Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2025-10911
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 months ago
Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

References

Affected products

rhcos
libxslt
  • =<1.1.43

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-60018
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 4 months ago
Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()"

glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read.

References

Affected products

glib-networking
  • <2.80.2

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-60019
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 4 months ago
Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()

glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.

References

Affected products

glib-networking
  • <2.80.2

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-48041
created 6 months ago
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

References

Affected products

ssh
  • *
  • <pkg:otp/ssh@*

Matching in nixpkgs

pkgs.assh

Advanced SSH config - Regex, aliases, gateways, includes and dynamic hosts

  • nixos-unstable -

pkgs.pssh

Parallel SSH Tools

  • nixos-unstable -

pkgs.sshs

Terminal user interface for SSH

  • nixos-unstable -

pkgs.sshx

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.zssh

SSH and Telnet client with ZMODEM file transfer capability

  • nixos-unstable -

pkgs.passh

Sshpass alternative for non-interactive ssh auth

pkgs.sshed

ssh config editor and bookmarks manager

  • nixos-unstable -

pkgs.libssh

SSH client library

  • nixos-unstable -

pkgs.opkssh

Enables SSH to be used with OpenID Connect

  • nixos-unstable -

pkgs.smassh

TUI based typing test application inspired by MonkeyType

  • nixos-unstable -

pkgs.tarssh

Simple SSH tarpit inspired by endlessh

  • nixos-unstable -

pkgs.webssh

Web based SSH client

  • nixos-unstable -

pkgs.autossh

Automatically restart SSH sessions and tunnels

  • nixos-unstable -

pkgs.lazyssh

Terminal-based SSH manager

  • nixos-unstable -

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

  • nixos-unstable -

pkgs.openssh

Implementation of the SSH protocol

  • nixos-unstable -

pkgs.sshoogr

A Groovy-based DSL for working with remote SSH servers

  • nixos-unstable -

pkgs.sshpass

Non-interactive ssh password auth

  • nixos-unstable -

pkgs.sshping

Measure character-echo latency and bandwidth for an interactive ssh session

  • nixos-unstable -

pkgs.baboossh

Tool to do SSH spreading

  • nixos-unstable -

pkgs.endlessh

SSH tarpit that slowly sends an endless banner

  • nixos-unstable -

pkgs.fast-ssh

TUI tool to use the SSH config for connections

  • nixos-unstable -

pkgs.hyperssh

Run SSH over hyperswarm

  • nixos-unstable -

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.pfsshell

PFS (PlayStation File System) shell for POSIX-based systems

  • nixos-unstable -

pkgs.ssh-mitm

Tool for SSH security audits

  • nixos-unstable -

pkgs.sshesame

Easy to set up and use SSH honeypot

  • nixos-unstable -

pkgs.sshguard

Protects hosts from brute-force attacks

  • nixos-unstable -

pkgs.sshified

Proxy HTTP requests through SSH

  • nixos-unstable -

pkgs.sshlatex

Collection of hacks to efficiently run LaTeX via ssh

  • nixos-unstable -

pkgs.sshocker

Tool for SSH, reverse sshfs and port forwarder

  • nixos-unstable -

pkgs.sshuttle

Transparent proxy server that works as a poor man's VPN

  • nixos-unstable -

pkgs.guile-ssh

Bindings to Libssh for GNU Guile

  • nixos-unstable -

pkgs.ssh-audit

Tool for ssh server auditing

  • nixos-unstable -

pkgs.ssh-ident

Start and use ssh-agent and load identities as necessary

pkgs.ssh-tools

Making SSH more convenient

  • nixos-unstable -

pkgs.sshportal

Simple, fun and transparent SSH (and telnet) bastion server

  • nixos-unstable -

pkgs.tmux-cssh

SSH to multiple hosts at the same time using tmux

pkgs.trzsz-ssh

SSH client designed as a drop-in replacement for the openssh client

  • nixos-unstable -

pkgs.usbip-ssh

Import usb devices from another linux machine with ssh's connection forwarding mechanism

