Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-49251
8.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 6 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored
    33 packages
    • grafana
    • grafanactl
    • mcp-grafana
    • grafana-loki
    • grafana-alloy
    • grafana-kiosk
    • grafana-to-ntfy
    • grafana-dash-n-grab
    • dhallPackages.dhall-grafana
    • terraform-providers.grafana
    • python312Packages.grafanalib
    • python313Packages.grafanalib
    • haskellPackages.amazonka-grafana
    • grafanaPlugins.grafana-oncall-app
    • grafanaPlugins.grafana-clock-panel
    • grafanaPlugins.grafana-pyroscope-app
    • grafanaPlugins.grafana-googlesheets-datasource
    • grafanaPlugins.grafana-opensearch-datasource
    • grafanaPlugins.grafana-clickhouse-datasource
    • python313Packages.types-aiobotocore-grafana
    • python312Packages.types-aiobotocore-grafana
    • grafanaPlugins.grafana-metricsdrilldown-app
    • grafanaPlugins.grafana-discourse-datasource
    • grafanaPlugins.grafana-sentry-datasource
    • grafanaPlugins.grafana-github-datasource
    • grafanaPlugins.grafana-exploretraces-app
    • grafanaPlugins.grafana-mqtt-datasource
    • grafanaPlugins.grafana-lokiexplore-app
    • grafanaPlugins.grafana-worldmap-panel
    • grafanaPlugins.grafana-polystat-panel
    • grafanaPlugins.grafana-piechart-panel
    • python313Packages.mypy-boto3-grafana
    • python312Packages.mypy-boto3-grafana
    6 months, 3 weeks ago
  • @LeSuisse dismissed 6 months, 3 weeks ago
WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. This issue affects Fana: from n/a through 1.1.28.

Affected products

fana
  • =<1.1.28
Ignored packages (33)

pkgs.grafana

Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB

  • nixos-unstable -

pkgs.grafanactl

Tool designed to simplify interaction with Grafana instances

  • nixos-unstable -

pkgs.mcp-grafana

MCP server for Grafana

  • nixos-unstable -

pkgs.grafana-loki

Like Prometheus, but for logs

  • nixos-unstable -

pkgs.grafana-alloy

Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles

  • nixos-unstable -

pkgs.grafana-dash-n-grab

Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities

  • nixos-unstable -

pkgs.grafanaPlugins.grafana-pyroscope-app

Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data

  • nixos-unstable -