Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-47408

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

Untrusted Pointer Dereference in Power Optimization Firmware

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bul…

Affected products

Snapdragon

==FastConnect 7800
==IQX7181
==Snapdragon XR2 5G Platform
==WSA8815
==WSA8840
==WSA8810
==SM6250
==WSA8845H
==Snapdragon 7c Compute Platform
==SD865 5G
==WCD9380
==IQX5121
==QCA0000
==WSA8845
==Snapdragon XR2+ Gen 1 Platform
==SC8380XP
==FastConnect 6200
==FastConnect 6900
==WCD9385
==Snapdragon 7c Gen 2 Compute Platform "Rennell Pro"

Matching in nixpkgs

pkgs.snapdragon-profiler

Profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-26332

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.

References

https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95 x_refsource_CONFIRMexploit
https://github.com/patriksimek/vm2/releases/tag/v3.11.0 x_refsource_MISC

Affected products

vm2

==< 3.11.0

Matching in nixpkgs

pkgs.lvm2

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.lvm2_vdo

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.lvm2_dmeventd

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.docker-machine-kvm2

KVM2 driver for docker-machine

nixos-25.11 kvm2-1.37.0
- nixos-25.11-small kvm2-1.37.0
- nixpkgs-25.11-darwin kvm2-1.37.0

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@ajs124 Andreas Schrägle <nix@ajs124.de>
@AtkinsChang Atkins Chang <atkinschang+nixpkgs@gmail.com>
@tadfisher Tad Fisher <tadfisher@gmail.com>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-42138

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

Dify Vulnerable to Stored XSS via SVG-file upload

Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue has been patched in version 1.13.1.

References

https://github.com/langgenius/dify/security/advisories/GHSA-cg94-8v83-7hjj x_refsource_CONFIRMexploit
https://github.com/langgenius/dify/releases/tag/1.13.1 x_refsource_MISC

Affected products

dify

==< 1.13.1

Matching in nixpkgs

pkgs.speedify

Use multiple internet connections in parallel

nixos-unstable 15.8.2-12611
- nixpkgs-unstable 15.8.2-12611
- nixos-unstable-small 15.8.2-12611
nixos-25.11 15.8.2-12611
- nixos-25.11-small 15.8.2-12611
- nixpkgs-25.11-darwin 15.8.2-12611

pkgs.gomodifytags

Go tool to modify struct field tags

nixos-unstable 1.17.0
- nixpkgs-unstable 1.17.0
- nixos-unstable-small 1.17.0
nixos-25.11 1.17.0
- nixos-25.11-small 1.17.0
- nixpkgs-25.11-darwin 1.17.0

pkgs.haskellPackages.swizzle-modify

Swizzle modify functions

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixos-25.11-small 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

Package maintainers

@vdemeester Vincent Demeester <vincent@sbr.pm>
@zahrun Zahrun <zahrun@murena.io>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-42076

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3.

References

https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53 x_refsource_CONFIRM
https://github.com/EvoMap/evolver/releases/tag/v1.69.3 x_refsource_MISC

Affected products

evolver

==< 1.69.3

Matching in nixpkgs

pkgs.revolver

Progress spinner for ZSH scripts

nixos-unstable 0.2.4-unstable-2020-09-30
- nixpkgs-unstable 0.2.4-unstable-2020-09-30
- nixos-unstable-small 0.2.4-unstable-2020-09-30
nixos-25.11 0.2.4-unstable-2020-09-30
- nixos-25.11-small 0.2.4-unstable-2020-09-30
- nixpkgs-25.11-darwin 0.2.4-unstable-2020-09-30

Package maintainers

@d-brasher D. Brasher

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-47404

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): Low (L)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