pkgs.ssh-agents

Spawn and maintain multiple ssh-agents across terminals

  • nixos-unstable -

pkgs.ssh-to-age

Convert ssh private keys in ed25519 format to age keys

  • nixos-unstable -

pkgs.ssh-to-pgp

Convert ssh private keys to PGP

  • nixos-unstable -

pkgs.sshchecker

Dedicated SSH brute-forcing tool

  • nixos-unstable -

pkgs.sshfs-fuse

FUSE-based filesystem that allows remote filesystems to be mounted over SSH

  • nixos-unstable -

pkgs.endlessh-go

Implementation of endlessh exporting Prometheus metrics

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

  • nixos-unstable -

pkgs.ssh-copy-id

Tool to copy SSH public keys to a remote machine

  • nixos-unstable -

pkgs.sshx-server

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.ssh-import-id

Retrieves an SSH public key and installs it locally

  • nixos-unstable -

pkgs.ssh-tpm-agent

SSH agent with support for TPM sealed keys for public key authentication

  • nixos-unstable -

pkgs.openssh_gssapi

Implementation of the SSH protocol with GSSAPI support

  • nixos-unstable -

pkgs.tkey-ssh-agent

SSH Agent for TKey, the flexible open hardware/software USB security key

  • nixos-unstable -

pkgs.vault-ssh-plus

Automatically use HashiCorp Vault SSH Client Key Signing with ssh(1)

  • nixos-unstable -

pkgs.x11_ssh_askpass

Lightweight passphrase dialog for OpenSSH or other open variants of SSH

pkgs.ssh-openpgp-auth

Command-line tool that provides client-side functionality to transparently verify the identity of remote SSH hosts

  • nixos-unstable -

pkgs.ssh-key-confirmer

Test ssh login key acceptance without having the private key

  • nixos-unstable -

pkgs.sshd-openpgp-auth

Command-line tool for creating and managing OpenPGP based trust anchors for SSH host keys

  • nixos-unstable -

pkgs.gnomeExtensions.guake-ssh

Systray menu to connect to SSH hosts configured in ~/.ssh/config or any files in ~/.ssh/config.d/ using Guake.

  • nixos-unstable -
    • nixpkgs-unstable 5

pkgs.gnomeExtensions.ssh-profile-list

SSH Profile List is a GNOME extension that allows you to show SSH connections from .ssh/config file directly from the GNOME panel systray. This extension is fork of https://github.com/pramalho/guake-ssh-extension that modified to run on any terminal.

  • nixos-unstable -
    • nixpkgs-unstable 1

Package maintainers

Permalink CVE-2025-48040
created 6 months ago
Malicious Key Exchange Messages may Lead to Excessive Resource Consumption

