Nixpkgs security tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Dismissed
(exclusively hosted service)
Permalink CVE-2026-35428
9.6 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (exclusively hosted service) suggestion 2 weeks, 4 days ago
Azure Cloud Shell Spoofing Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

References

Affected products

Azure Cloud Shell
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-35435
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (exclusively hosted service) suggestion 2 weeks, 4 days ago
Azure AI Foundry Elevation of Privilege Vulnerability

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

Affected products

Azure AI Foundry
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-33109
9.9 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (exclusively hosted service) suggestion 2 weeks, 4 days ago
Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

Affected products

Azure Managed Instance for Apache Cassandra
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-33823
9.6 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (exclusively hosted service) suggestion 2 weeks, 4 days ago
Microsoft Team Events Portal Information Disclosure Vulnerability

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

Affected products

Microsoft Teams
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-34327
8.2 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 2 weeks, 4 days ago Activity log
  • Created & dismissed (exclusively hosted service) suggestion 2 weeks, 4 days ago
Microsoft Partner Center Spoofing Vulnerability

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

References

Affected products

Microsoft Partner Center
  • ==-
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-0300
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 5 days ago
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Affected products

PAN-OS
  • <11.2.12
  • <12.1.7
  • <10.2.18-h6
  • <11.1.15
Cloud NGFW
  • ==All
Prisma Access
  • ==All

Matching in nixpkgs

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-40562
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 5 days ago
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

Affected products

Gazelle
  • =<0.49

Matching in nixpkgs

pkgs.bazel-gazelle

Gazelle is a Bazel build file generator for Bazel projects. It natively supports Go and protobuf, and it may be extended to support new languages and custom rule sets.

pkgs.gazelle-origin

Tool for generating origin files using the API of Gazelle-based torrent trackers

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2025-47405
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago
Untrusted Pointer Dereference in Camera

Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

Affected products

Snapdragon
  • ==Snapdragon XR2+ Gen 1 Platform
  • ==FastConnect 7800
  • ==IQX5121
  • ==SC8380XP
  • ==IQX7181
  • ==Snapdragon XR2 5G Platform
  • ==QCA0000
  • ==WSA8815
  • ==WSA8845H
  • ==FastConnect 6900
  • ==WSA8845
  • ==WCD9385
  • ==WSA8840
  • ==SD865 5G
  • ==WCD9380
  • ==WSA8810

Matching in nixpkgs

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-25266
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago
Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state.

Affected products

Snapdragon
  • ==X2000092
  • ==X2000090
  • ==FastConnect 7800
  • ==WSA8840
  • ==XG101039
  • ==WSA8835
  • ==WCN7861
  • ==XG101032
  • ==X2000094
  • ==WSA8845H
  • ==WCD9380
  • ==X2000086
  • ==WSA8832
  • ==Snapdragon AR1 Gen 1 Platform
  • ==WSA8845
  • ==WCD9378C
  • ==WSA8830
  • ==Cologne
  • ==XG101002
  • ==SC8380XP
  • ==X2000077
  • ==FastConnect 6900
  • ==WCD9385
  • ==WCN7880

Matching in nixpkgs

Dismissed
(not in Nixpkgs)
Permalink CVE-2025-47407
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

Affected products

Snapdragon
  • ==WCD9395
  • ==SM8845P
  • ==SM6475Q
  • ==SW5100P
  • ==Snapdragon 460 Mobile Platform
  • ==WSA8815
  • ==Snapdragon 8 Elite Gen 5
  • ==XRV9209
  • ==SAR2130P
  • ==WCN7861
  • ==WCN6755
  • ==SXR2250P
  • ==XRV7209
  • ==QCS4290
  • ==WCN3980
  • ==QXM1086
  • ==SW5100
  • ==WCD9375
  • ==SM6450P
  • ==CQ8725S
  • ==Themisto
  • ==WSA8850
  • ==Pandeiro
  • ==Snapdragon 8 Elite
  • ==SM7435
  • ==WCN7881
  • ==FastConnect 6200
  • ==FastConnect 6900
  • ==QCM2290
  • ==QMP1000
  • ==Snapdragon XR2 5G Platform
  • ==Snapdragon 685 4G Mobile Platform
  • ==Orne
  • ==X1E80100
  • ==WSA8835
  • ==Netrani
  • ==QPA1083BD
  • ==WCN3988
  • ==SD865 5G
  • ==Snapdragon AR1+ Gen 1 Platform
  • ==SM7635P
  • ==Palawan25
  • ==QLN1086BD
  • ==FastConnect 6700
  • ==QMB715
  • ==WCN3950
  • ==WSA8832
  • ==WCD9378
  • ==WSA8845
  • ==QXM1093
  • ==SM6225P
  • ==WCD9370
  • ==Snapdragon 662 Mobile Platform
  • ==WCD9385
  • ==WCN7860
  • ==SM6850
  • ==WSA8810
  • ==SD662
  • ==QXM1096
  • ==SM8735P
  • ==SXR2330P
  • ==QMP2001
  • ==QXM1095
  • ==Snapdragon 4 Gen 2 Mobile Platform
  • ==QCS2290
  • ==WSA8850W
  • ==WSA8830
  • ==QPA1086BD
  • ==Snapdragon XR2+ Gen 1 Platform
  • ==SC8380XP
  • ==WCN7880
  • ==CQ7790
  • ==Snapdragon Wear Elite platform
  • ==QXM1094
  • ==FastConnect 7800
  • ==WSA8855C
  • ==WCN7760
  • ==WSA8840
  • ==SAR1165P
  • ==SM7435P
  • ==SM6475P
  • ==QXM1083
  • ==Snapdragon W5+ Gen 1 Wearable Platform
  • ==QLN1083BD
  • ==WSA8845H
  • ==WCN6450
  • ==WCD9380
  • ==Snapdragon 6 Gen 1 Mobile Platform
  • ==Molokai
  • ==SXR2230P
  • ==Snapdragon 680 4G Mobile Platform
  • ==Qualcomm Video Collaboration VC1 Platform
  • ==G2 Gen 1
  • ==SM8750P
  • ==Qualcomm Video Collaboration VC3 Platform
  • ==QCM4325
  • ==Snapdragon 7 Gen 4 Mobile Platform
  • ==SXR2350P
  • ==Snapdragon 6 Gen 3 Mobile Platform
  • ==QCA6391

Matching in nixpkgs