Buffer Copy Without Checking Size of Input in Automotive Audio

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bul…

Affected products

Snapdragon

==Snapdragon X53 5G Modem-RF System
==FastConnect 6800
==Snapdragon X72 5G Modem-RF System
==Snapdragon X35 5G Modem-RF System
==WCD9335
==WCD9395
==SW5100P
==WSA8815
==Snapdragon 460 Mobile Platform
==Snapdragon 4 Gen 1 Mobile Platform
==SA8295P
==WCN7861
==SA6155
==SA8155P
==WCN6755
==Flight RB5 5G Platform
==Snapdragon 865 5G Mobile Platform
==SXR2250P
==SA2150P
==LeMans_AU_LGIT
==SM7550P
==Milos
==Snapdragon 660 Mobile Platform
==WCN3990
==QCS4290
==SA8255P
==Kalpeni
==WCN3980
==SA8145P
==SW5100
==WCD9375
==QCA6564A
==QCN9012
==WCN7881
==FastConnect 6200
==FastConnect 6900
==FWA Gen 3 Ultra Platform
==QCA8081
==QCA9367
==SM7325P
==Snapdragon 7c+ Gen 3 Compute
==Snapdragon 7s Gen 3 Mobile Platform
==QCM2290
==WCD9341
==Snapdragon 480 5G Mobile Platform
==Smart Audio 400 Platform
==Snapdragon X75 5G Modem-RF System
==QCM5430
==SM8550P
==Snapdragon 888 5G Mobile Platform
==QCA6698AU
==Snapdragon XR2 5G Platform
==WCD9371
==Snapdragon 685 4G Mobile Platform
==QFW7124
==WSA8835
==QCN6274
==QCS8550
==SA8155
==Snapdragon 6 Gen 4 Mobile Platform
==LeMansAU
==Snapdragon 778G+ 5G Mobile Platform
==WCN3988
==SD865 5G
==QCA8337
==SM7635P
==Snapdragon 865+ 5G Mobile Platform
==Snapdragon 690 5G Mobile Platform
==Snapdragon Auto 5G Modem-RF Gen 2
==FastConnect 6700
==AR8031
==SA6145P
==QCA6564AU
==Qualcomm 215 Mobile Platform
==SA6155P
==WCN3950
==C-V2X 9150
==WSA8832
==QCN9011
==WCD9378
==WSA8845
==QCA8695AU
==QCA2066
==QCA6688AQ
==SM6225P
==Robotics RB2 Platform
==Snapdragon 8 Gen 3 Mobile Platform
==WCD9370
==Snapdragon X55 5G Modem-RF System
==Snapdragon 662 Mobile Platform
==WCD9385
==MDM9250
==SM8635
==QCA6696
==SRV1H
==SDA660
==Snapdragon X32 5G Modem-RF System
==SM7525
==Robotics RB5 Platform
==Milos_IOT
==WSA8810
==SD662
==QCA6595AU
==SA4150P
==SA6150P
==QCA6797AQ
==SM7675P
==QCA6574A
==Snapdragon 8 Gen 2 Mobile Platform
==WCN3680B
==SXR2330P
==QCA6574
==QCN6224
==QFW7114
==QAMSRV1M
==G3x Gen 2
==QCS2290
==Snapdragon 480+ 5G Mobile Platform
==WCN3660B
==WSA8830
==QEP8111
==SA7255P
==Snapdragon XR2+ Gen 1 Platform
==QCM6490
==WCD9390
==QAM8255P
==Snapdragon 8+ Gen 2 Mobile Platform
==Snapdragon X12 LTE Modem
==QCA6174A
==SA8195P
==SM8635P
==CSRA6620
==G1 Gen 1
==5G Fixed Wireless Access Platform
==SM8650Q
==AR8035
==SM6650P
==FastConnect 7800
==WCD9326
==QCS6690
==Snapdragon 778G 5G Mobile Platform
==QRB5165M
==SnapdragonAuto 4GModem
==WCD9360
==WCN6650
==WSA8840
==Snapdragon 888+ 5G Mobile Platform
==Snapdragon 870 5G Mobile Platform
==Snapdragon Auto 5G Modem-RF
==WCN3910
==QAMSRV1H
==QCA9377
==SRV1M
==SA8770P
==Snapdragon W5+ Gen 1 Wearable Platform
==QCC710
==Qualcomm Video Collaboration VC5 Platform
==WCN6450
==WSA8845H
==QCA6595
==QAM8295P
==SA8620P
==WCD9380
==SXR2230P
==QCA6698AQ
==Snapdragon 680 4G Mobile Platform
==Snapdragon 695 5G Mobile Platform
==QCM6125
==Qualcomm Video Collaboration VC1 Platform
==SA9000P
==QCA6574AU
==SM7675
==SA7775P
==SA4155P
==Qualcomm Video Collaboration VC3 Platform
==WCN3615
==SM7550
==QCM4325
==SA8150P
==QCA6584AU
==QCA6678AQ
==SXR2350P
==CSRA6640
==WCD9340
==QCA6391
==MDM9628
==Snapdragon 782G Mobile Platform
==QRB5165N

