Nixpkgs security tracker

Permalink CVE-2013-4395

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 ignored
9 packages
- smfh
- asmfmt
- libsmf
- nasmfmt
- mt32emu-smf2wav
- python312Packages.pysmf
- python313Packages.pysmf
- python314Packages.pysmf
- tests.fetchFromGitHub.rootDir
2 months, 1 week ago
@pyrox0 dismissed 2 months, 1 week ago

Simple Machines Forum (SMF) through 2.0.5 has XSS

References

http://www.openwall.com/lists/oss-security/2013/10/01/8 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/10/02/1 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/10/02/3 x_transferredx_refsource_MISC

Affected products

SMF

==through 2.0.5

Ignored packages (9)

pkgs.smfh

Sleek Manifest File Handler

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.4
nixos-25.11 1.3
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.asmfmt

Go assembler formatter

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2
nixos-25.11 1.3.2
- nixos-25.11-small 1.3.2
- nixpkgs-25.11-darwin 1.3.2

pkgs.libsmf

C library for reading and writing Standard MIDI Files

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.11 1.3
- nixos-25.11-small 1.3
- nixpkgs-25.11-darwin 1.3

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15
nixos-25.11 2022-09-15
- nixos-25.11-small 2022-09-15
- nixpkgs-25.11-darwin 2022-09-15

pkgs.mt32emu-smf2wav

Produces a WAVE file from a Standard MIDI file (SMF)

nixos-unstable smf2wav-1.9.0
- nixpkgs-unstable smf2wav-1.9.0
- nixos-unstable-small smf2wav-1.9.0
nixos-25.11 smf2wav-1.9.0
- nixos-25.11-small smf2wav-1.9.0
- nixpkgs-25.11-darwin smf2wav-1.9.0

pkgs.python312Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.tests.fetchFromGitHub.rootDir

None

nixos-unstable smfyc8dzpa0l
- nixpkgs-unstable smfyc8dzpa0l
- nixos-unstable-small smfyc8dzpa0l

Does not apply to nixpkgs

Permalink CVE-2015-5628

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 ignored
4 packages
- prmt
- prmers
- hyprmon
- hyprmagnifier
2 months, 1 week ago
@pyrox0 dismissed 2 months, 1 week ago

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and …

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 x_transferredx_refsource_MISC
http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf x_transferredx_refsource_CONFIRM

Affected products

PRM

==R3.12.00 and earlier

Exaopc

==R3.72.00 and earlier

Exarqe

==R4.03.20 and earlier

Exaplog

==R3.40.00 and earlier

Exasmoc

==R4.03.20 and earlier

Exapilot

==R3.96.10 and earlier

B/M9000CS

==R5.05.01 and earlier

CENTUM VP

==R5.04.20 and earlier

FieldMate

==R1.02
==R1.01

B/M9000 VP

==R7.03.04 and earlier

Exaquantum

==R2.85.00 and earlier

FAST/TOOLS

==R10.01 and earlier

ProSafe-RS

==R3.02.10 and earlier

STARDOM VDS

==R7.30.01 and earlier

CENTUM CS 1000

==R3.08.70 and earlier

CENTUM CS 3000

==R3.09.50 and earlier

CENTUM VP Entry

==R5.04.20 and earlier

Exaquantum/Batch

==R2.50.30 and earlier

CENTUM CS 3000 Entry

==R3.09.50 and earlier

STARDOM OPC Server for Windows

==R3.40 and earlier

Field Wireless Device OPC Server

==R2.01.02 and earlier

Ignored packages (4)

pkgs.prmt

Ultra-fast, customizable shell prompt generator

nixos-unstable 0.2.4
- nixpkgs-unstable 0.2.4
- nixos-unstable-small 0.2.4
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.prmers

GPU-accelerated Mersenne primality testing

nixos-unstable 4.15.85-alpha
- nixpkgs-unstable 4.15.85-alpha
- nixos-unstable-small 4.15.85-alpha
nixos-25.11 4.15.35-alpha
- nixos-25.11-small 4.15.35-alpha
- nixpkgs-25.11-darwin 4.15.35-alpha

pkgs.hyprmon

TUI monitor configuration tool for Hyprland with visual layout, drag-and-drop, and profile management

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.hyprmagnifier

wlroots-compatible Wayland magnifier that does not suck

nixos-unstable 0.0.1-unstable-2025-05-16
- nixpkgs-unstable 0.0.1-unstable-2025-05-16
- nixos-unstable-small 0.0.1-unstable-2025-05-16
nixos-25.11 0.0.1-unstable-2025-05-16
- nixos-25.11-small 0.0.1-unstable-2025-05-16
- nixpkgs-25.11-darwin 0.0.1-unstable-2025-05-16

Does not apply to anything in nixpkgs

Permalink CVE-2015-7810

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 dismissed 2 months, 1 week ago

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when …

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

References

https://security-tracker.debian.org/tracker/CVE-2015-7810 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2015-7810 x_transferredx_refsource_MISC
http://www.securityfocus.com/bid/72769 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/10/12/7 x_transferredx_refsource_MISC