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

References

Affected products

ssh
  • *
  • <pkg:otp/ssh@*

Matching in nixpkgs

pkgs.assh

Advanced SSH config - Regex, aliases, gateways, includes and dynamic hosts

  • nixos-unstable -

pkgs.pssh

Parallel SSH Tools

  • nixos-unstable -

pkgs.sshs

Terminal user interface for SSH

  • nixos-unstable -

pkgs.sshx

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.zssh

SSH and Telnet client with ZMODEM file transfer capability

  • nixos-unstable -

pkgs.passh

Sshpass alternative for non-interactive ssh auth

pkgs.sshed

ssh config editor and bookmarks manager

  • nixos-unstable -

pkgs.libssh

SSH client library

  • nixos-unstable -

pkgs.opkssh

Enables SSH to be used with OpenID Connect

  • nixos-unstable -

pkgs.smassh

TUI based typing test application inspired by MonkeyType

  • nixos-unstable -

pkgs.tarssh

Simple SSH tarpit inspired by endlessh

  • nixos-unstable -

pkgs.webssh

Web based SSH client

  • nixos-unstable -

pkgs.autossh

Automatically restart SSH sessions and tunnels

  • nixos-unstable -

pkgs.lazyssh

Terminal-based SSH manager

  • nixos-unstable -

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

  • nixos-unstable -

pkgs.openssh

Implementation of the SSH protocol

  • nixos-unstable -

pkgs.sshoogr

A Groovy-based DSL for working with remote SSH servers

  • nixos-unstable -

pkgs.sshpass

Non-interactive ssh password auth

  • nixos-unstable -

pkgs.sshping

Measure character-echo latency and bandwidth for an interactive ssh session

  • nixos-unstable -

pkgs.baboossh

Tool to do SSH spreading

  • nixos-unstable -

pkgs.endlessh

SSH tarpit that slowly sends an endless banner

  • nixos-unstable -

pkgs.fast-ssh

TUI tool to use the SSH config for connections

  • nixos-unstable -

pkgs.hyperssh

Run SSH over hyperswarm

  • nixos-unstable -

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.pfsshell

PFS (PlayStation File System) shell for POSIX-based systems

  • nixos-unstable -

pkgs.ssh-mitm

Tool for SSH security audits

  • nixos-unstable -

pkgs.sshesame

Easy to set up and use SSH honeypot

  • nixos-unstable -

pkgs.sshguard

Protects hosts from brute-force attacks

  • nixos-unstable -

pkgs.sshified

Proxy HTTP requests through SSH

  • nixos-unstable -

pkgs.sshlatex

Collection of hacks to efficiently run LaTeX via ssh

  • nixos-unstable -

pkgs.sshocker

Tool for SSH, reverse sshfs and port forwarder

  • nixos-unstable -

pkgs.sshuttle

Transparent proxy server that works as a poor man's VPN

  • nixos-unstable -

pkgs.guile-ssh

Bindings to Libssh for GNU Guile

  • nixos-unstable -

pkgs.ssh-audit

Tool for ssh server auditing

  • nixos-unstable -

pkgs.ssh-ident

Start and use ssh-agent and load identities as necessary

pkgs.ssh-tools

Making SSH more convenient

  • nixos-unstable -

pkgs.sshportal

Simple, fun and transparent SSH (and telnet) bastion server

  • nixos-unstable -

pkgs.tmux-cssh

SSH to multiple hosts at the same time using tmux

pkgs.trzsz-ssh

SSH client designed as a drop-in replacement for the openssh client

  • nixos-unstable -

pkgs.usbip-ssh

Import usb devices from another linux machine with ssh's connection forwarding mechanism

pkgs.ssh-agents

Spawn and maintain multiple ssh-agents across terminals

  • nixos-unstable -

pkgs.ssh-to-age

Convert ssh private keys in ed25519 format to age keys

  • nixos-unstable -

pkgs.ssh-to-pgp

Convert ssh private keys to PGP

  • nixos-unstable -

pkgs.sshchecker

Dedicated SSH brute-forcing tool

  • nixos-unstable -

pkgs.sshfs-fuse

FUSE-based filesystem that allows remote filesystems to be mounted over SSH

  • nixos-unstable -

pkgs.endlessh-go

Implementation of endlessh exporting Prometheus metrics

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

  • nixos-unstable -

pkgs.ssh-copy-id

Tool to copy SSH public keys to a remote machine

  • nixos-unstable -

pkgs.sshx-server

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.ssh-import-id

Retrieves an SSH public key and installs it locally

  • nixos-unstable -

pkgs.ssh-tpm-agent

SSH agent with support for TPM sealed keys for public key authentication

  • nixos-unstable -

pkgs.openssh_gssapi

Implementation of the SSH protocol with GSSAPI support

  • nixos-unstable -

pkgs.tkey-ssh-agent

SSH Agent for TKey, the flexible open hardware/software USB security key

  • nixos-unstable -

pkgs.vault-ssh-plus

Automatically use HashiCorp Vault SSH Client Key Signing with ssh(1)