Matching in nixpkgs

pkgs.snapdragon-profiler

Profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-26956

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

vm2: WASM Sandbox Escape (Node 25 only)

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.

References

https://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66 x_refsource_CONFIRM
https://github.com/patriksimek/vm2/releases/tag/v3.10.5 x_refsource_MISC

Affected products

vm2

=== 3.10.4

Matching in nixpkgs

pkgs.lvm2

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.lvm2_vdo

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.lvm2_dmeventd

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.docker-machine-kvm2

KVM2 driver for docker-machine

nixos-25.11 kvm2-1.37.0
- nixos-25.11-small kvm2-1.37.0
- nixpkgs-25.11-darwin kvm2-1.37.0

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@ajs124 Andreas Schrägle <nix@ajs124.de>
@AtkinsChang Atkins Chang <atkinschang+nixpkgs@gmail.com>
@tadfisher Tad Fisher <tadfisher@gmail.com>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-24781

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.

References

https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c x_refsource_CONFIRM
https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189 x_refsource_MISC
https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c x_refsource_MISC
https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228 x_refsource_MISC
https://github.com/patriksimek/vm2/releases/tag/v3.11.0 x_refsource_MISC

Affected products

vm2

==< 3.11.0

Matching in nixpkgs

pkgs.lvm2

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.lvm2_vdo

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.lvm2_dmeventd

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.38
- nixpkgs-unstable 2.03.38
- nixos-unstable-small 2.03.38
nixos-25.11 2.03.35
- nixos-25.11-small 2.03.35
- nixpkgs-25.11-darwin 2.03.35

pkgs.docker-machine-kvm2

KVM2 driver for docker-machine

nixos-25.11 kvm2-1.37.0
- nixos-25.11-small kvm2-1.37.0
- nixpkgs-25.11-darwin kvm2-1.37.0

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@ajs124 Andreas Schrägle <nix@ajs124.de>
@AtkinsChang Atkins Chang <atkinschang+nixpkgs@gmail.com>
@tadfisher Tad Fisher <tadfisher@gmail.com>

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-47401

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Adjacent (A)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Adjacent (A)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

Buffer Over-read in WLAN HAL

Transient DOS when processing target power rate tables during channel configuration.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bul…

