lag-free prompt with async Git status nixos-unstable ??? nixpkgs-unstable 0-unstable-2024-11-02 pkgs.hydrogen-web-unwrapped Lightweight matrix client with legacy and mobile browser support nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python312Packages.hydrogram Asynchronous Telegram MTProto API framework for fluid user and bot interactions nixos-unstable ??? nixpkgs-unstable 0.2.0 pkgs.python313Packages.hydrogram Asynchronous Telegram MTProto API framework for fluid user and bot interactions nixos-unstable ??? nixpkgs-unstable 0.2.0 pkgs.haskellPackages.hydrogen-version Hydrogen Version Type nixos-unstable ??? nixpkgs-unstable 1.4 pkgs.python312Packages.swisshydrodata Python client to get data from the Swiss federal Office for Environment FEON nixos-unstable ??? nixpkgs-unstable 0.3.1 pkgs.python313Packages.swisshydrodata Python client to get data from the Swiss federal Office for Environment FEON nixos-unstable ??? nixpkgs-unstable 0.3.1 Package maintainers: 12 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @pyrox0 Pyrox <pyrox@pyrox.dev> @tholoo Ali Mohammadzadeh <ali0mhmz@gmail.com> @tanya1866 Tanya Arora <tanyaarora@tutamail.com> @orivej Orivej Desh <orivej@gmx.fr> @NickCao Nick Cao <nickcao@nichi.co> @teutat3s teutat3s <teutates@mailbox.org> @mguentner Maximilian Güntner <code@mguentner.de> @fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com> @D4ndellion Daniel Olsen <daniel@dodsorf.as> @Ma27 Maximilian Bosch <maximilian@mbosch.me> @Br1ght0ne Oleksii Filonenko <brightone@protonmail.com> CVE-2025-52826 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 weeks, 1 day ago WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. sala =<1.1.3 pkgs.python312Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python313Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python312Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable ??? nixpkgs-unstable 8.9.20250723145140 pkgs.python313Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable ??? nixpkgs-unstable 8.9.20250723145140 Package maintainers: 2 @veprbl Dmitry Kalinkin <veprbl@gmail.com> @gador Florian Brandes <florian.brandes@posteo.de> CVE-2025-52816 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 weeks, 1 day ago WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita allows PHP Local File Inclusion. This issue affects Zita: from n/a through 1.6.5. zita =<1.6.5 pkgs.zitadel Identity and access management platform nixos-unstable ??? nixpkgs-unstable 2.71.7 pkgs.zita-at1 Autotuner Jack application to correct the pitch of vocal tracks nixos-unstable ??? nixpkgs-unstable at1-0.8.2 pkgs.zita-ajbridge Connect additional ALSA devices to JACK nixos-unstable ??? nixpkgs-unstable 0.8.4 pkgs.zita-njbridge Command line Jack clients to transmit full quality multichannel audio over a local IP network nixos-unstable ??? nixpkgs-unstable 0.4.8 pkgs.zitadel-tools Helper tools for zitadel nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.zita-alsa-pcmi Successor of clalsadrv, provides easy access to ALSA PCM devices nixos-unstable ??? nixpkgs-unstable 0.6.1 pkgs.zita-convolver Convolution library by Fons Adriaensen nixos-unstable ??? nixpkgs-unstable 4.0.3 pkgs.zita-resampler Resample library by Fons Adriaensen nixos-unstable ??? nixpkgs-unstable 1.11.2 Package maintainers: 3 @orivej Orivej Desh <orivej@gmx.fr> @magnetophon Bart Brouns <bart@magnetophon.nl> @nrabulinski Nikodem Rabuliński <1337-nix@nrab.lol> CVE-2025-53331 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5. rss-digest =<1.5 pkgs.matcha-rss-digest Daily digest generator from a list of RSS feeds nixos-unstable ??? nixpkgs-unstable 0.7.1 Package maintainers: 1 @foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
CVE-2025-5351 4.2 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 4 weeks, 1 day ago Libssh: double free vulnerability in libssh key export functions A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed. rhcos libssh libssh2 pkgs.libssh SSH client library nixos-unstable ??? nixpkgs-unstable 0.11.2 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixpkgs-unstable 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-unstable ??? nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixpkgs-unstable 1.11.1
pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-unstable ??? nixpkgs-unstable libssh2
