Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-69167

8.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 3 days, 12 hours ago by @LeSuisse Activity log

Created suggestion 3 days, 16 hours ago
@LeSuisse dismissed (not in Nixpkgs) 3 days, 12 hours ago

WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Eros <= 1.3 versions.

References

https://patchstack.com/database/wordpress/theme/eros/vulnerability/wordpress-er… vdb-entry

Affected products

eros

=<1.3

Matching in nixpkgs

pkgs.erosmb

SMB network scanner

nixos-unstable 0.1.5
- nixpkgs-unstable 0.1.5
- nixos-unstable-small 0.1.5
nixos-26.05 -
- nixos-26.05-small 0.1.5
- nixpkgs-26.05-darwin 0.1.5

pkgs.khmeros

None

nixos-unstable 5.0
- nixos-unstable-small 5.0
nixos-26.05 -
- nixos-26.05-small 5.0
- nixpkgs-26.05-darwin 5.0

pkgs.aerospace

i3-like tiling window manager for macOS

nixos-unstable 0.20.3-Beta
- nixpkgs-unstable 0.20.3-Beta
- nixos-unstable-small 0.20.3-Beta
nixos-26.05 -
- nixos-26.05-small 0.20.3-Beta
- nixpkgs-26.05-darwin 0.20.3-Beta

pkgs.aerospike

Flash-optimized, in-memory, NoSQL database

nixos-unstable 8.0.0.10
- nixpkgs-unstable 8.0.0.10
- nixos-unstable-small 8.0.0.10
nixos-26.05 -
- nixos-26.05-small 8.0.0.10
- nixpkgs-26.05-darwin 8.0.0.10

pkgs.tex-gyre.heros

None

nixos-unstable 2.004
- nixpkgs-unstable 2.004
- nixos-unstable-small 2.004
nixos-26.05 -
- nixos-26.05-small 2.004
- nixpkgs-26.05-darwin 2.004

pkgs.python313Packages.kerberos

Kerberos high-level interface

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-26.05 -
- nixos-26.05-small 1.3.1
- nixpkgs-26.05-darwin 1.3.1

pkgs.python314Packages.kerberos

Kerberos high-level interface

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-26.05 -
- nixos-26.05-small 1.3.1
- nixpkgs-26.05-darwin 1.3.1

pkgs.python313Packages.meross-iot

Python library to interact with Meross devices

nixos-unstable 0.4.10.4
- nixpkgs-unstable 0.4.10.4
- nixos-unstable-small 0.4.10.4
nixos-26.05 -
- nixos-26.05-small 0.4.10.4
- nixpkgs-26.05-darwin 0.4.10.4

pkgs.python313Packages.pykerberos

High-level interface to Kerberos

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4
nixos-26.05 -
- nixos-26.05-small 1.2.4
- nixpkgs-26.05-darwin 1.2.4

pkgs.python314Packages.meross-iot

Python library to interact with Meross devices

nixos-unstable 0.4.10.4
- nixpkgs-unstable 0.4.10.4
- nixos-unstable-small 0.4.10.4
nixos-26.05 -
- nixos-26.05-small 0.4.10.4
- nixpkgs-26.05-darwin 0.4.10.4

pkgs.python314Packages.pykerberos

High-level interface to Kerberos

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4
nixos-26.05 -
- nixos-26.05-small 1.2.4
- nixpkgs-26.05-darwin 1.2.4

pkgs.terraform-providers.routeros

None

nixos-unstable 1.99.1
- nixpkgs-unstable 1.99.1
- nixos-unstable-small 1.99.1
nixos-26.05 -
- nixos-26.05-small 1.99.1
- nixpkgs-26.05-darwin 1.99.1

pkgs.python313Packages.aerosandbox

Aircraft design optimization made fast through modern automatic differentiation

nixos-unstable 4.2.8
- nixpkgs-unstable 4.2.8
- nixos-unstable-small 4.2.8
nixos-26.05 -
- nixos-26.05-small 4.2.8
- nixpkgs-26.05-darwin 4.2.8