Affected products

Snapdragon

==Snapdragon X72 5G Modem-RF System
==X2000090
==Snapdragon X35 5G Modem-RF System
==IQX7181
==WCD9395
==SM8845P
==SM6475Q
==WSA8815
==QCN9160
==XRV9209
==Snapdragon 8 Elite Gen 5
==SA8295P
==SAR2130P
==WCN7861
==SA8155P
==WCN6755
==Flight RB5 5G Platform
==SXR2250P
==LeMans_AU_LGIT
==IPQ5332
==SM7550P
==XRV7209
==Milos
==IPQ9008
==Immersive Home 3210 Platform
==SA8255P
==QAM8397P
==QCF8001
==SDX61
==IPQ5302
==Immersive Home 326 Platform
==QXM1086
==CQ8750M
==WCD9375
==SM6450P
==CQ8725S
==QCA8111
==QCA8075
==QCN9012
==QCN9024
==QCA8085
==QCN5154
==WSA8850
==Pandeiro
==XG101002
==Snapdragon 8 Elite
==SM7435
==Snapdragon X65 5G Modem-RF System
==FastConnect 6200
==SA510M
==FastConnect 6900
==FWA Gen 3 Ultra Platform
==QCA8081
==Snapdragon 7s Gen 3 Mobile Platform
==WCN7881
==Monaco_IOT
==QCF8000
==Snapdragon X75 5G Modem-RF System
==QMP1000
==QCM5430
==SM8550P
==Snapdragon 888 5G Mobile Platform
==QCA8084
==WCD9371
==QCN9000
==Orne
==QFW7124
==X1E80100
==XG101039
==WSA8835
==Netrani
==QCN6274
==QCS8550
==QCA8080
==XG101032
==SM8425
==LeMansAU
==Snapdragon 6 Gen 4 Mobile Platform
==QPA1083BD
==Networking Pro 810 Platform
==IPQ9574
==Snapdragon 8+ Gen 1 Mobile Platform
==WCN3988
==Snapdragon AR1+ Gen 1 Platform
==QCA8337
==SM7635P
==Snapdragon Auto 5G Modem-RF Gen 2
==Palawan25
==FastConnect 6700
==QLN1086BD
==QCA6564AU
==QMB715
==QCA6554A
==SA6155P
==IQ8 Series Platform
==WCN3950
==QCA0000
==WSA8832
==QCN9011
==Snapdragon AR1 Gen 1 Platform
==WCD9378
==QCA8695AU
==WCD9378C
==QXM1093
==QCA2066
==WSA8845
==QCA6688AQ
==Snapdragon 8 Gen 3 Mobile Platform
==QCA8082
==WCD9370
==WCD9385
==QCA8102
==QCN6412
==QCN6024
==SM8635
==QMB415
==X2000092
==QCA6696
==Snapdragon 7+ Gen 2 Mobile Platform
==WCN7860
==QCA8384
==SM6850
==SRV1H
==Snapdragon X32 5G Modem-RF System
==SM7525
==Snapdragon 7 Gen 1 Mobile Platform
==Robotics RB5 Platform
==QCA6787AQ
==Networking Pro 1200 Platform
==Milos_IOT
==QCA6777AQ
==Snapdragon 8cx Gen 3 Compute Platform
==WSA8810
==QCA6595AU
==QCA8386
==QCA6797AQ
==SM7675P
==QXM1096
==QCA6574A
==QCN9274
==QXM8083
==QCN6422
==Snapdragon 8 Gen 2 Mobile Platform
==SD 8 Gen1 5G
==SM8735P
==SXR2330P
==QCN6432
==QCA6574
==QCN6224
==QMP2001
==QXM1095
==Snapdragon 4 Gen 2 Mobile Platform
==X2000086
==Networking Pro 610 Platform
==IQX5121
==QFW7114
==QAMSRV1M
==QCN5224
==G3x Gen 2
==WSA8850W
==Networking Pro 1610 Platform
==WSA8830
==QEP8111
==Cologne
==QPA1086BD
==SA7255P
==SC8380XP
==QCA8385
==X2000077
==QCM6490
==QCA2064
==IPQ5312
==QAM8255P
==SW-only
==WCD9390
==WCN7880
==Snapdragon 8+ Gen 2 Mobile Platform
==CQ7790
==QCA2062
==QCA6174A
==SA8195P
==SM8635P
==SM8650Q
==QCN5124
==QXM1094
==AR8035
==IQ9 Series Platform
==SM6650P
==FastConnect 7800
==QCA8101
==WSA8855C
==WCN7760
==QCS6690
==QRB5165M
==WCN6650
==WSA8840
==QCS4490
==Snapdragon 888+ 5G Mobile Platform
==Snapdragon Auto 5G Modem-RF
==SAR1165P
==SM7435P
==QAMSRV1H
==IPQ9570
==SM6475P
==SRV1M
==SA8770P
==Snapdragon X62 5G Modem-RF System
==QXM1083
==X2000094
==QCC710
==QLN1083BD
==WCN6450
==IPQ9554
==QCA6595
==SM8475P
==QAM8295P
==SA8620P
==Snapdragon 8 Gen 1 Mobile Platform
==WCD9380
==WSA8845H
==Snapdragon 6 Gen 1 Mobile Platform
==Molokai
==IPQ5300
==SXR2230P
==QCA6698AQ
==SA9000P
==G2 Gen 1
==SM8750P
==QCM4490
==QCA6574AU
==SM7675
==SA7775P
==Qualcomm Video Collaboration VC3 Platform
==SM7550
==Snapdragon 7 Gen 4 Mobile Platform
==QCA6584AU
==QCA8112
==Marina
==QCA6678AQ
==Networking Pro 1210 Platform
==QCN6402
==SXR2350P
==Snapdragon 6 Gen 3 Mobile Platform
==WCD9340
==QCA6391
==SM7425
==QCA2065
==IQ6 Series Platform
==QRB5165N

