Nixpkgs Security Tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Permalink CVE-2025-53447
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    19 packages
    • wasm-strip
    • wast-refmt
    • wasm-text-gen
    • assemblyscript
    • webassemblyjs-cli
    • webassemblyjs-repl
    • nodePackages.@webassemblyjs/wasm-strip
    • nodePackages."@webassemblyjs/cli-1.11.1"
    • nodePackages."@webassemblyjs/repl-1.11.1"
    • tests.dotnet.structured-attrs.check-output
    • nodePackages_latest.@webassemblyjs/wasm-strip
    • vimPlugins.nvim-treesitter-parsers.disassembly
    • nodePackages."@webassemblyjs/wast-refmt-1.11.1"
    • nodePackages_latest."@webassemblyjs/cli-1.11.1"
    • nodePackages_latest."@webassemblyjs/repl-1.11.1"
    • nodePackages."@webassemblyjs/wasm-text-gen-1.11.1"
    • vscode-extensions.13xforever.language-x86-64-assembly
    • nodePackages_latest."@webassemblyjs/wast-refmt-1.11.1"
    • nodePackages_latest."@webassemblyjs/wasm-text-gen-1.11.1"
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Assembly theme <= 1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Assembly assembly allows PHP Local File Inclusion.This issue affects Assembly: from n/a through <= 1.1.

References

Affected products

assembly
  • =<<= 1.1 
WP theme not present in nixpkgs
Permalink CVE-2025-53430
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    10 packages
    • chickenPackages_5.chickenEggs.henrietta-cache-git
    • chickenPackages_5.chickenEggs.henrietta-cache
    • chickenPackages_5.chickenEggs.henrietta
    • python313Packages.django-rosetta
    • python312Packages.django-rosetta
    • python313Packages.palettable
    • python312Packages.palettable
    • typstPackages.quetta_0_2_0
    • typstPackages.quetta_0_1_0
    • ocamlPackages.rosetta
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Etta theme <= 1.14.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Etta etta allows PHP Local File Inclusion.This issue affects Etta: from n/a through <= 1.14.0.

References

Affected products

etta
  • =<<= 1.14.0 
WP theme not present in nixpkgs
Permalink CVE-2025-58941
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    25 packages
    • Fabric
    • fabric-ai
    • libfabric
    • fabric-installer
    • hyperledger-fabric
    • python312Packages.fabric
    • python313Packages.fabric
    • cudaPackages.fabricmanager
    • python312Packages.dtfabric
    • python313Packages.dtfabric
    • cudaPackages_11.fabricmanager
    • azure-cli-extensions.microsoft-fabric
    • python312Packages.azure-servicefabric
    • python313Packages.azure-servicefabric
    • python312Packages.llm-templates-fabric
    • python312Packages.mypy-boto3-appfabric
    • python313Packages.llm-templates-fabric
    • python313Packages.mypy-boto3-appfabric
    • azure-cli-extensions.managednetworkfabric
    • python312Packages.azure-mgmt-servicefabric
    • python313Packages.azure-mgmt-servicefabric
    • python312Packages.types-aiobotocore-appfabric
    • python313Packages.types-aiobotocore-appfabric
    • python312Packages.azure-mgmt-servicefabricmanagedclusters
    • python313Packages.azure-mgmt-servicefabricmanagedclusters
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Fabric theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects Fabric: from n/a through <= 1.5.0.

References

Affected products

fabric
  • =<<= 1.5.0 
WP theme not present in nixpkgs
Permalink CVE-2025-58932
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    11 packages
    • prisma
    • prisma-engines
    • prisma-language-server
    • python312Packages.prisma
    • python313Packages.prisma
    • typstPackages.prismath_0_1_0
    • vscode-extensions.prisma.prisma
    • tree-sitter-grammars.tree-sitter-prisma
    • vimPlugins.nvim-treesitter-parsers.prisma
    • python312Packages.tree-sitter-grammars.tree-sitter-prisma
    • python313Packages.tree-sitter-grammars.tree-sitter-prisma
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Prisma theme <= 1.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects Prisma: from n/a through <= 1.10.

References

Affected products

prisma
  • =<<= 1.10 
WP theme not present in nixpkgs
Permalink CVE-2025-53448
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    8 packages
    • perl540Packages.SortNaturally
    • dwarf-fortress-packages.themes.rally-ho
    • perl538Packages.SortNaturally
    • perlPackages.SortNaturally
    • haskellPackages.literally
    • cro-mag-rally
    • stuntrally
    • trigger
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Rally theme <= 1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rally rally allows PHP Local File Inclusion.This issue affects Rally: from n/a through <= 1.1.

References

Affected products

rally
  • =<<= 1.1 
WP theme not present in nixpkgs
Permalink CVE-2025-53242
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    10 packages
    • seilfahrt
    • abseil-cpp
    • abseil-cpp_202103
    • abseil-cpp_202301
    • abseil-cpp_202401
    • abseil-cpp_202407
    • abseil-cpp_202501
    • abseil-cpp_202505
    • python312Packages.pybind11-abseil
    • python313Packages.pybind11-abseil
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Seil Theme <= 1.7.1 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1.

References

Affected products

seil
  • =<<= 1.7.1 
WP theme not present in nixpkgs
Permalink CVE-2025-49372
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    18 packages
    • happy
    • triggerhappy
    • haskellPackages.happy
    • haskellPackages.happy-dot
    • haskellPackages.happy-lib
    • haskellPackages.happy-meta
    • ocamlPackages.happy-eyeballs
    • haskellPackages.happy-arbitrary
    • ocamlPackages.happy-eyeballs-lwt
    • gnomeExtensions.happy-appy-hotkey
    • ocamlPackages.mimic-happy-eyeballs
    • python312Packages.aiohappyeyeballs
    • python313Packages.aiohappyeyeballs
    • ocamlPackages.happy-eyeballs-mirage
    • tests.testers.testBuildFailure.happy
    • tests.testers.testBuildFailure'.happy
    • tests.testers.testBuildFailure.happyStructuredAttrs
    • tests.testers.testBuildFailure'.happyStructuredAttrs
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.

References

Affected products

happy-helpdesk-support-ticket-system
  • =<<= 1.0.7 
WP plugin not present in nixpkgs
Permalink CVE-2025-66164
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    6 packages
    • python313Packages.toptica-lasersdk
    • python312Packages.toptica-lasersdk
    • haskellPackages.lasercutter
    • ooklaserver
    • dell-530cdn
    • brlaser
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1.

References

Affected products

laser
  • =<<= 1.1.1 
WP plugin not present in nixpkgs
Permalink CVE-2025-22509
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    17 packages
    • atlas
    • nim-atlas
    • atlassian-cli
    • ripe-atlas-tools
    • mongodb-atlas-cli
    • atlassian-plugin-sdk
    • haskellPackages.atlas
    • prometheus-atlas-exporter
    • python312Packages.chatlas
    • python313Packages.chatlas
    • terraform-providers.mongodbatlas
    • python312Packages.ripe-atlas-sagan
    • python313Packages.ripe-atlas-sagan
    • python312Packages.ripe-atlas-cousteau
    • python313Packages.ripe-atlas-cousteau
    • python312Packages.atlassian-python-api
    • python313Packages.atlassian-python-api
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Atlas theme <= 2.1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0.

References

Affected products

atlas
  • =<<= 2.1.0 
WP theme not present in nixpkgs
Permalink CVE-2025-58947
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    2 packages
    • python312Packages.pathos
    • python313Packages.pathos
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Athos theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9.

References

Affected products

athos
  • =<<= 1.9 
WP theme not present in nixpkgs