  • nixos-unstable -

pkgs.x11_ssh_askpass

Lightweight passphrase dialog for OpenSSH or other open variants of SSH

pkgs.ssh-openpgp-auth

Command-line tool that provides client-side functionality to transparently verify the identity of remote SSH hosts

  • nixos-unstable -

pkgs.ssh-key-confirmer

Test ssh login key acceptance without having the private key

  • nixos-unstable -

pkgs.sshd-openpgp-auth

Command-line tool for creating and managing OpenPGP based trust anchors for SSH host keys

  • nixos-unstable -

pkgs.gnomeExtensions.guake-ssh

Systray menu to connect to SSH hosts configured in ~/.ssh/config or any files in ~/.ssh/config.d/ using Guake.

  • nixos-unstable -
    • nixpkgs-unstable 5

pkgs.gnomeExtensions.ssh-profile-list

SSH Profile List is a GNOME extension that allows you to show SSH connections from .ssh/config file directly from the GNOME panel systray. This extension is fork of https://github.com/pramalho/guake-ssh-extension that modified to run on any terminal.

  • nixos-unstable -
    • nixpkgs-unstable 1

Package maintainers

Permalink CVE-2025-48038
created 6 months ago
Unverified File Handles can Cause Excessive Use of System Resources

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

References

Affected products

ssh
  • *
  • <pkg:otp/ssh@*

Matching in nixpkgs

pkgs.assh

Advanced SSH config - Regex, aliases, gateways, includes and dynamic hosts

  • nixos-unstable -

pkgs.pssh

Parallel SSH Tools

  • nixos-unstable -

pkgs.sshs

Terminal user interface for SSH

  • nixos-unstable -

pkgs.sshx

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.zssh

SSH and Telnet client with ZMODEM file transfer capability

  • nixos-unstable -

pkgs.passh

Sshpass alternative for non-interactive ssh auth

pkgs.sshed

ssh config editor and bookmarks manager

  • nixos-unstable -

pkgs.libssh

SSH client library

  • nixos-unstable -

pkgs.opkssh

Enables SSH to be used with OpenID Connect

  • nixos-unstable -

pkgs.smassh

TUI based typing test application inspired by MonkeyType

  • nixos-unstable -

pkgs.tarssh

Simple SSH tarpit inspired by endlessh

  • nixos-unstable -

pkgs.webssh

Web based SSH client

  • nixos-unstable -

pkgs.autossh

Automatically restart SSH sessions and tunnels

  • nixos-unstable -

pkgs.lazyssh

Terminal-based SSH manager

  • nixos-unstable -

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

  • nixos-unstable -

pkgs.openssh

Implementation of the SSH protocol

  • nixos-unstable -

pkgs.sshoogr

A Groovy-based DSL for working with remote SSH servers

  • nixos-unstable -

pkgs.sshpass

Non-interactive ssh password auth

  • nixos-unstable -

pkgs.sshping

Measure character-echo latency and bandwidth for an interactive ssh session

  • nixos-unstable -

pkgs.baboossh

Tool to do SSH spreading

  • nixos-unstable -

pkgs.endlessh

SSH tarpit that slowly sends an endless banner

  • nixos-unstable -

pkgs.fast-ssh

TUI tool to use the SSH config for connections

  • nixos-unstable -

pkgs.hyperssh

Run SSH over hyperswarm

  • nixos-unstable -

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.pfsshell

PFS (PlayStation File System) shell for POSIX-based systems

  • nixos-unstable -

pkgs.ssh-mitm

Tool for SSH security audits

  • nixos-unstable -

pkgs.sshesame

Easy to set up and use SSH honeypot

  • nixos-unstable -