Matching in nixpkgs

pkgs.snapdragon-profiler

Profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Dismissed

(not in Nixpkgs)

Permalink CVE-2025-47403

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Adjacent (A)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Adjacent (A)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

Buffer Over-read in WLAN Firmware

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bul…

Affected products

Snapdragon

==Snapdragon X72 5G Modem-RF System
==X2000090
==QCN5054
==IQX7181
==WCD9395
==SM8845P
==NPro A8 Elite Platform
==SM6475Q
==WSA8815
==XRV9209
==Snapdragon 8 Elite Gen 5
==QCA9889
==SAR2130P
==Trestles
==WCN7861
==WCN6755
==SXR2250P
==LeMans_AU_LGIT
==IPQ5332
==SM7550P
==XRV7209
==Milos
==IPQ9008
==Immersive Home 3210 Platform
==SA8255P
==Networking Pro 400 Platform
==QAM8397P
==QCN6122
==QCF8001
==SDX61
==QCN5052
==IPQ5302
==Immersive Home 216 Platform
==Immersive Home 326 Platform
==Networking Pro 600 Platform
==CQ8750M
==QXM1086
==WCD9375
==QCC2076
==IPQ6018
==CQ8725S
==QCN9012
==QCA8075
==QCN9024
==SM6450P
==QCA8085
==QCN5154
==WSA8850
==Pandeiro
==XG101002
==QCN9003
==SM7435
==Snapdragon 8 Elite
==FastConnect 6200
==Snapdragon X65 5G Modem-RF System
==FastConnect 6900
==FWA Gen 3 Ultra Platform
==QCA8081
==Snapdragon 7s Gen 3 Mobile Platform
==WCN7881
==QCF8000
==Snapdragon X75 5G Modem-RF System
==QMP1000
==QCM5430
==SM8550P
==QCN9100
==QCA8084
==QCN9070
==WCD9371
==X2000094
==QCN6132
==QCN9000
==Orne
==QFW7124
==X1E80100
==XG101039
==WSA8835
==QCN6023
==Netrani
==QCN6274
==QCS8550
==QCA8080
==XG101032
==SM8425
==LeMansAU
==QCN5122
==Snapdragon 6 Gen 4 Mobile Platform
==Immersive Home 316 Platform
==QPA1083BD
==FWA Gen 5 Elite Platform
==Networking Pro 810 Platform
==IPQ9574
==QCN9022
==Snapdragon 8+ Gen 1 Mobile Platform
==WCN3988
==Snapdragon AR1+ Gen 1 Platform
==QCA8337
==QCA9888
==SM7635P
==Snapdragon Auto 5G Modem-RF Gen 2
==Palawan25
==FastConnect 6700
==QLN1086BD
==QCA6564AU
==QMB715
==QCA6554A
==QCC2073
==WCN3950
==WSA8832
==QCA0000
==IPQ5028
==QCN9011
==Snapdragon AR1 Gen 1 Platform
==WCD9378
==QCA8695AU
==WCD9378C
==QXM1093
==WSA8845
==QCA6688AQ
==Snapdragon 8 Gen 3 Mobile Platform
==QCA8082
==WCD9370
==WCD9385
==QCN6412
==QCN6024
==SM8635
==QMB415
==X2000092
==QCA6696
==Snapdragon 7+ Gen 2 Mobile Platform
==WCN7860
==SM6850
==IPQ6010
==QCA8072
==QCN5152
==SRV1H
==SM7525
==Snapdragon 7 Gen 1 Mobile Platform
==QCA6787AQ
==Networking Pro 1200 Platform
==Milos_IOT
==QCA6777AQ
==WSA8810
==Networking Pro 800 Platform
==QCA6595AU
==QCA8386
==QCA6797AQ
==QCN5024
==SM7675P
==QXM1096
==QCA6574A
==QCN9274
==QCN6422
==IPQ8078
==Snapdragon 8 Gen 2 Mobile Platform
==SD 8 Gen1 5G
==SM8735P
==SXR2330P
==QCN6432
==QCA6574
==QCN6224
==QMP2001
==QXM1095
==IPQ8076
==Snapdragon 4 Gen 2 Mobile Platform
==X2000086
==Networking Pro 610 Platform
==IQX5121
==QFW7114
==QAMSRV1M
==G3x Gen 2
==WSA8850W
==Networking Pro 1610 Platform
==WSA8830
==SA7255P
==Cologne
==QPA1086BD
==SC8380XP
==IPQ5010
==X2000077
==QCM6490
==IPQ5312
==QAM8255P
==WCD9390
==WCN7880
==Snapdragon 8+ Gen 2 Mobile Platform
==CQ7790
==QCA6174A
==SM8635P
==SM8650Q
==QCN5124
==CSR8811
==AR8035
==QXM1094
==SM6650P
==FastConnect 7800
==WSA8855C
==SDX65M
==WCN7760
==QCS6690
==Kobuk
==WCN6650
==WSA8840
==QCS4490
==SDX81
==SAR1165P
==SM7435P
==QAMSRV1H
==IPQ9570
==SM6475P
==SRV1M
==QCN5022
==SA8770P
==QXM1083
==Immersive Home 318 Platform
==Snapdragon X62 5G Modem-RF System
==QCC710
==QLN1083BD
==WCN6450
==IPQ9554
==QCA6595
==SM8475P
==Snapdragon 8 Gen 1 Mobile Platform
==SA8620P
==WSA8845H
==WCD9380
==Snapdragon 6 Gen 1 Mobile Platform
==Molokai
==IPQ5300
==SXR2230P
==QCA6698AQ
==IPQ6000
==QCN9002
==SA9000P
==G2 Gen 1
==SM8750P
==QCN9001
==QCN5164
==Immersive Home 214 Platform
==QCM4490
==QCA6574AU
==SM7675
==SA7775P
==Qualcomm Video Collaboration VC3 Platform
==SM7550
==Snapdragon 7 Gen 4 Mobile Platform
==QCA6584AU
==Marina
==QCA6678AQ
==Networking Pro 1210 Platform
==QCA4024
==QCN6402
==SXR2350P
==Snapdragon 6 Gen 3 Mobile Platform
==WCD9340
==QCA6391
==SM7425