CVE-2024-9453 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 4 weeks, 1 day ago Jenkins-image: sensitive data disclosure when using openshift jenkins image A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. jenkins pkgs.jenkins Extendable open source continuous integration server nixos-unstable ??? nixpkgs-unstable 2.516.2 pkgs.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2 pkgs.python312Packages.jenkinsapi Python API for accessing resources on a Jenkins continuous-integration server nixos-unstable ??? nixpkgs-unstable 0.3.14 pkgs.python313Packages.jenkinsapi Python API for accessing resources on a Jenkins continuous-integration server nixos-unstable ??? nixpkgs-unstable 0.3.14 pkgs.python312Packages.python-jenkins Python bindings for the remote Jenkins API nixos-unstable ??? nixpkgs-unstable 1.8.3 pkgs.python313Packages.python-jenkins Python bindings for the remote Jenkins API nixos-unstable ??? nixpkgs-unstable 1.8.3 pkgs.python312Packages.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2 pkgs.python313Packages.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2 Package maintainers: 8 @gador Florian Brandes <florian.brandes@posteo.de> @earldouglas James Earl Douglas <james@earldouglas.com> @NeQuissimus Tim Steinbach <tim@nequissimus.com> @Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com> @drets Dmytro Rets <dmitryrets@gmail.com> @despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com> @de11n Elliot Cameron <nixpkgs-commits@deshaw.com> @invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
pkgs.jenkins Extendable open source continuous integration server nixos-unstable ??? nixpkgs-unstable 2.516.2
pkgs.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2
pkgs.python312Packages.jenkinsapi Python API for accessing resources on a Jenkins continuous-integration server nixos-unstable ??? nixpkgs-unstable 0.3.14
pkgs.python313Packages.jenkinsapi Python API for accessing resources on a Jenkins continuous-integration server nixos-unstable ??? nixpkgs-unstable 0.3.14
pkgs.python312Packages.python-jenkins Python bindings for the remote Jenkins API nixos-unstable ??? nixpkgs-unstable 1.8.3
pkgs.python313Packages.python-jenkins Python bindings for the remote Jenkins API nixos-unstable ??? nixpkgs-unstable 1.8.3
pkgs.python312Packages.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2
pkgs.python313Packages.jenkins-job-builder Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git nixos-unstable ??? nixpkgs-unstable 6.4.2
CVE-2025-5372 5.0 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago Libssh: incorrect return code handling in ssh_kdf() in libssh A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. rhcos libssh libssh2 pkgs.libssh SSH client library nixos-unstable ??? nixpkgs-unstable 0.11.2 pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixpkgs-unstable 1.11.1 pkgs.haskellPackages.libssh libssh bindings nixos-unstable ??? nixpkgs-unstable 0.1.0.0 pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2 pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-unstable ??? nixpkgs-unstable libssh2 Package maintainers: 3 @geluk Johan Geluk <johan+nix@geluk.io> @svanderburg Sander van der Burg <s.vanderburg@tudelft.nl> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
pkgs.libssh2 Client-side C library implementing the SSH2 protocol nixos-unstable ??? nixpkgs-unstable 1.11.1
pkgs.python312Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh Python bindings to client functionality of libssh specific to Ansible use case nixos-unstable ??? nixpkgs-unstable 1.2.2
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2 Test whether libssh2-1.11.1 exposes pkg-config modules libssh2 nixos-unstable ??? nixpkgs-unstable libssh2
CVE-2025-52799 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1. lms =<9.1 pkgs.lms Lightweight Music Server - Access your self-hosted music using a web interface nixos-unstable ??? nixpkgs-unstable 3.69.0 pkgs.flmsg Digital modem message program nixos-unstable ??? nixpkgs-unstable 4.0.23 pkgs.helmsman Helm Charts (k8s applications) as Code tool nixos-unstable ??? nixpkgs-unstable 4.0.1 pkgs.lmstudio LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs) nixos-unstable ??? nixpkgs-unstable 0.3.25-2 pkgs.python312Packages.calmsize Take a number of bytes and return a human-readable string nixos-unstable ??? nixpkgs-unstable 0.1.3 pkgs.python313Packages.calmsize Take a number of bytes and return a human-readable string nixos-unstable ??? nixpkgs-unstable 0.1.3 pkgs.python312Packages.dlms-cosem Python module to parse DLMS/COSEM nixos-unstable ??? nixpkgs-unstable 25.1.0 pkgs.python313Packages.dlms-cosem Python module to parse DLMS/COSEM nixos-unstable ??? nixpkgs-unstable 25.1.0 