pkgs.sshguard

Protects hosts from brute-force attacks

  • nixos-unstable -

pkgs.sshified

Proxy HTTP requests through SSH

  • nixos-unstable -

pkgs.sshlatex

Collection of hacks to efficiently run LaTeX via ssh

  • nixos-unstable -

pkgs.sshocker

Tool for SSH, reverse sshfs and port forwarder

  • nixos-unstable -

pkgs.sshuttle

Transparent proxy server that works as a poor man's VPN

  • nixos-unstable -

pkgs.guile-ssh

Bindings to Libssh for GNU Guile

  • nixos-unstable -

pkgs.ssh-audit

Tool for ssh server auditing

  • nixos-unstable -

pkgs.ssh-ident

Start and use ssh-agent and load identities as necessary

pkgs.ssh-tools

Making SSH more convenient

  • nixos-unstable -

pkgs.sshportal

Simple, fun and transparent SSH (and telnet) bastion server

  • nixos-unstable -

pkgs.tmux-cssh

SSH to multiple hosts at the same time using tmux

pkgs.trzsz-ssh

SSH client designed as a drop-in replacement for the openssh client

  • nixos-unstable -

pkgs.usbip-ssh

Import usb devices from another linux machine with ssh's connection forwarding mechanism

pkgs.ssh-agents

Spawn and maintain multiple ssh-agents across terminals

  • nixos-unstable -

pkgs.ssh-to-age

Convert ssh private keys in ed25519 format to age keys

  • nixos-unstable -

pkgs.ssh-to-pgp

Convert ssh private keys to PGP

  • nixos-unstable -

pkgs.sshchecker

Dedicated SSH brute-forcing tool

  • nixos-unstable -

pkgs.sshfs-fuse

FUSE-based filesystem that allows remote filesystems to be mounted over SSH

  • nixos-unstable -

pkgs.endlessh-go

Implementation of endlessh exporting Prometheus metrics

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

  • nixos-unstable -

pkgs.ssh-copy-id

Tool to copy SSH public keys to a remote machine

  • nixos-unstable -

pkgs.sshx-server

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.ssh-import-id

Retrieves an SSH public key and installs it locally

  • nixos-unstable -

pkgs.ssh-tpm-agent

SSH agent with support for TPM sealed keys for public key authentication

  • nixos-unstable -

pkgs.openssh_gssapi

Implementation of the SSH protocol with GSSAPI support

  • nixos-unstable -

pkgs.tkey-ssh-agent

SSH Agent for TKey, the flexible open hardware/software USB security key

  • nixos-unstable -

pkgs.vault-ssh-plus

Automatically use HashiCorp Vault SSH Client Key Signing with ssh(1)

  • nixos-unstable -

pkgs.x11_ssh_askpass

Lightweight passphrase dialog for OpenSSH or other open variants of SSH

pkgs.ssh-openpgp-auth

Command-line tool that provides client-side functionality to transparently verify the identity of remote SSH hosts

  • nixos-unstable -

pkgs.ssh-key-confirmer

Test ssh login key acceptance without having the private key

  • nixos-unstable -

pkgs.sshd-openpgp-auth

Command-line tool for creating and managing OpenPGP based trust anchors for SSH host keys

  • nixos-unstable -

pkgs.gnomeExtensions.guake-ssh

Systray menu to connect to SSH hosts configured in ~/.ssh/config or any files in ~/.ssh/config.d/ using Guake.

  • nixos-unstable -
    • nixpkgs-unstable 5

pkgs.gnomeExtensions.ssh-profile-list

SSH Profile List is a GNOME extension that allows you to show SSH connections from .ssh/config file directly from the GNOME panel systray. This extension is fork of https://github.com/pramalho/guake-ssh-extension that modified to run on any terminal.