pkgs.python313Packages.librouteros

Python implementation of the MikroTik RouterOS API

nixos-unstable 3.4.1
- nixpkgs-unstable 3.4.1
- nixos-unstable-small 3.4.1
nixos-26.05 -
- nixos-26.05-small 3.4.1
- nixpkgs-26.05-darwin 3.4.1

pkgs.python314Packages.aerosandbox

Aircraft design optimization made fast through modern automatic differentiation

nixos-unstable 4.2.8
- nixpkgs-unstable 4.2.8
- nixos-unstable-small 4.2.8
nixos-26.05 -
- nixos-26.05-small 4.2.8
- nixpkgs-26.05-darwin 4.2.8

pkgs.python314Packages.librouteros

Python implementation of the MikroTik RouterOS API

nixos-unstable 3.4.1
- nixpkgs-unstable 3.4.1
- nixos-unstable-small 3.4.1
nixos-26.05 -
- nixos-26.05-small 3.4.1
- nixpkgs-26.05-darwin 3.4.1

pkgs.gnomeExtensions.kerberos-login

None

nixos-unstable 20
- nixos-unstable-small 20
nixos-26.05 -
- nixos-26.05-small 20
- nixpkgs-26.05-darwin 20

pkgs.python313Packages.minikerberos

Kerberos manipulation library in Python

nixos-unstable 0.4.9
- nixpkgs-unstable 0.4.9
- nixos-unstable-small 0.4.9
nixos-26.05 -
- nixos-26.05-small 0.4.9
- nixpkgs-26.05-darwin 0.4.9

pkgs.python313Packages.routeros-api

Python API to RouterBoard devices produced by MikroTik

nixos-unstable 0.21.0
- nixpkgs-unstable 0.21.0
- nixos-unstable-small 0.21.0
nixos-26.05 -
- nixos-26.05-small 0.21.0
- nixpkgs-26.05-darwin 0.21.0

pkgs.python314Packages.minikerberos

Kerberos manipulation library in Python

nixos-unstable 0.4.9
- nixpkgs-unstable 0.4.9
- nixos-unstable-small 0.4.9
nixos-26.05 -
- nixos-26.05-small 0.4.9
- nixpkgs-26.05-darwin 0.4.9

pkgs.python314Packages.routeros-api

Python API to RouterBoard devices produced by MikroTik

nixos-unstable 0.21.0
- nixpkgs-unstable 0.21.0
- nixos-unstable-small 0.21.0
nixos-26.05 -
- nixos-26.05-small 0.21.0
- nixpkgs-26.05-darwin 0.21.0

pkgs.python313Packages.requests-kerberos

Authentication handler for using Kerberos with Python Requests

nixos-unstable 0.15.0
- nixpkgs-unstable 0.15.0
- nixos-unstable-small 0.15.0
nixos-26.05 -
- nixos-26.05-small 0.15.0
- nixpkgs-26.05-darwin 0.15.0

pkgs.python314Packages.requests-kerberos

Authentication handler for using Kerberos with Python Requests

nixos-unstable 0.15.0
- nixpkgs-unstable 0.15.0
- nixos-unstable-small 0.15.0
nixos-26.05 -
- nixos-26.05-small 0.15.0
- nixpkgs-26.05-darwin 0.15.0

pkgs.haskellPackages.authenticate-kerberos

None

nixos-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 -
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.vscode-extensions.teros-technology.teroshdl

Visual Studio Code extension for HDL developments (SystemVerilog/Verilog/VHDL)

nixos-unstable 7.0.3
- nixpkgs-unstable 7.0.3
- nixos-unstable-small 7.0.3
nixos-26.05 -
- nixos-26.05-small 7.0.3
- nixpkgs-26.05-darwin 7.0.3

pkgs.terraform-providers.terraform-routeros_routeros

None

nixos-unstable 1.99.1
- nixpkgs-unstable 1.99.1
- nixos-unstable-small 1.99.1
nixos-26.05 -
- nixos-26.05-small 1.99.1
- nixpkgs-26.05-darwin 1.99.1

