Nixpkgs security tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2025-32913
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.

References

Affected products

libsoup
  • <3.6.2
  • *
libsoup3
mingw-freetype
  • *
spice-client-win
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers

Permalink CVE-2025-32908
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: denial of service on libsoup through http/2 server

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

References

Affected products

libsoup
  • <3.6.5
libsoup3
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers

Permalink CVE-2025-32050
5.9 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: integer overflow in append_param_quoted

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

References

Affected products

libsoup
  • <3.6.1
  • *
libsoup3
mingw-freetype
  • *
spice-client-win
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers

Permalink CVE-2025-32051
5.9 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: segmentation fault when parsing malformed data uri

A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

References

Affected products

libsoup
  • <3.6.1
libsoup3

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers

Permalink CVE-2025-32049
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: denial of service attack to websocket server

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

References

Affected products

libsoup
  • *
  • =<3.6.4
libsoup3
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers

Permalink CVE-2025-2784
7.0 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

References

Affected products

libsoup
  • <3.6.5
  • *
libsoup3
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers

Permalink CVE-2025-32052
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: heap buffer overflow in sniff_unknown()

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

References

Affected products

libsoup
  • <3.6.1
  • *
libsoup3
mingw-freetype
  • *
spice-client-win
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers

Permalink CVE-2025-32053
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 8 months ago
  • @LeSuisse ignored package tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" 3 months, 2 weeks ago
Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()

A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

References

Affected products

libsoup
  • <3.6.1
  • *
libsoup3
mingw-freetype
  • *
spice-client-win
  • *

Matching in nixpkgs

pkgs.libsoup_3

HTTP client/server library for GNOME

  • nixos-unstable -

pkgs.libsoup_2_4

HTTP client/server library for GNOME

  • nixos-unstable -
Ignored packages (1)

Package maintainers