Nixpkgs Security Tracker

Permalink CVE-2026-0900

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months ago

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 …

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

References

Affected products

Chrome

<144.0.7559.59

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2022-10-31
- nixpkgs-unstable 2022-10-31
- nixos-unstable-small 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-unstable 36.9.5
- nixpkgs-unstable 36.9.5
- nixos-unstable-small 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.2
- nixpkgs-unstable 37.10.2
- nixos-unstable-small 37.10.2

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.7.1
- nixpkgs-unstable 38.7.1
- nixos-unstable-small 38.7.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.2.3
- nixpkgs-unstable 39.2.3
- nixos-unstable-small 39.2.3

pkgs.xorg.xf86videoopenchrome

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2026-0904

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months ago

Incorrect security UI in Digital Credentials in Google Chrome prior …

Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

References

Affected products

Chrome

<144.0.7559.59

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2022-10-31
- nixpkgs-unstable 2022-10-31
- nixos-unstable-small 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-unstable 36.9.5
- nixpkgs-unstable 36.9.5
- nixos-unstable-small 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.2
- nixpkgs-unstable 37.10.2
- nixos-unstable-small 37.10.2

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.7.1
- nixpkgs-unstable 38.7.1
- nixos-unstable-small 38.7.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.2.3
- nixpkgs-unstable 39.2.3
- nixos-unstable-small 39.2.3

pkgs.xorg.xf86videoopenchrome

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2026-0903

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months ago

Inappropriate implementation in Downloads in Google Chrome on Windows prior …

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)

References

Affected products

Chrome

<144.0.7559.59

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2022-10-31
- nixpkgs-unstable 2022-10-31
- nixos-unstable-small 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-unstable 36.9.5
- nixpkgs-unstable 36.9.5
- nixos-unstable-small 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.2
- nixpkgs-unstable 37.10.2
- nixos-unstable-small 37.10.2

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.7.1
- nixpkgs-unstable 38.7.1
- nixos-unstable-small 38.7.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.2.3
- nixpkgs-unstable 39.2.3
- nixos-unstable-small 39.2.3

pkgs.xorg.xf86videoopenchrome

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2025-15366

created 2 months ago

IMAP command injection in user-controlled commands

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

References

https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch

Affected products

CPython

<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Permalink CVE-2026-0908

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months ago

Use after free in ANGLE in Google Chrome prior to …

Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

References

Affected products

Chrome

<144.0.7559.59

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2022-10-31
- nixpkgs-unstable 2022-10-31
- nixos-unstable-small 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-unstable 36.9.5
- nixpkgs-unstable 36.9.5
- nixos-unstable-small 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.2
- nixpkgs-unstable 37.10.2
- nixos-unstable-small 37.10.2

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.7.1
- nixpkgs-unstable 38.7.1
- nixos-unstable-small 38.7.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.2.3
- nixpkgs-unstable 39.2.3
- nixos-unstable-small 39.2.3

pkgs.xorg.xf86videoopenchrome

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2026-0902

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months ago

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 …

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

References

Affected products

Chrome

<144.0.7559.59

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2022-10-31
- nixpkgs-unstable 2022-10-31
- nixos-unstable-small 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 142.0.7444.175
- nixpkgs-unstable 142.0.7444.175
- nixos-unstable-small 142.0.7444.175

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-unstable 36.9.5
- nixpkgs-unstable 36.9.5
- nixos-unstable-small 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.2
- nixpkgs-unstable 37.10.2
- nixos-unstable-small 37.10.2

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.7.1
- nixpkgs-unstable 38.7.1
- nixos-unstable-small 38.7.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.2.3
- nixpkgs-unstable 39.2.3
- nixos-unstable-small 39.2.3

pkgs.xorg.xf86videoopenchrome

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2026-0672

created 2 months ago

Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

References

Affected products

CPython

<3.13.12
<3.14.3
<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Permalink CVE-2026-0865

created 2 months ago

wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers.

References

Affected products

CPython

<3.13.12
<3.14.3
<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Permalink CVE-2025-15282

created 2 months ago

Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

References

Affected products

CPython

<3.13.12
<3.14.3
<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Permalink CVE-2025-60062

9.4 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): LOW

created 2 months ago

WordPress tPlayer plugin <= 1.2.1.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through <= 1.2.1.6.

References

Affected products

tplayer-html5-audio-player-with-playlist

=<<= 1.2.1.6

Matching in nixpkgs

pkgs.rustplayer

Local audio player and network m3u8 radio player using a terminal interface

nixos-unstable 1.1.2-unstable-2024-07-14
- nixpkgs-unstable 1.1.2-unstable-2024-07-14
- nixos-unstable-small 1.1.2-unstable-2024-07-14

Package maintainers

@oluceps oluceps <nixos@oluceps.uk>

Automatically generated suggestions

References

Affected products

Matching in nixpkgs

pkgs.netflix

pkgs.chromedriver

pkgs.mkchromecast

pkgs.chrome-export

pkgs.go-chromecast

pkgs.google-chrome

pkgs.chrome-token-signing

pkgs.chrome-pak-customizer

pkgs.curl-impersonate-chrome

pkgs.undetected-chromedriver

pkgs.electron-chromedriver_33

pkgs.electron-chromedriver_34

pkgs.electron-chromedriver_35

pkgs.electron-chromedriver_36

pkgs.electron-chromedriver_37

pkgs.electron-chromedriver_38

pkgs.electron-chromedriver_39

pkgs.xorg.xf86videoopenchrome

pkgs.ocamlPackages.chrome-trace

pkgs.noto-fonts-monochrome-emoji

pkgs.python312Packages.pychromecast

pkgs.python313Packages.pychromecast

pkgs.python312Packages.undetected-chromedriver

pkgs.python313Packages.undetected-chromedriver

pkgs.grafanaPlugins.ventura-psychrometric-panel

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.netflix

pkgs.chromedriver

pkgs.mkchromecast

pkgs.chrome-export

pkgs.go-chromecast

pkgs.google-chrome

pkgs.chrome-token-signing

pkgs.chrome-pak-customizer

pkgs.curl-impersonate-chrome

pkgs.undetected-chromedriver

pkgs.electron-chromedriver_33

pkgs.electron-chromedriver_34

pkgs.electron-chromedriver_35

pkgs.electron-chromedriver_36

pkgs.electron-chromedriver_37

pkgs.electron-chromedriver_38

pkgs.electron-chromedriver_39

pkgs.xorg.xf86videoopenchrome

pkgs.ocamlPackages.chrome-trace

pkgs.noto-fonts-monochrome-emoji

pkgs.python312Packages.pychromecast

pkgs.python313Packages.pychromecast

pkgs.python312Packages.undetected-chromedriver

pkgs.python313Packages.undetected-chromedriver

pkgs.grafanaPlugins.ventura-psychrometric-panel

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.netflix

pkgs.chromedriver

pkgs.mkchromecast

pkgs.chrome-export

pkgs.go-chromecast

pkgs.google-chrome

pkgs.chrome-token-signing

pkgs.chrome-pak-customizer

pkgs.curl-impersonate-chrome

pkgs.undetected-chromedriver

pkgs.electron-chromedriver_33

pkgs.electron-chromedriver_34

pkgs.electron-chromedriver_35

pkgs.electron-chromedriver_36

pkgs.electron-chromedriver_37

pkgs.electron-chromedriver_38

pkgs.electron-chromedriver_39

pkgs.xorg.xf86videoopenchrome