Affected products

libbluray

==1

Matching in nixpkgs

pkgs.libbluray

Library to access Blu-Ray disks for video playback

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.3.4
- nixos-25.11-small 1.3.4
- nixpkgs-25.11-darwin 1.3.4

pkgs.libbluray-full

Library to access Blu-Ray disks for video playback

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0

Package maintainers

@abbradar Nikolay Amiantov <ab@fmap.me>
@amarshall Andrew Marshall <andrew@johnandrewmarshall.com>

Does not apply to nixpkgs versions

Permalink CVE-2013-2018

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@LeSuisse ignored package boinctui 2 months, 1 week ago
@pyrox0 dismissed 2 months, 1 week ago

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to …

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

http://www.openwall.com/lists/oss-security/2013/04/28/3 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/29/11 x_transferredx_refsource_MISC

Affected products

BOINC

==possibly 7.x and earlier

Matching in nixpkgs

pkgs.boinc

Free software for distributed and grid computing

nixos-unstable 8.2.8
- nixpkgs-unstable 8.2.8
- nixos-unstable-small 8.2.8
nixos-25.11 8.2.6
- nixos-25.11-small 8.2.6
- nixpkgs-25.11-darwin 8.2.6

pkgs.boinc-headless

Free software for distributed and grid computing

nixos-unstable 8.2.8
- nixpkgs-unstable 8.2.8
- nixos-unstable-small 8.2.8
nixos-25.11 8.2.6
- nixos-25.11-small 8.2.6
- nixpkgs-25.11-darwin 8.2.6

Ignored packages (1)

pkgs.boinctui

Curses based fullscreen BOINC manager

nixos-unstable 2.7.1-unstable-2023-12-14
- nixpkgs-unstable 2.7.1-unstable-2023-12-14
- nixos-unstable-small 2.7.1-unstable-2023-12-14
nixos-25.11 2.7.1-unstable-2023-12-14
- nixos-25.11-small 2.7.1-unstable-2023-12-14
- nixpkgs-25.11-darwin 2.7.1-unstable-2023-12-14

Package maintainers

@Luflosi Luflosi <luflosi@luflosi.de>

Do not apply to nixpkgs versions

Permalink CVE-2026-2650

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 ignored
19 packages
- netflix
- mkchromecast
- chrome-export
- go-chromecast
- xf86videoopenchrome
- chrome-token-signing
- chrome-pak-customizer
- xf86-video-openchrome
- xorg.xf86videoopenchrome
- ocamlPackages.chrome-trace
- noto-fonts-monochrome-emoji
- python312Packages.pychromecast
- python313Packages.pychromecast
- python314Packages.pychromecast
- ocamlPackages_latest.chrome-trace
- python312Packages.undetected-chromedriver
- python313Packages.undetected-chromedriver
- python314Packages.undetected-chromedriver
- grafanaPlugins.ventura-psychrometric-panel
2 months, 1 week ago
@pyrox0 dismissed 2 months, 1 week ago

Heap buffer overflow in Media in Google Chrome prior to …

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

References

Affected products

Chrome

<145.0.7632.109

Matching in nixpkgs

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.67
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.75
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.67
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.75
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.0
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.67
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.75
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.0
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.4.0
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.1.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

Ignored packages (19)

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <github@ggg.dev>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@TomaSajt TomaSajt
@teutat3s teutat3s <teutates@mailbox.org>

Does not apply to nixpkgs versions

Permalink CVE-2014-9192

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 ignored package vtsls 2 months, 1 week ago
@pyrox0 dismissed 2 months, 1 week ago

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through …

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.

References

https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 x_transferredx_refsource_MISC
71591 vdb-entryx_refsource_BIDx_transferred
https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02
http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm

Affected products

VTS

<10.2.21
<9.1.19

n/a

==n/a

Ignored packages (1)

pkgs.vtsls

LSP wrapper for typescript extension of vscode.

nixos-unstable 0.2.9
- nixpkgs-unstable 0.2.9
- nixos-unstable-small 0.2.9
nixos-25.11 0.2.9
- nixos-25.11-small 0.2.9
- nixpkgs-25.11-darwin 0.2.9

Does not apply to nixpkgs

Permalink CVE-2014-3495

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 dismissed 2 months, 1 week ago

duplicity 0.6.24 has improper verification of SSL certificates

References

https://security-tracker.debian.org/tracker/CVE-2014-3495 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 x_transferredx_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3495 x_transferredx_refsource_MISC

Affected products

duplicity

==0.6.24

Matching in nixpkgs

pkgs.duplicity

Encrypted bandwidth-efficient backup using the rsync algorithm

nixos-unstable 3.0.7
- nixpkgs-unstable 3.0.7
- nixos-unstable-small 3.0.7
nixos-25.11 3.0.7
- nixos-25.11-small 3.0.7
- nixpkgs-25.11-darwin 3.0.7

Package maintainers

@corngood David McFarland <corngood@gmail.com>

Does not affect current versions

Permalink CVE-2010-0737

updated 2 months, 1 week ago by @LeSuisse Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 ignored
2 packages
- jboss_mysql_jdbc
- jboss
2 months, 1 week ago
@pyrox0 accepted 2 months, 1 week ago
@LeSuisse dismissed 2 months, 1 week ago

