Nixpkgs Security Tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for a revision.

Permalink CVE-2025-58245
updated 3 months ago by @mweinelt Activity log
  • Created automatic suggestion 4 months, 1 week ago
  • @mweinelt removed
    2 packages
    • traderepublic-portfolio-downloader
    • portfolio-filemanager
    3 months ago
  • @mweinelt dismissed 3 months ago
WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58.

Affected products

portfolio
  • =<2.58

Package maintainers

Permalink CVE-2025-58244
updated 3 months ago by @mweinelt Activity log
  • Created automatic suggestion 4 months, 1 week ago
  • @mweinelt removed package akkuPackages.cyclone-iset-constructors 3 months ago
  • @mweinelt dismissed 3 months ago
WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9.

Affected products

constructo
  • =<4.3.9
Permalink CVE-2025-58020
updated 3 months ago by @mweinelt Activity log
  • Created automatic suggestion 4 months, 1 week ago
  • @mweinelt removed package haskellPackages.theatre-dev 3 months ago
  • @mweinelt dismissed 3 months ago
WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8.

Affected products

theatre
  • =<0.18.8
Permalink CVE-2025-58652
updated 3 months ago by @mweinelt Activity log
  • Created automatic suggestion 4 months, 1 week ago
  • @mweinelt removed package haskellPackages.data-carousel 3 months ago
  • @mweinelt dismissed 3 months ago
WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8.

Affected products

carousel
  • =<1.8