Nixpkgs security tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Permalink CVE-2025-52629
3.7 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    15 packages
    • python312Packages.aionut
    • python313Packages.aionut
    • python314Packages.aionut
    • python312Packages.aiontfy
    • python313Packages.aiontfy
    • python314Packages.aiontfy
    • python312Packages.aionotion
    • python313Packages.aionotion
    • python314Packages.aionotion
    • python312Packages.aionanoleaf
    • python313Packages.aionanoleaf
    • python314Packages.aionanoleaf
    • python312Packages.electrum-aionostr
    • python313Packages.electrum-aionostr
    • python314Packages.electrum-aionostr
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.

Affected products

AION
  • ==2.0
Ignored packages (15) 
Not present in nixpkgs
Permalink CVE-2025-52627
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Physical (P)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Physical (P)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    15 packages
    • python312Packages.aionut
    • python313Packages.aionut
    • python314Packages.aionut
    • python312Packages.aiontfy
    • python313Packages.aiontfy
    • python314Packages.aiontfy
    • python312Packages.aionotion
    • python313Packages.aionotion
    • python314Packages.aionotion
    • python312Packages.aionanoleaf
    • python313Packages.aionanoleaf
    • python314Packages.aionanoleaf
    • python312Packages.electrum-aionostr
    • python313Packages.electrum-aionostr
    • python314Packages.electrum-aionostr
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

Affected products

AION
  • ==2.0
Ignored packages (15) 
Not present in nixpkgs
Permalink CVE-2025-15328
5.0 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    5 packages
    • haskellPackages.wai-enforce-https
    • python312Packages.lm-format-enforcer
    • python313Packages.lm-format-enforcer
    • python314Packages.lm-format-enforcer
    • vimPlugins.nvim-treesitter-parsers.enforce
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Tanium addressed an improper link resolution before file access vulnerability in Enforce.

Tanium addressed an improper link resolution before file access vulnerability in Enforce.

References

Affected products

Enforce
  • <2.8.544
  • <2.7.314
Ignored packages (5) 
Not present in nixpkgs
Permalink CVE-2025-15289
3.1 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    20 packages
    • bash
    • interactsh
    • bashInteractive
    • gawkInteractive
    • coqPackages.ITree
    • bashInteractiveFHS
    • sqlite-interactive
    • texinfoInteractive
    • interactive-html-bom
    • kotlin-interactive-shell
    • perlPackages.IOInteractive
    • git-interactive-rebase-tool
    • perl538Packages.IOInteractive
    • perl540Packages.IOInteractive
    • perlPackages.IOInteractiveTiny
    • azure-cli-extensions.interactive
    • perl538Packages.IOInteractiveTiny
    • perl540Packages.IOInteractiveTiny
    • ocamlPackages.janeStreet.async_interactive
    • ocamlPackages_latest.janeStreet.async_interactive
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Tanium addressed an improper access controls vulnerability in Interact.

Tanium addressed an improper access controls vulnerability in Interact.

References

Affected products

Interact
  • <3.1.337
  • <3.2.185
  • <3.5.90
Ignored packages (20)

pkgs.interactsh

Out of bounds interaction gathering server and client library

pkgs.bashInteractive

GNU Bourne-Again Shell, the de facto standard shell on Linux (for interactive use)

pkgs.bashInteractiveFHS

GNU Bourne-Again Shell, the de facto standard shell on Linux (for interactive use)

pkgs.sqlite-interactive

Self-contained, serverless, zero-configuration, transactional SQL database engine

pkgs.interactive-html-bom

Interactive HTML BOM generation for KiCad, EasyEDA, Eagle, Fusion360 and Allegro PCB designer

Not present in nixpkgs
Permalink CVE-2025-15324
6.6 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored package engage 4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Tanium addressed a local privilege escalation vulnerability in Engage.

Tanium addressed a documentation issue in Engage.

References

Affected products

Engage
  • <1.3.37
  • <1.6.193
Ignored packages (1)

pkgs.engage

Task runner with DAG-based parallelism

Not present in nixpkgs
Permalink CVE-2020-37140
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    4 packages
    • everest
    • neverest
    • everest-bin
    • everest-mons
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Everest 5.50.2100 - 'Open File' Denial of Service

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.

