Nixpkgs security tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Permalink CVE-2025-53242
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    10 packages
    • seilfahrt
    • abseil-cpp
    • abseil-cpp_202103
    • abseil-cpp_202301
    • abseil-cpp_202401
    • abseil-cpp_202407
    • abseil-cpp_202501
    • abseil-cpp_202505
    • python312Packages.pybind11-abseil
    • python313Packages.pybind11-abseil
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Seil Theme <= 1.7.1 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1.

Affected products

seil
  • =<<= 1.7.1
Ignored packages (10)

pkgs.seilfahrt

Tool to create a wiki page from a HedgeDoc

pkgs.abseil-cpp_202301

Open-source collection of C++ code designed to augment the C++ standard library

pkgs.abseil-cpp_202501

Open-source collection of C++ code designed to augment the C++ standard library

WP theme not present in nixpkgs
Permalink CVE-2025-49372
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    18 packages
    • happy
    • triggerhappy
    • haskellPackages.happy
    • haskellPackages.happy-dot
    • haskellPackages.happy-lib
    • haskellPackages.happy-meta
    • ocamlPackages.happy-eyeballs
    • haskellPackages.happy-arbitrary
    • ocamlPackages.happy-eyeballs-lwt
    • gnomeExtensions.happy-appy-hotkey
    • ocamlPackages.mimic-happy-eyeballs
    • python312Packages.aiohappyeyeballs
    • python313Packages.aiohappyeyeballs
    • ocamlPackages.happy-eyeballs-mirage
    • tests.testers.testBuildFailure.happy
    • tests.testers.testBuildFailure'.happy
    • tests.testers.testBuildFailure.happyStructuredAttrs
    • tests.testers.testBuildFailure'.happyStructuredAttrs
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.

Affected products

happy-helpdesk-support-ticket-system
  • =<<= 1.0.7
Ignored packages (18)

pkgs.happy

Happy is a parser generator for Haskell

WP plugin not present in nixpkgs
Permalink CVE-2025-66164
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    6 packages
    • python313Packages.toptica-lasersdk
    • python312Packages.toptica-lasersdk
    • haskellPackages.lasercutter
    • ooklaserver
    • dell-530cdn
    • brlaser
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1.

Affected products

laser
  • =<<= 1.1.1
Ignored packages (6)

pkgs.brlaser

CUPS driver for Brother laser printers

WP plugin not present in nixpkgs
Permalink CVE-2025-22509
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    17 packages
    • atlas
    • nim-atlas
    • atlassian-cli
    • ripe-atlas-tools
    • mongodb-atlas-cli
    • atlassian-plugin-sdk
    • haskellPackages.atlas
    • prometheus-atlas-exporter
    • python312Packages.chatlas
    • python313Packages.chatlas
    • terraform-providers.mongodbatlas
    • python312Packages.ripe-atlas-sagan
    • python313Packages.ripe-atlas-sagan
    • python312Packages.ripe-atlas-cousteau
    • python313Packages.ripe-atlas-cousteau
    • python312Packages.atlassian-python-api
    • python313Packages.atlassian-python-api
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Atlas theme <= 2.1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0.

Affected products

atlas
  • =<<= 2.1.0
Ignored packages (17)

pkgs.atlas

Manage your database schema as code

pkgs.atlassian-cli

Integrated family of CLI’s for various Atlassian applications

WP theme not present in nixpkgs
Permalink CVE-2025-58947
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    2 packages
    • python312Packages.pathos
    • python313Packages.pathos
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Athos theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9.

Affected products

athos
  • =<<= 1.9
Ignored packages (2) 
WP theme not present in nixpkgs
Permalink CVE-2025-58946
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    3 packages
    • typstPackages.unequivocal-ams_0_1_2
    • typstPackages.unequivocal-ams_0_1_1
    • typstPackages.unequivocal-ams_0_1_0
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Vocal theme <= 1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through <= 1.12.

Affected products

vocal
  • =<<= 1.12
Ignored packages (3) 
WP theme not present in nixpkgs
Permalink CVE-2025-64253
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    12 packages
    • health-check
    • grpc-health-check
    • python312Packages.django-health-check
    • python313Packages.django-health-check
    • rubyPackages.github-pages-health-check
    • python312Packages.grpcio-health-checking
    • python313Packages.grpcio-health-checking
    • rubyPackages_3_1.github-pages-health-check
    • rubyPackages_3_2.github-pages-health-check
    • rubyPackages_3_3.github-pages-health-check
    • rubyPackages_3_4.github-pages-health-check
    • rubyPackages_3_5.github-pages-health-check
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Health Check & Troubleshooting plugin <= 1.7.1 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.

Affected products

health-check
  • =<<= 1.7.1
Ignored packages (12) 
WP plugin not present in nixpkgs
Permalink CVE-2025-60050
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    25 packages
    • redpanda-client
    • python312Packages.pandas
    • python313Packages.pandas
    • python312Packages.biopandas
    • python312Packages.geopandas
    • python312Packages.pandantic
    • python312Packages.pandas-ta
    • python313Packages.biopandas
    • python313Packages.geopandas
    • python313Packages.pandantic
    • python313Packages.pandas-ta
    • python312Packages.pint-pandas
    • python313Packages.pint-pandas
    • python312Packages.pandas-stubs
    • python313Packages.pandas-stubs
    • python312Packages.awkward-pandas
    • python312Packages.netdata-pandas
    • python313Packages.awkward-pandas
    • python313Packages.netdata-pandas
    • python312Packages.geoarrow-pandas
    • python313Packages.geoarrow-pandas
    • pkgsRocm.python3Packages.pandantic
    • python312Packages.prometheus-pandas
    • python313Packages.prometheus-pandas
    • pkgsRocm.python3Packages.pandas-stubs
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Panda theme <= 1.21 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through <= 1.21.

Affected products

panda
  • =<<= 1.21
Ignored packages (25) 
WP theme not present in nixpkgs
Permalink CVE-2025-62014
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    5 packages
    • python313Packages.pypitoken
    • python312Packages.pypitoken
    • python313Packages.auditok
    • python312Packages.auditok
    • scitokens-cpp
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress ITok theme <= 1.1.42 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42.

Affected products

itok
  • =<<= 1.1.42
Ignored packages (5)

pkgs.scitokens-cpp

A C++ implementation of the SciTokens library with a C library interface

WP theme not present in nixpkgs
Permalink CVE-2025-53443
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    2 packages
    • l-smash
    • git-smash
    3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
WordPress Smash theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Smash smash allows PHP Local File Inclusion.This issue affects Smash: from n/a through <= 1.7.

Affected products

smash
  • =<<= 1.7
Ignored packages (2)

pkgs.git-smash

Smash staged changes into previous commits to support your Git workflow, pull request and feature branch maintenance

WP theme not present in nixpkgs