  • nixos-unstable -
    • nixpkgs-unstable 1

Package maintainers

Permalink CVE-2025-48039
created 6 months ago
Unverified Paths can Cause Excessive Use of System Resources

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

References

Affected products

ssh
  • *
  • <pkg:otp/ssh@*

Matching in nixpkgs

pkgs.assh

Advanced SSH config - Regex, aliases, gateways, includes and dynamic hosts

  • nixos-unstable -

pkgs.pssh

Parallel SSH Tools

  • nixos-unstable -

pkgs.sshs

Terminal user interface for SSH

  • nixos-unstable -

pkgs.sshx

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.zssh

SSH and Telnet client with ZMODEM file transfer capability

  • nixos-unstable -

pkgs.passh

Sshpass alternative for non-interactive ssh auth

pkgs.sshed

ssh config editor and bookmarks manager

  • nixos-unstable -

pkgs.libssh

SSH client library

  • nixos-unstable -

pkgs.opkssh

Enables SSH to be used with OpenID Connect

  • nixos-unstable -

pkgs.smassh

TUI based typing test application inspired by MonkeyType

  • nixos-unstable -

pkgs.tarssh

Simple SSH tarpit inspired by endlessh

  • nixos-unstable -

pkgs.webssh

Web based SSH client

  • nixos-unstable -

pkgs.autossh

Automatically restart SSH sessions and tunnels

  • nixos-unstable -

pkgs.lazyssh

Terminal-based SSH manager

  • nixos-unstable -

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

  • nixos-unstable -

pkgs.openssh

Implementation of the SSH protocol

  • nixos-unstable -

pkgs.sshoogr

A Groovy-based DSL for working with remote SSH servers

  • nixos-unstable -

pkgs.sshpass

Non-interactive ssh password auth

  • nixos-unstable -

pkgs.sshping

Measure character-echo latency and bandwidth for an interactive ssh session

  • nixos-unstable -

pkgs.baboossh

Tool to do SSH spreading

  • nixos-unstable -

pkgs.endlessh

SSH tarpit that slowly sends an endless banner

  • nixos-unstable -

pkgs.fast-ssh

TUI tool to use the SSH config for connections

  • nixos-unstable -

pkgs.hyperssh

Run SSH over hyperswarm

  • nixos-unstable -

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.pfsshell

PFS (PlayStation File System) shell for POSIX-based systems

  • nixos-unstable -

pkgs.ssh-mitm

Tool for SSH security audits

  • nixos-unstable -

pkgs.sshesame

Easy to set up and use SSH honeypot

  • nixos-unstable -

pkgs.sshguard

Protects hosts from brute-force attacks

  • nixos-unstable -

pkgs.sshified

Proxy HTTP requests through SSH

  • nixos-unstable -

pkgs.sshlatex

Collection of hacks to efficiently run LaTeX via ssh

  • nixos-unstable -

pkgs.sshocker

Tool for SSH, reverse sshfs and port forwarder

  • nixos-unstable -

pkgs.sshuttle

Transparent proxy server that works as a poor man's VPN

  • nixos-unstable -

pkgs.guile-ssh

Bindings to Libssh for GNU Guile

  • nixos-unstable -

pkgs.ssh-audit

Tool for ssh server auditing

  • nixos-unstable -

pkgs.ssh-ident

Start and use ssh-agent and load identities as necessary

pkgs.ssh-tools

Making SSH more convenient

  • nixos-unstable -

pkgs.sshportal

Simple, fun and transparent SSH (and telnet) bastion server

  • nixos-unstable -

pkgs.tmux-cssh

SSH to multiple hosts at the same time using tmux

pkgs.trzsz-ssh

SSH client designed as a drop-in replacement for the openssh client

  • nixos-unstable -

pkgs.usbip-ssh

Import usb devices from another linux machine with ssh's connection forwarding mechanism