Matching in nixpkgs

pkgs.snapdragon-profiler

Profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-42075

8.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 6 days ago

Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or create files in sensitive location. This issue has been patched in version 1.69.3.

References

https://github.com/EvoMap/evolver/security/advisories/GHSA-r466-rxw4-3j9j x_refsource_CONFIRMexploit
https://github.com/EvoMap/evolver/releases/tag/v1.69.3 x_refsource_MISC

Affected products

evolver

==< 1.69.3

Matching in nixpkgs

pkgs.revolver

Progress spinner for ZSH scripts

nixos-unstable 0.2.4-unstable-2020-09-30
- nixpkgs-unstable 0.2.4-unstable-2020-09-30
- nixos-unstable-small 0.2.4-unstable-2020-09-30
nixos-25.11 0.2.4-unstable-2020-09-30
- nixos-25.11-small 0.2.4-unstable-2020-09-30
- nixpkgs-25.11-darwin 0.2.4-unstable-2020-09-30

Package maintainers

@d-brasher D. Brasher

Dismissed suggestions

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.lvm2

pkgs.lvm2_vdo

pkgs.lvm2_dmeventd

pkgs.docker-machine-kvm2

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.speedify

pkgs.gomodifytags

pkgs.haskellPackages.swizzle-modify

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.revolver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.lvm2

pkgs.lvm2_vdo

pkgs.lvm2_dmeventd

pkgs.docker-machine-kvm2

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.lvm2

pkgs.lvm2_vdo

pkgs.lvm2_dmeventd

pkgs.docker-machine-kvm2

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.revolver

Package maintainers