Nixpkgs security tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2020-36993
6.4 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

LimeSurvey
  • =<4.3.10
Permalink CVE-2025-69289
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

discourse
  • ==>= 2026.1.0-latest, < 2026.1.0
  • ==>= 2025.11.0-latest, < 2025.11.2
  • ==>= 2025.12.0-latest, < 2025.12.1
  • ==< 3.5.4
Permalink CVE-2025-33219
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

NVIDIA Display Driver for Linux contains a vulnerability in the …

Tesla
  • ==All driver versions prior to 570.211.01
  • ==All driver versions prior to 535.288.01
  • ==All driver versions prior to 590.48.01
  • ==All driver versions prior to 580.126.09
GeForce
  • ==All driver versions prior to 570.211.01
  • ==All driver versions prior to 535.288.01
  • ==All driver versions prior to 590.48.01
  • ==All driver versions prior to 580.126.09
Guest driver
  • ==580.105.08(All versions up to and including the November 2025 release)
  • ==580.105.08(All versions prior to and including vGPU software 19.3)
  • ==570.195.03(All versions prior to and including vGPU software 18.5)
  • ==535.274.02(All versions prior to and including vGPU software 16.12)
Virtual GPU Manager
  • ==570.195.02(All versions prior to and including vGPU software 18.5)
  • ==580.105.06(All versions prior to and including vGPU software 19.3)
  • ==535.274.03(All versions prior to and including vGPU software 16.12)
  • ==580.105.06(All versions up to and including the November 2025 release)
RTX PRO, RTX, Quadro
  • ==All driver versions prior to 570.211.01
  • ==All driver versions prior to 535.288.01
  • ==All driver versions prior to 590.48.01
  • ==All driver versions prior to 580.126.09
Permalink CVE-2026-21865
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

Discourse topic conversion permission vulnerability for moderators

discourse
  • ==>= 2026.1.0-latest, < 2026.1.0
  • ==>= 2025.11.0-latest, < 2025.11.2
  • ==>= 2025.12.0-latest, < 2025.12.1
  • ==< 3.5.4
Permalink CVE-2025-33218
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

NVIDIA GPU Display Driver for Windows contains a vulnerability in …

Tesla
  • ==All driver versions prior to 582.16
  • ==All driver versions prior to 539.64
  • ==All driver versions prior to 573.91
  • ==All driver versions prior to 591.59
GeForce
  • ==All driver versions prior to 591.59
Guest driver
  • ==539.56(All versions prior to and including vGPU software 16.12)
  • ==573.76(All versions prior to and including vGPU software 18.5)
  • ==581.80(All versions prior to and including vGPU software 19.3)
RTX PRO, RTX, Quadro
  • ==All driver versions prior to 582.16
  • ==All driver versions prior to 539.64
  • ==All driver versions prior to 591.59
  • ==All driver versions prior to 573.96
Permalink CVE-2026-24857
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

bulk_extractor has Heap-based Buffer Overflow vulnerability

bulk_extractor
  • ==>= 1.4, <= 2.1.1
Permalink CVE-2025-15344
6.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

Tanium addressed a SQL injection vulnerability in Asset.

Asset
  • <1.28.254
  • <1.32.161
  • <1.33.250
Permalink CVE-2026-23743
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users

discourse
  • ==>= 2026.1.0-latest, < 2026.1.0
  • ==>= 2025.11.0-latest, < 2025.11.2
  • ==>= 2025.12.0-latest, < 2025.12.1
  • ==< 3.5.4
Permalink CVE-2026-24739
6.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

symfony
  • ==>= 7.4.0, < 7.4.5
  • ==>= 7.3.0, < 7.3.11
  • ==< 5.4.51
  • ==>= 6.4.0, < 6.4.33
  • ==>= 8.0.0 , < 8.0.5
Permalink CVE-2025-33217
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 3 months, 1 week ago Activity log
  • Created suggestion 3 months, 1 week ago

NVIDIA Display Driver for Windows contains a vulnerability where an …

Tesla
  • ==All driver versions prior to 582.16
  • ==All driver versions prior to 539.64
  • ==All driver versions prior to 591.59
  • ==All driver versions prior to 573.96
GeForce
  • ==All driver versions prior to 591.59
RTX PRO, RTX, Quadro
  • ==All driver versions prior to 582.16
  • ==All driver versions prior to 539.64
  • ==All driver versions prior to 591.59
  • ==All driver versions prior to 573.96