pkgs.python312Packages.llama-index-llms-ollama LlamaIndex LLMS Integration for ollama nixos-unstable ??? nixpkgs-unstable 0.7.1 pkgs.python312Packages.llama-index-llms-openai LlamaIndex LLMS Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.5.4 pkgs.python313Packages.llama-index-llms-ollama LlamaIndex LLMS Integration for ollama nixos-unstable ??? nixpkgs-unstable 0.7.1 pkgs.python313Packages.llama-index-llms-openai LlamaIndex LLMS Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.5.4 pkgs.python312Packages.llama-index-llms-openai-like LlamaIndex LLMS Integration for OpenAI like nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python313Packages.llama-index-llms-openai-like LlamaIndex LLMS Integration for OpenAI like nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python312Packages.llama-index-multi-modal-llms-openai LlamaIndex Multi-Modal-Llms Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.6.0 pkgs.python313Packages.llama-index-multi-modal-llms-openai LlamaIndex Multi-Modal-Llms Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.6.0 Package maintainers: 7 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @jherland Johan Herland <johan@herland.net> @dysinger Tim Dysinger <tim@dysinger.net> @sarcasticadmin Robert James Hernandez <rob@sarcasticadmin.com> @Lynty Lynn Dong <ltdong93+nix@gmail.com> @mksafavi MK Safavi <mksafavi@gmail.com> @crertel Chris Ertel <chris@kedagital.com>
pkgs.lms Lightweight Music Server - Access your self-hosted music using a web interface nixos-unstable ??? nixpkgs-unstable 3.69.0
pkgs.lmstudio LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs) nixos-unstable ??? nixpkgs-unstable 0.3.25-2
pkgs.python312Packages.calmsize Take a number of bytes and return a human-readable string nixos-unstable ??? nixpkgs-unstable 0.1.3
pkgs.python313Packages.calmsize Take a number of bytes and return a human-readable string nixos-unstable ??? nixpkgs-unstable 0.1.3
pkgs.python312Packages.dlms-cosem Python module to parse DLMS/COSEM nixos-unstable ??? nixpkgs-unstable 25.1.0
pkgs.python313Packages.dlms-cosem Python module to parse DLMS/COSEM nixos-unstable ??? nixpkgs-unstable 25.1.0
pkgs.python312Packages.llama-index-llms-ollama LlamaIndex LLMS Integration for ollama nixos-unstable ??? nixpkgs-unstable 0.7.1
pkgs.python312Packages.llama-index-llms-openai LlamaIndex LLMS Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.5.4
pkgs.python313Packages.llama-index-llms-ollama LlamaIndex LLMS Integration for ollama nixos-unstable ??? nixpkgs-unstable 0.7.1
pkgs.python313Packages.llama-index-llms-openai LlamaIndex LLMS Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.5.4
pkgs.python312Packages.llama-index-llms-openai-like LlamaIndex LLMS Integration for OpenAI like nixos-unstable ??? nixpkgs-unstable 0.5.0
pkgs.python313Packages.llama-index-llms-openai-like LlamaIndex LLMS Integration for OpenAI like nixos-unstable ??? nixpkgs-unstable 0.5.0
pkgs.python312Packages.llama-index-multi-modal-llms-openai LlamaIndex Multi-Modal-Llms Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.6.0
pkgs.python313Packages.llama-index-multi-modal-llms-openai LlamaIndex Multi-Modal-Llms Integration for OpenAI nixos-unstable ??? nixpkgs-unstable 0.6.0
CVE-2025-53338 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. replace =<0.2.1 pkgs.replace Tool to replace verbatim strings nixos-unstable ??? nixpkgs-unstable 2.24 pkgs.fireplace Cozy fireplace in your terminal nixos-unstable ??? nixpkgs-unstable 0-unstable-2020-02-02 pkgs.qsreplace Accept URLs on stdin, replace all query string values with a user-supplied value nixos-unstable ??? nixpkgs-unstable 0.0.3 pkgs.replacement Tool to execute yaml templates and output text nixos-unstable ??? nixpkgs-unstable 0.4.4 pkgs.replace-secret Replace a string in one file with a secret from a second file nixos-unstable ??? nixpkgs-unstable pkgs.haskellPackages.replace-attoparsec Find, replace, split string patterns with Attoparsec parsers (instead of regex) nixos-unstable ??? nixpkgs-unstable 1.5.0.0 pkgs.haskellPackages.replace-megaparsec Find, replace, split string patterns with Megaparsec parsers (instead of regex) nixos-unstable ??? nixpkgs-unstable 1.5.0.1 pkgs.haskellPackages.text-regex-replace Easy replacement when using text-icu regexes nixos-unstable ??? nixpkgs-unstable 0.1.1.5 pkgs.tests.substitute.legacySingleReplace nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.succeeds nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.succeeds nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-on-directory nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-build-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-check-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-on-directory nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.succeeds-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-build-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.succeeds-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-check-phase-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVars.fails-in-check-phase-with-bad-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-exemption nixos-unstable ??? nixpkgs-unstable pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-bad-exemption nixos-unstable ??? nixpkgs-unstable Package maintainers: 5 @maralorn maralorn <mail@maralorn.de> @multivac61 multivac61 <olafur@genkiinstruments.com> @averagebit averagebit <averagebit@pm.me> @talyz Kim Lindberger <kim.lindberger@gmail.com> @siriobalmelli Sirio Balmelli <sirio@b-ad.ch>
pkgs.fireplace Cozy fireplace in your terminal nixos-unstable ??? nixpkgs-unstable 0-unstable-2020-02-02
pkgs.qsreplace Accept URLs on stdin, replace all query string values with a user-supplied value nixos-unstable ??? nixpkgs-unstable 0.0.3
pkgs.replacement Tool to execute yaml templates and output text nixos-unstable ??? nixpkgs-unstable 0.4.4
pkgs.replace-secret Replace a string in one file with a secret from a second file nixos-unstable ??? nixpkgs-unstable
pkgs.haskellPackages.replace-attoparsec Find, replace, split string patterns with Attoparsec parsers (instead of regex) nixos-unstable ??? nixpkgs-unstable 1.5.0.0
pkgs.haskellPackages.replace-megaparsec Find, replace, split string patterns with Megaparsec parsers (instead of regex) nixos-unstable ??? nixpkgs-unstable 1.5.0.1
pkgs.haskellPackages.text-regex-replace Easy replacement when using text-icu regexes nixos-unstable ??? nixpkgs-unstable 0.1.1.5
pkgs.tests.replaceVars.replaceVars.fails-in-check-phase-with-exemption nixos-unstable ??? nixpkgs-unstable
pkgs.tests.replaceVars.replaceVars.fails-in-check-phase-with-bad-exemption nixos-unstable ??? nixpkgs-unstable
pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-exemption nixos-unstable ??? nixpkgs-unstable
pkgs.tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-bad-exemption nixos-unstable ??? nixpkgs-unstable
CVE-2025-53200 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 4 weeks, 1 day ago WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. chatbot =<6.7.3 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-unstable ??? nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-unstable ??? nixpkgs-unstable 22
CVE-2025-31428 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. hydro =<2.8 pkgs.hydrogen Advanced drum machine nixos-unstable ??? nixpkgs-unstable 1.2.6 pkgs.hydroxide Third-party, open-source ProtonMail bridge nixos-unstable ??? nixpkgs-unstable 0.2.30 pkgs.libhydrogen Lightweight, secure, easy-to-use crypto library suitable for constrained environments nixos-unstable ??? nixpkgs-unstable 0-unstable-2025-04-06 pkgs.tau-hydrogen GTK icon theme for tauOS nixos-unstable ??? nixpkgs-unstable 1.0.16 pkgs.fishPlugins.hydro Ultra-pure, lag-free prompt with async Git status nixos-unstable ??? nixpkgs-unstable 0-unstable-2024-11-02 pkgs.hydrogen-web-unwrapped Lightweight matrix client with legacy and mobile browser support nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python312Packages.hydrogram Asynchronous Telegram MTProto API framework for fluid user and bot interactions nixos-unstable ??? nixpkgs-unstable 0.2.0 pkgs.python313Packages.hydrogram Asynchronous Telegram MTProto API framework for fluid user and bot interactions nixos-unstable ??? nixpkgs-unstable 0.2.0 pkgs.haskellPackages.hydrogen-version Hydrogen Version Type nixos-unstable ??? nixpkgs-unstable 1.4 pkgs.python312Packages.swisshydrodata Python client to get data from the Swiss federal Office for Environment FEON nixos-unstable ??? nixpkgs-unstable 0.3.1 pkgs.python313Packages.swisshydrodata Python client to get data from the Swiss federal Office for Environment FEON nixos-unstable ??? nixpkgs-unstable 0.3.1 Package maintainers: 12 @fabaff Fabian Affolter <mail@fabian-affolter.ch> @pyrox0 Pyrox <pyrox@pyrox.dev> @tholoo Ali Mohammadzadeh <ali0mhmz@gmail.com> @tanya1866 Tanya Arora <tanyaarora@tutamail.com> @orivej Orivej Desh <orivej@gmx.fr> @NickCao Nick Cao <nickcao@nichi.co> @teutat3s teutat3s <teutates@mailbox.org> @mguentner Maximilian Güntner <code@mguentner.de> @fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com> @D4ndellion Daniel Olsen <daniel@dodsorf.as> @Ma27 Maximilian Bosch <maximilian@mbosch.me> @Br1ght0ne Oleksii Filonenko <brightone@protonmail.com>