A missing permission check was found in The CLI in …

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 x_transferredx_refsource_MISC

Affected products

JBoss

==2.3.1

Ignored packages (2)

pkgs.jboss

Open Source J2EE application server

nixos-unstable 7.1.1.Final
- nixpkgs-unstable 7.1.1.Final
- nixos-unstable-small 7.1.1.Final
nixos-25.11 7.1.1.Final
- nixos-25.11-small 7.1.1.Final
- nixpkgs-25.11-darwin 7.1.1.Final

pkgs.jboss_mysql_jdbc

MySQL Connector/J

nixos-unstable 9.6.0
- nixpkgs-unstable 9.6.0
- nixos-unstable-small 9.6.0
nixos-25.11 9.4.0
- nixos-25.11-small 9.4.0
- nixpkgs-25.11-darwin 9.4.0

Only affects up to version 2.3.1

Permalink CVE-2012-5558

updated 2 months, 1 week ago by @LeSuisse Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 ignored package smiley-sans 2 months, 1 week ago
@pyrox0 accepted 2 months, 1 week ago
@LeSuisse dismissed 2 months, 1 week ago

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions …

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym.

References

http://drupal.org/node/1840892 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/20/4 x_transferredx_refsource_MISC
http://drupal.org/node/1840954 x_transferredx_refsource_MISC
http://drupal.org/node/1840956 x_transferredx_refsource_MISC

Affected products

Smiley

==6.x-1.x versions prior to 6.x-1.1

Smileys

==6.x-1.x versions prior to 6.x-1.1

Ignored packages (1)

pkgs.smiley-sans

Condensed and oblique Chinese typeface seeking a visual balance between the humanist and the geometric

nixos-unstable 2.0.1
- nixpkgs-unstable 2.0.1
- nixos-unstable-small 2.0.1
nixos-25.11 2.0.1
- nixos-25.11-small 2.0.1
- nixpkgs-25.11-darwin 2.0.1

Does not apply to the font.

Permalink CVE-2014-3655

updated 2 months, 1 week ago by @LeSuisse Activity log

Created suggestion 2 months, 1 week ago
@LeSuisse ignored
5 packages
- terraform-providers.keycloak
- python312Packages.python-keycloak
- python313Packages.python-keycloak
- python314Packages.python-keycloak
- terraform-providers.keycloak_keycloak
2 months, 1 week ago
@LeSuisse dismissed 2 months, 1 week ago

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC

Affected products

KeyCloak

==Fixed in version 1.1.0-Alpha1

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.3
- nixpkgs-unstable 26.5.3
- nixos-unstable-small 26.5.3
nixos-25.11 26.5.3
- nixos-25.11-small 26.5.3
- nixpkgs-25.11-darwin 26.5.3

Ignored packages (5)

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/efc7ecaf9c79f655737104ecabaea761afe81a7b

Dismissed suggestions

References

Affected products

pkgs.smfh

pkgs.asmfmt

pkgs.libsmf

pkgs.nasmfmt

pkgs.mt32emu-smf2wav

pkgs.python312Packages.pysmf

pkgs.python313Packages.pysmf

pkgs.python314Packages.pysmf

pkgs.tests.fetchFromGitHub.rootDir

References

Affected products

pkgs.prmt

pkgs.prmers

pkgs.hyprmon

pkgs.hyprmagnifier

References

Affected products

Matching in nixpkgs

pkgs.libbluray

pkgs.libbluray-full

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.boinc

pkgs.boinc-headless

pkgs.boinctui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.chromedriver

pkgs.google-chrome

pkgs.electron-chromedriver

pkgs.curl-impersonate-chrome

pkgs.undetected-chromedriver

pkgs.electron-chromedriver_33

pkgs.electron-chromedriver_34

pkgs.electron-chromedriver_35

pkgs.electron-chromedriver_36

pkgs.electron-chromedriver_37

pkgs.electron-chromedriver_38

pkgs.electron-chromedriver_39

pkgs.electron-chromedriver_40

pkgs.netflix

pkgs.mkchromecast

pkgs.chrome-export

pkgs.go-chromecast

pkgs.xf86videoopenchrome

pkgs.chrome-token-signing

pkgs.chrome-pak-customizer

pkgs.xf86-video-openchrome

pkgs.xorg.xf86videoopenchrome

pkgs.ocamlPackages.chrome-trace

pkgs.noto-fonts-monochrome-emoji

pkgs.python312Packages.pychromecast

pkgs.python313Packages.pychromecast

pkgs.python314Packages.pychromecast

pkgs.ocamlPackages_latest.chrome-trace

pkgs.python312Packages.undetected-chromedriver

pkgs.python313Packages.undetected-chromedriver

pkgs.python314Packages.undetected-chromedriver

pkgs.grafanaPlugins.ventura-psychrometric-panel

Package maintainers

References

Affected products

pkgs.vtsls

References

Affected products

Matching in nixpkgs

pkgs.duplicity

Package maintainers

References

Affected products

pkgs.jboss

pkgs.jboss_mysql_jdbc

References