Nixpkgs Security Tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Permalink CVE-2025-66533
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed package filegive 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.

References

Affected products

give
  • =<<= 4.13.1 
WP plugin not present in nixpkgs
Permalink CVE-2025-67549
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed
    2 packages
    • libvoikko
    • voikko-fi
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress oik plugin <= 4.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.

References

Affected products

oik
  • =<<= 4.15.3 
WP plugin not present in nixpkgs
Permalink CVE-2025-60042
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed package vscode-extensions.chrischinchilla.vscode-pandoc 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Chinchilla theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Chinchilla chinchilla allows PHP Local File Inclusion.This issue affects Chinchilla: from n/a through <= 1.16.

References

Affected products

chinchilla
  • =<<= 1.16 
WP theme not present in nixpkgs
Permalink CVE-2025-53439
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed
    2 packages
    • vscode-extensions.elijah-potter.harper
    • harper
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Harper theme <= 1.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Harper harper allows PHP Local File Inclusion.This issue affects Harper: from n/a through <= 1.13.

References

Affected products

harper
  • =<<= 1.13 
WP theme not present in nixpkgs
Permalink CVE-2025-58949
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed package chickenPackages_5.chickenEggs.spock 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through <= 1.17.

References

Affected products

spock
  • =<<= 1.17 
WP theme not present in nixpkgs
Permalink CVE-2025-58933
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed package anubis 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects Anubis: from n/a through <= 1.25.

References

Affected products

anubis
  • =<<= 1.25 
WP theme not present in nixpkgs
Permalink CVE-2025-58928
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed
    2 packages
    • heartbeat7
    • anytype-heart
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Heart heart allows PHP Local File Inclusion.This issue affects Heart: from n/a through <= 1.8.

References

Affected products

heart
  • =<<= 1.8 
WP theme not present in nixpkgs
Permalink CVE-2025-66117
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed package ocamlPackages.easy-format 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.

References

Affected products

easy-form
  • =<<= 2.7.8 
WP plugin not present in nixpkgs
Permalink CVE-2025-53445
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed package catppuccin-catwalk 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Catwalk theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catwalk catwalk allows PHP Local File Inclusion.This issue affects Catwalk: from n/a through <= 1.4.

References

Affected products

catwalk
  • =<<= 1.4 
WP theme not present in nixpkgs
Permalink CVE-2025-67921
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse removed package colobot 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6.

References

Affected products

lobo
  • =<< 2.8.6 
WP theme not present in nixpkgs