Nixpkgs security tracker

Permalink CVE-2025-64735

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

An out-of-bounds read vulnerability exists in the EMF functionality of …

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

References

Affected products

Affinity

<3.1.0 (March 26)

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12
nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl5Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12

pkgs.perl538Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl540Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

Package maintainers

@TomaSajt TomaSajt

Permalink CVE-2025-47873

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

An out-of-bounds read vulnerability exists in the EMF functionality of …

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

References

Affected products

Affinity

<3.1.0 (March 26)

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12
nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl5Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12

pkgs.perl538Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl540Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

Package maintainers

@TomaSajt TomaSajt

Permalink CVE-2026-22882

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

An out-of-bounds read vulnerability exists in the EMF functionality of …

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

References

Affected products

Affinity

<3.1.0 (March 26)

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12
nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl5Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12

pkgs.perl538Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl540Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

Package maintainers

@TomaSajt TomaSajt

Permalink CVE-2026-25937

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-2g3p-vwp2-7qxm x_refsource_CONFIRM

Affected products

glpi

==>= 11.0.0, < 11.0.6

Matching in nixpkgs

pkgs.glpi-agent

GLPI unified Agent for UNIX, Linux, Windows and MacOSX

nixos-unstable 1.16
- nixpkgs-unstable 1.16
- nixos-unstable-small 1.16
nixos-25.11 1.16
- nixos-25.11-small 1.16
- nixpkgs-25.11-darwin 1.16

Package maintainers

@liberodark liberodark <liberodark@gmail.com>

Permalink CVE-2025-62403

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

An out-of-bounds read vulnerability exists in the EMF functionality of …

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

References

Affected products

Affinity

<3.1.0 (March 26)

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12
nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl5Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12

pkgs.perl538Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl540Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

Package maintainers

@TomaSajt TomaSajt

Permalink CVE-2025-65119

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

An out-of-bounds read vulnerability exists in the EMF functionality of …

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

References

Affected products

Affinity

<3.1.0 (March 26)

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12
nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl5Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12

pkgs.perl538Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl540Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

Package maintainers

@TomaSajt TomaSajt

Permalink CVE-2025-66000

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

An out-of-bounds read vulnerability exists in the EMF functionality of …

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

References

Affected products

Affinity

<3.1.0 (March 26)

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12
nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl5Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12

pkgs.perl538Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl540Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

Package maintainers

@TomaSajt TomaSajt

Permalink CVE-2026-3633

3.9 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): High (H)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Libsoup: libsoup: header and http request injection via crlf injection

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.

References

https://access.redhat.com/security/cve/CVE-2026-3633 vdb-entryx_refsource_REDHAT
RHBZ#2445128 issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/484

Affected products

libsoup

libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5
nixos-25.11 3.6.6
- nixos-25.11-small 3.6.6
- nixpkgs-25.11-darwin 3.6.6

pkgs.libsoup_2_4

HTTP client/server library for GNOME

nixos-unstable 2.74.3
- nixpkgs-unstable 2.74.3
- nixos-unstable-small 2.74.3
nixos-25.11 2.74.3
- nixos-25.11-small 2.74.3
- nixpkgs-25.11-darwin 2.74.3

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>

Permalink CVE-2025-64301

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

An out‑of‑bounds write vulnerability exists in the EMF functionality of …

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.

References

Affected products

Affinity

<3.1.0 (March 26)

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12
nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl5Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-unstable 1.12
- nixpkgs-unstable 1.12
- nixos-unstable-small 1.12

pkgs.perl538Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

pkgs.perl540Packages.SysCpuAffinity

Set CPU affinity for processes

nixos-25.11 1.12
- nixos-25.11-small 1.12
- nixpkgs-25.11-darwin 1.12

Package maintainers

@TomaSajt TomaSajt

Permalink CVE-2026-25936

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

GLPI Vulnerable to Authenticated SQL Injection

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-qw3x-7vv2-7759 x_refsource_CONFIRM

Affected products

glpi

==>= 11.0.0, < 11.0.6

Matching in nixpkgs

pkgs.glpi-agent

GLPI unified Agent for UNIX, Linux, Windows and MacOSX

nixos-unstable 1.16
- nixpkgs-unstable 1.16
- nixos-unstable-small 1.16
nixos-25.11 1.16
- nixos-25.11-small 1.16
- nixpkgs-25.11-darwin 1.16

Package maintainers

@liberodark liberodark <liberodark@gmail.com>

Automatically generated suggestions

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

pkgs.perl5Packages.SysCpuAffinity

pkgs.perl538Packages.SysCpuAffinity

pkgs.perl540Packages.SysCpuAffinity

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

pkgs.perl5Packages.SysCpuAffinity

pkgs.perl538Packages.SysCpuAffinity

pkgs.perl540Packages.SysCpuAffinity

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

pkgs.perl5Packages.SysCpuAffinity

pkgs.perl538Packages.SysCpuAffinity

pkgs.perl540Packages.SysCpuAffinity

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.glpi-agent

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

pkgs.perl5Packages.SysCpuAffinity

pkgs.perl538Packages.SysCpuAffinity

pkgs.perl540Packages.SysCpuAffinity

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

pkgs.perl5Packages.SysCpuAffinity

pkgs.perl538Packages.SysCpuAffinity

pkgs.perl540Packages.SysCpuAffinity

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

pkgs.perl5Packages.SysCpuAffinity

pkgs.perl538Packages.SysCpuAffinity

pkgs.perl540Packages.SysCpuAffinity

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsoup_3

pkgs.libsoup_2_4

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libsoup-gnome-2.4%22

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.SysCpuAffinity

pkgs.perl5Packages.SysCpuAffinity

pkgs.perl538Packages.SysCpuAffinity

pkgs.perl540Packages.SysCpuAffinity

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.glpi-agent

Package maintainers