pkgs.ssh-agents

Spawn and maintain multiple ssh-agents across terminals

  • nixos-unstable -

pkgs.ssh-to-age

Convert ssh private keys in ed25519 format to age keys

  • nixos-unstable -

pkgs.ssh-to-pgp

Convert ssh private keys to PGP

  • nixos-unstable -

pkgs.sshchecker

Dedicated SSH brute-forcing tool

  • nixos-unstable -

pkgs.sshfs-fuse

FUSE-based filesystem that allows remote filesystems to be mounted over SSH

  • nixos-unstable -

pkgs.endlessh-go

Implementation of endlessh exporting Prometheus metrics

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

  • nixos-unstable -

pkgs.ssh-copy-id

Tool to copy SSH public keys to a remote machine

  • nixos-unstable -

pkgs.sshx-server

Fast, collaborative live terminal sharing over the web

  • nixos-unstable -

pkgs.ssh-import-id

Retrieves an SSH public key and installs it locally

  • nixos-unstable -

pkgs.ssh-tpm-agent

SSH agent with support for TPM sealed keys for public key authentication

  • nixos-unstable -

pkgs.openssh_gssapi

Implementation of the SSH protocol with GSSAPI support

  • nixos-unstable -

pkgs.tkey-ssh-agent

SSH Agent for TKey, the flexible open hardware/software USB security key

  • nixos-unstable -

pkgs.vault-ssh-plus

Automatically use HashiCorp Vault SSH Client Key Signing with ssh(1)

  • nixos-unstable -

pkgs.x11_ssh_askpass

Lightweight passphrase dialog for OpenSSH or other open variants of SSH

pkgs.ssh-openpgp-auth

Command-line tool that provides client-side functionality to transparently verify the identity of remote SSH hosts

  • nixos-unstable -

pkgs.ssh-key-confirmer

Test ssh login key acceptance without having the private key

  • nixos-unstable -

pkgs.sshd-openpgp-auth

Command-line tool for creating and managing OpenPGP based trust anchors for SSH host keys

  • nixos-unstable -

pkgs.gnomeExtensions.guake-ssh

Systray menu to connect to SSH hosts configured in ~/.ssh/config or any files in ~/.ssh/config.d/ using Guake.

  • nixos-unstable -
    • nixpkgs-unstable 5

pkgs.gnomeExtensions.ssh-profile-list

SSH Profile List is a GNOME extension that allows you to show SSH connections from .ssh/config file directly from the GNOME panel systray. This extension is fork of https://github.com/pramalho/guake-ssh-extension that modified to run on any terminal.

  • nixos-unstable -
    • nixpkgs-unstable 1

Package maintainers

Permalink CVE-2025-9714
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Stack overflow in libxml2

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

References

Affected products

libxml2
  • <2.12.7+dfsg+really2.9.14-0.4ubuntu0.3
  • <2.9.3+dfsg1-1ubuntu0.7+esm10
  • <2.9.1+dfsg1-3ubuntu4.13+esm9
  • <2.10.0
  • <2.9.14+dfsg-1.3ubuntu3.5
  • <2.9.4+dfsg1-6.1ubuntu1.9+esm5
  • <2.9.10+dfsg-5ubuntu0.20.04.10+esm2
  • <2.9.13+dfsg-1ubuntu0.9

Matching in nixpkgs

pkgs.libxml2

XML parsing library for C

  • nixos-unstable -

Package maintainers

Permalink CVE-2025-8277
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months ago
Libssh: memory exhaustion via repeated key exchange in libssh

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

References

Affected products

rhcos
libssh
  • <0.11.3
  • <0.11.4
libssh2

Matching in nixpkgs

pkgs.libssh

SSH client library

  • nixos-unstable -

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

  • nixos-unstable -

Package maintainers

Permalink CVE-2025-10044
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Keycloak: keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the error_description query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages (e.g., fake support phone numbers or URLs), which are displayed within the trusted Keycloak UI. This creates a phishing vector, potentially tricking users into contacting malicious actors.

References

Affected products

keycloak
  • <26.2.9
rhbk/keycloak-rhel9
  • *
rhbk/keycloak-rhel9-operator
  • *
rhbk/keycloak-operator-bundle
  • *
Red Hat build of Keycloak 26.2.9

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

  • nixos-unstable -

Package maintainers