pkgs.libhydrogen Lightweight, secure, easy-to-use crypto library suitable for constrained environments nixos-unstable ??? nixpkgs-unstable 0-unstable-2025-04-06
pkgs.fishPlugins.hydro Ultra-pure, lag-free prompt with async Git status nixos-unstable ??? nixpkgs-unstable 0-unstable-2024-11-02
pkgs.hydrogen-web-unwrapped Lightweight matrix client with legacy and mobile browser support nixos-unstable ??? nixpkgs-unstable 0.5.0
pkgs.python312Packages.hydrogram Asynchronous Telegram MTProto API framework for fluid user and bot interactions nixos-unstable ??? nixpkgs-unstable 0.2.0
pkgs.python313Packages.hydrogram Asynchronous Telegram MTProto API framework for fluid user and bot interactions nixos-unstable ??? nixpkgs-unstable 0.2.0
pkgs.python312Packages.swisshydrodata Python client to get data from the Swiss federal Office for Environment FEON nixos-unstable ??? nixpkgs-unstable 0.3.1
pkgs.python313Packages.swisshydrodata Python client to get data from the Swiss federal Office for Environment FEON nixos-unstable ??? nixpkgs-unstable 0.3.1
CVE-2025-52826 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 weeks, 1 day ago WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. sala =<1.1.3 pkgs.python312Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python313Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.python312Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable ??? nixpkgs-unstable 8.9.20250723145140 pkgs.python313Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable ??? nixpkgs-unstable 8.9.20250723145140 Package maintainers: 2 @veprbl Dmitry Kalinkin <veprbl@gmail.com> @gador Florian Brandes <florian.brandes@posteo.de>
pkgs.python312Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable ??? nixpkgs-unstable 0.5.0
pkgs.python313Packages.datasalad Pure-Python library with a collection of utilities for working with Git and git-annex nixos-unstable ??? nixpkgs-unstable 0.5.0
pkgs.python312Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable ??? nixpkgs-unstable 8.9.20250723145140
pkgs.python313Packages.schema-salad Semantic Annotations for Linked Avro Data nixos-unstable ??? nixpkgs-unstable 8.9.20250723145140
CVE-2025-52816 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 weeks, 1 day ago WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita allows PHP Local File Inclusion. This issue affects Zita: from n/a through 1.6.5. zita =<1.6.5 pkgs.zitadel Identity and access management platform nixos-unstable ??? nixpkgs-unstable 2.71.7 pkgs.zita-at1 Autotuner Jack application to correct the pitch of vocal tracks nixos-unstable ??? nixpkgs-unstable at1-0.8.2 pkgs.zita-ajbridge Connect additional ALSA devices to JACK nixos-unstable ??? nixpkgs-unstable 0.8.4 pkgs.zita-njbridge Command line Jack clients to transmit full quality multichannel audio over a local IP network nixos-unstable ??? nixpkgs-unstable 0.4.8 pkgs.zitadel-tools Helper tools for zitadel nixos-unstable ??? nixpkgs-unstable 0.5.0 pkgs.zita-alsa-pcmi Successor of clalsadrv, provides easy access to ALSA PCM devices nixos-unstable ??? nixpkgs-unstable 0.6.1 pkgs.zita-convolver Convolution library by Fons Adriaensen nixos-unstable ??? nixpkgs-unstable 4.0.3 pkgs.zita-resampler Resample library by Fons Adriaensen nixos-unstable ??? nixpkgs-unstable 1.11.2 Package maintainers: 3 @orivej Orivej Desh <orivej@gmx.fr> @magnetophon Bart Brouns <bart@magnetophon.nl> @nrabulinski Nikodem Rabuliński <1337-nix@nrab.lol>
pkgs.zita-at1 Autotuner Jack application to correct the pitch of vocal tracks nixos-unstable ??? nixpkgs-unstable at1-0.8.2
pkgs.zita-njbridge Command line Jack clients to transmit full quality multichannel audio over a local IP network nixos-unstable ??? nixpkgs-unstable 0.4.8
pkgs.zita-alsa-pcmi Successor of clalsadrv, provides easy access to ALSA PCM devices nixos-unstable ??? nixpkgs-unstable 0.6.1
CVE-2025-53331 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 4 weeks, 1 day ago WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5. rss-digest =<1.5 pkgs.matcha-rss-digest Daily digest generator from a list of RSS feeds nixos-unstable ??? nixpkgs-unstable 0.7.1 Package maintainers: 1 @foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
pkgs.matcha-rss-digest Daily digest generator from a list of RSS feeds nixos-unstable ??? nixpkgs-unstable 0.7.1