Nixpkgs Security Tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Permalink CVE-2025-15289
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed
    20 packages
    • bash
    • interactsh
    • bashInteractive
    • gawkInteractive
    • coqPackages.ITree
    • bashInteractiveFHS
    • sqlite-interactive
    • texinfoInteractive
    • interactive-html-bom
    • kotlin-interactive-shell
    • perlPackages.IOInteractive
    • git-interactive-rebase-tool
    • perl538Packages.IOInteractive
    • perl540Packages.IOInteractive
    • perlPackages.IOInteractiveTiny
    • azure-cli-extensions.interactive
    • perl538Packages.IOInteractiveTiny
    • perl540Packages.IOInteractiveTiny
    • ocamlPackages.janeStreet.async_interactive
    • ocamlPackages_latest.janeStreet.async_interactive
    1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
Tanium addressed an improper access controls vulnerability in Interact.

Tanium addressed an improper access controls vulnerability in Interact.

References

Affected products

Interact
  • <3.1.337
  • <3.5.90
  • <3.2.185 
Not present in nixpkgs
Permalink CVE-2025-15324
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed package engage 1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
Tanium addressed a local privilege escalation vulnerability in Engage.

Tanium addressed a documentation issue in Engage.

References

Affected products

Engage
  • <1.6.193
  • <1.3.37 
Not present in nixpkgs
Permalink CVE-2020-37140
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed
    4 packages
    • everest
    • neverest
    • everest-bin
    • everest-mons
    1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
Everest 5.50.2100 - 'Open File' Denial of Service

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.

References

Affected products

Everest
  • ==5.50.2100 
Not present in nixpkgs also known as AIDA64
Permalink CVE-2025-15341
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed
    17 packages
    • gbenchmark
    • mqtt-benchmark
    • memtier-benchmark
    • rubyPackages.benchmark
    • ocamlPackages.benchmark
    • rubyPackages_3_1.benchmark
    • rubyPackages_3_2.benchmark
    • rubyPackages_3_3.benchmark
    • rubyPackages_3_4.benchmark
    • rubyPackages_4_0.benchmark
    • ocamlPackages_latest.benchmark
    • haskellPackages.benchmark-function
    • python312Packages.pytest-benchmark
    • python313Packages.pytest-benchmark
    • python314Packages.pytest-benchmark
    • haskellPackages.hashtable-benchmark
    • chickenPackages_5.chickenEggs.micro-benchmark
    1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Benchmark.

Tanium addressed an incorrect default permissions vulnerability in Benchmark.

References

Affected products

Benchmark
  • <2.9.188
  • <2.12.82
  • <2.7.98 
Not present in nixpkgs
Permalink CVE-2025-15343
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed
    5 packages
    • haskellPackages.wai-enforce-https
    • python312Packages.lm-format-enforcer
    • python313Packages.lm-format-enforcer
    • python314Packages.lm-format-enforcer
    • vimPlugins.nvim-treesitter-parsers.enforce
    1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Enforce.

Tanium addressed an incorrect default permissions vulnerability in Enforce.

References

Affected products

Enforce
  • <2.7.367
  • <2.8.601
  • <2.9.574 
Not present in nixpkgs
Permalink CVE-2025-15336
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed
    15 packages
    • portfolio
    • passmark-performancetest
    • rubyPackages.rubocop-performance
    • rubyPackages.standard-performance
    • libretro.bsnes-mercury-performance
    • rubyPackages_3_1.rubocop-performance
    • rubyPackages_3_2.rubocop-performance
    • rubyPackages_3_3.rubocop-performance
    • rubyPackages_3_4.rubocop-performance
    • rubyPackages_4_0.rubocop-performance
    • rubyPackages_3_1.standard-performance
    • rubyPackages_3_2.standard-performance
    • rubyPackages_3_3.standard-performance
    • rubyPackages_3_4.standard-performance
    • rubyPackages_4_0.standard-performance
    1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Performance.

Tanium addressed an incorrect default permissions vulnerability in Performance.

References

Affected products

Performance
  • <1.17.134
  • <1.22.288
  • <1.21.141 
Not present in nixpkgs
Permalink CVE-2025-15340
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed
    3 packages
    • python314Packages.complycube
    • python313Packages.complycube
    • python312Packages.complycube
    1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
Tanium addressed an incorrect default permissions vulnerability in Comply.

Tanium addressed an incorrect default permissions vulnerability in Comply.

References

Affected products

Comply
  • <2.29.124
  • <2.24.159
  • <2.32.155 
Not present in nixpkgs
Permalink CVE-2024-56156
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed
    14 packages
    • eschalot
    • python312Packages.halo
    • python313Packages.halo
    • python314Packages.halo
    • typstPackages.whalogen
    • python312Packages.halohome
    • python313Packages.halohome
    • python314Packages.halohome
    • typstPackages.whalogen_0_1_0
    • typstPackages.whalogen_0_2_0
    • typstPackages.whalogen_0_3_0
    • python312Packages.django-cachalot
    • python313Packages.django-cachalot
    • python314Packages.django-cachalot
    1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Halo Vulnerable to Stored XSS and RCE via File Upload Bypass

Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.

References

Affected products

halo
  • ==< 2.20.13

Matching in nixpkgs

Package maintainers

Current stable branch was never impacted.

https://github.com/NixOS/nixpkgs/pull/370594
https://github.com/NixOS/nixpkgs/pull/371151
Permalink CVE-2026-25815
3.2 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed
    4 packages
    • terraform-providers.fortios
    • python312Packages.fortiosapi
    • python313Packages.fortiosapi
    • python314Packages.fortiosapi
    1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials …

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option.

References

Affected products

FortiOS
  • =<7.6.6 
Not present in nixpkgs
Permalink CVE-2022-50931
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @Scrumplex Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @Scrumplex dismissed 1 month, 2 weeks ago
TeamSpeak 3.5.6 - Insecure File Permissions

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.

References

Affected products

TeamSpeak
  • ==3.5.6

Matching in nixpkgs

Package maintainers

All channels are patched.