Nixpkgs Security Tracker

Permalink CVE-2025-58806

updated 3 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed
6 packages
- haskellPackages.bugsnag
- python312Packages.bugsnag
- python313Packages.bugsnag
- haskellPackages.bugsnag-hs
- haskellPackages.bugsnag-wai
- haskellPackages.bugsnag-yesod
3 months ago
@LeSuisse dismissed 3 months ago

WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3.

Affected products

bugsnag

=<1.6.3

Permalink CVE-2025-58801

updated 3 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed package responder 3 months ago
@LeSuisse dismissed 3 months ago

WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8.

Affected products

responder

=<4.3.8

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Permalink CVE-2025-58820

updated 3 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed package haskellPackages.data-carousel 3 months ago
@LeSuisse dismissed 3 months ago

WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8.

Affected products

carousel

=<1.8

Permalink CVE-2025-58822

updated 3 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed package wordpressPackages.plugins.wp-mail-smtp 3 months ago
@LeSuisse dismissed 3 months ago

WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3.

Affected products

wp-mail

=<1.3

Permalink CVE-2025-54709

updated 3 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed
4 packages
- python312Packages.datasalad
- python313Packages.datasalad
- python312Packages.schema-salad
- python313Packages.schema-salad
3 months ago
@LeSuisse dismissed 3 months ago

WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6.

Affected products

sala

=<1.1.6

Package maintainers

@gador Florian Brandes <florian.brandes@posteo.de>
@veprbl Dmitry Kalinkin <veprbl@gmail.com>

Permalink CVE-2025-58997

updated 3 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed
8 packages
- libmowgli
- python312Packages.aioautomower
- python313Packages.aioautomower
- python312Packages.automower-ble
- python313Packages.automower-ble
- home-assistant-component-tests.lawn_mower
- home-assistant-component-tests.husqvarna_automower
- home-assistant-component-tests.husqvarna_automower_ble
3 months ago
@LeSuisse dismissed 3 months ago

WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.

Affected products

mow

=<4.10

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@dotlambda Robert Schütz <rschuetz17@gmail.com>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>

Permalink CVE-2025-58993

updated 3 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed
6 packages
- haskellPackages.timeless-tutorials
- typstPackages.tutor_0_8_0
- typstPackages.tutor_0_7_0
- typstPackages.tutor_0_6_1
- typstPackages.tutor_0_4_0
- typstPackages.tutor_0_3_0
3 months ago
@LeSuisse dismissed 3 months ago

WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4.

Affected products

tutor

=<3.7.4

Package maintainers

@cherrypiejam Gongqi Huang

Permalink CVE-2025-57924

updated 3 months ago by @mweinelt Activity log

Created automatic suggestion 4 months, 1 week ago
@mweinelt removed package darwin.developer_cmds 3 months ago
@mweinelt dismissed 3 months ago

WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6.

Affected products

developer

=<1.2.6

Package maintainers

@emilazy Emily <nixpkgs@emily.moe>
@toonn Toon Nolten <nixpkgs@toonn.io>
@reckenrode Randy Eckenrode <randy@largeandhighquality.com>

Permalink CVE-2025-58199

updated 3 months ago by @mweinelt Activity log

Created automatic suggestion 4 months, 1 week ago
@mweinelt removed
3 packages
- fastly
- prometheus-fastly-exporter
- terraform-providers.fastly
3 months ago
@mweinelt dismissed 3 months ago

WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28.

Affected products

fastly

=<1.2.28

Package maintainers

@ereslibre Rafael Fernández López <ereslibre@ereslibre.es>
@despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>
@invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
@de11n Elliot Cameron <nixpkgs-commits@deshaw.com>

Permalink CVE-2025-57996

updated 3 months ago by @mweinelt Activity log

Created automatic suggestion 4 months, 1 week ago
@mweinelt removed
3 packages
- buckets
- python312Packages.bucketstore
- python313Packages.bucketstore
3 months ago
@mweinelt dismissed 3 months ago

WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9.

Affected products

buckets

=<0.3.9

Package maintainers

@kmogged Kevin
@jpetrucciani Jacobi Petrucciani <j@cobi.dev>

Dismissed suggestions

Affected products

Affected products

Package maintainers

Affected products

Affected products

Affected products

Package maintainers

Affected products

Package maintainers

Affected products

Package maintainers

Affected products

Package maintainers

Affected products

Package maintainers

Affected products

Package maintainers