Package maintainers

@alexandru0-dev Alexandru Nechita <alexandru.italia32+nixpkgs@gmail.com>
@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@Sigmanificient Yohann Boniface <sigmanificient@gmail.com>
@quentinmit Quentin Smith <quentin@mit.edu>
@lheintzmann1 Lucas Heintzmann <lheintzmann1@disroot.org>

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-42611

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 2 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 1 month, 2 weeks ago

Improper certificate validation in multiple RouterOS services

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X), among others. The vulnerability lies in shared certificate validation logic which uses the system certificate store that is shared and equally trusted by all system services. This causes confusion of scope, allowing any certificate authority present in the system-wide trust store to be trusted in any context (with some exceptions), allowing partial or full authentication bypass in CAPsMAN, OpenVPN, Dot1X and potentially others.

References

https://www.cert.si/en/cve-2025-42611/ third-party-advisorygovernment-resource

Affected products

RouterOS

=<7.20.x

Matching in nixpkgs

pkgs.terraform-providers.routeros

None

nixos-unstable 1.99.1
- nixpkgs-unstable 1.99.1
- nixos-unstable-small 1.99.1

pkgs.python312Packages.librouteros

None

pkgs.python313Packages.librouteros

Python implementation of the MikroTik RouterOS API

nixos-unstable 3.4.1
- nixpkgs-unstable 3.4.1
- nixos-unstable-small 3.4.1

pkgs.python314Packages.librouteros

Python implementation of the MikroTik RouterOS API

nixos-unstable 3.4.1
- nixpkgs-unstable 3.4.1
- nixos-unstable-small 3.4.1

pkgs.python312Packages.routeros-api

None

pkgs.python313Packages.routeros-api

Python API to RouterBoard devices produced by MikroTik

nixos-unstable 0.21.0
- nixpkgs-unstable 0.21.0
- nixos-unstable-small 0.21.0

pkgs.python314Packages.routeros-api

Python API to RouterBoard devices produced by MikroTik

nixos-unstable 0.21.0
- nixpkgs-unstable 0.21.0
- nixos-unstable-small 0.21.0

pkgs.terraform-providers.terraform-routeros_routeros

None

nixos-unstable 1.99.1
- nixpkgs-unstable 1.99.1
- nixos-unstable-small 1.99.1

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@quentinmit Quentin Smith <quentin@mit.edu>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-7668

7.3 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Workaround (W)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 2 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 1 month, 2 weeks ago

MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-360804 | MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds technical-descriptionvdb-entry
VDB-360804 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #798623 | MikroTik RouterOS 6.49.8 Out-of-Bounds Read third-party-advisory
https://github.com/ezio315/cve/issues/4 issue-trackingexploit

Affected products

RouterOS

==6.49.8

Matching in nixpkgs

pkgs.terraform-providers.routeros

None

nixos-unstable 1.99.1
- nixpkgs-unstable 1.99.1
- nixos-unstable-small 1.99.1

pkgs.python312Packages.librouteros

None

pkgs.python313Packages.librouteros

Python implementation of the MikroTik RouterOS API

nixos-unstable 3.4.1
- nixpkgs-unstable 3.4.1
- nixos-unstable-small 3.4.1

pkgs.python314Packages.librouteros

Python implementation of the MikroTik RouterOS API

nixos-unstable 3.4.1
- nixpkgs-unstable 3.4.1
- nixos-unstable-small 3.4.1

pkgs.python312Packages.routeros-api

None

pkgs.python313Packages.routeros-api

Python API to RouterBoard devices produced by MikroTik

nixos-unstable 0.21.0
- nixpkgs-unstable 0.21.0
- nixos-unstable-small 0.21.0

pkgs.python314Packages.routeros-api

Python API to RouterBoard devices produced by MikroTik

nixos-unstable 0.21.0
- nixpkgs-unstable 0.21.0
- nixos-unstable-small 0.21.0

pkgs.terraform-providers.terraform-routeros_routeros

None

nixos-unstable 1.99.1
- nixpkgs-unstable 1.99.1
- nixos-unstable-small 1.99.1

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@quentinmit Quentin Smith <quentin@mit.edu>

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-15101

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 months, 3 weeks ago

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in …

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.