Affected products

Everest
  • ==5.50.2100
Ignored packages (4)

pkgs.everest

Celeste mod loader (don't install; use celestegame instead)

  • nixos-unstable 6157
    • nixpkgs-unstable 6157
    • nixos-unstable-small 6157

pkgs.everest-bin

Celeste mod loader (don't install; use celestegame instead)

  • nixos-unstable 6157
    • nixpkgs-unstable 6157
    • nixos-unstable-small 6157

pkgs.everest-mons

Commandline Everest installer and mod manager for Celeste

Not present in nixpkgs also known as AIDA64
Permalink CVE-2025-15341
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    17 packages
    • gbenchmark
    • mqtt-benchmark
    • memtier-benchmark
    • rubyPackages.benchmark
    • ocamlPackages.benchmark
    • rubyPackages_3_1.benchmark
    • rubyPackages_3_2.benchmark
    • rubyPackages_3_3.benchmark
    • rubyPackages_3_4.benchmark
    • rubyPackages_4_0.benchmark
    • ocamlPackages_latest.benchmark
    • haskellPackages.benchmark-function
    • python312Packages.pytest-benchmark
    • python313Packages.pytest-benchmark
    • python314Packages.pytest-benchmark
    • haskellPackages.hashtable-benchmark
    • chickenPackages_5.chickenEggs.micro-benchmark
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Benchmark.

Tanium addressed an incorrect default permissions vulnerability in Benchmark.

References

Affected products

Benchmark
  • <2.12.82
  • <2.9.188
  • <2.7.98
Ignored packages (17) 
Not present in nixpkgs
Permalink CVE-2025-15343
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    5 packages
    • haskellPackages.wai-enforce-https
    • python312Packages.lm-format-enforcer
    • python313Packages.lm-format-enforcer
    • python314Packages.lm-format-enforcer
    • vimPlugins.nvim-treesitter-parsers.enforce
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Enforce.

Tanium addressed an incorrect default permissions vulnerability in Enforce.

References

Affected products

Enforce
  • <2.9.574
  • <2.7.367
  • <2.8.601
Ignored packages (5) 
Not present in nixpkgs
Permalink CVE-2025-15336
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    15 packages
    • portfolio
    • passmark-performancetest
    • rubyPackages.rubocop-performance
    • rubyPackages.standard-performance
    • libretro.bsnes-mercury-performance
    • rubyPackages_3_1.rubocop-performance
    • rubyPackages_3_2.rubocop-performance
    • rubyPackages_3_3.rubocop-performance
    • rubyPackages_3_4.rubocop-performance
    • rubyPackages_4_0.rubocop-performance
    • rubyPackages_3_1.standard-performance
    • rubyPackages_3_2.standard-performance
    • rubyPackages_3_3.standard-performance
    • rubyPackages_3_4.standard-performance
    • rubyPackages_4_0.standard-performance
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Performance.

Tanium addressed an incorrect default permissions vulnerability in Performance.

References

Affected products

Performance
  • <1.22.288
  • <1.17.134
  • <1.21.141
Ignored packages (15)

pkgs.portfolio

Simple tool to calculate the overall performance of an investment portfolio

pkgs.passmark-performancetest

Software tool that allows everybody to quickly assess the performance of their computer and compare it to a number of standard 'baseline' computer systems

Not present in nixpkgs
Permalink CVE-2025-15340
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 4 months, 2 weeks ago by @jopejoe1 Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @jopejoe1 ignored
    3 packages
    • python314Packages.complycube
    • python313Packages.complycube
    • python312Packages.complycube
    4 months, 2 weeks ago
  • @jopejoe1 dismissed 4 months, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Comply.

Tanium addressed an incorrect default permissions vulnerability in Comply.

References

Affected products

Comply
  • <2.24.159
  • <2.29.124
  • <2.32.155
Ignored packages (3) 
Not present in nixpkgs