Nixpkgs Security Tracker

Permalink CVE-2025-69397

created 1 month ago

WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tint tint allows PHP Local File Inclusion.This issue affects Tint: from n/a through <= 1.7.

References

https://patchstack.com/database/Wordpress/Theme/tint/vulnerability/wordpress-ti… vdb-entry

Affected products

tint

=<<= 1.7

Matching in nixpkgs

pkgs.tint

Command-line tool to recolor images using theme palettes

nixos-unstable 0.1.7
- nixpkgs-unstable 0.1.7
- nixos-unstable-small 0.1.7
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.tint2

Simple panel/taskbar unintrusive and light (memory, cpu, aestetic)

nixos-unstable 17.1.3
- nixpkgs-unstable 17.1.3
- nixos-unstable-small 17.1.3
nixos-25.11 17.1.3
- nixos-25.11-small 17.1.3
- nixpkgs-25.11-darwin 17.1.3

pkgs.tinty

Base16 and base24 color scheme manager

nixos-unstable 0.29.0
- nixpkgs-unstable 0.29.0
- nixos-unstable-small 0.29.0
nixos-25.11 0.29.0
- nixos-25.11-small 0.29.0
- nixpkgs-25.11-darwin 0.29.0

pkgs.tintin

Free MUD client for macOS, Linux and Windows

nixos-unstable 2.02.60
- nixpkgs-unstable 2.02.60
- nixos-unstable-small 2.02.60
nixos-25.11 2.02.51
- nixos-25.11-small 2.02.51
- nixpkgs-25.11-darwin 2.02.51

pkgs.xfractint

None

nixos-unstable 20.04p16
- nixpkgs-unstable 20.04p16
- nixos-unstable-small 20.04p16
nixos-25.11 20.04p16
- nixos-25.11-small 20.04p16
- nixpkgs-25.11-darwin 20.04p16

pkgs.ocamlPackages.optint

Abstract type of integer between x64 and x86 architecture

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 0.3.0
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.gnomeExtensions.alphatint

Artificially reduce brightness of your displays (including external monitors).

pkgs.gnomeExtensions.colortint

Tint your desktop with a color of your choice to help with dyslexia, scopic sensitivity, and related conditions.

pkgs.libsForQt5.kontactinterface

None

pkgs.ocamlPackages_latest.optint

Abstract type of integer between x64 and x86 architecture

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.gnomeExtensions.tinted-shell

Tints GNOME Shell elements with the system accent color while preserving the original visual style.

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5

pkgs.kdePackages.kontactinterface

Support libraries to assist integration with Kontact

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.kontactinterface

None

pkgs.gnomeExtensions.rebootintowindows

Reboot system into Windows with GRUB

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4
nixos-25.11 4
- nixos-25.11-small 4
- nixpkgs-25.11-darwin 4

pkgs.grafanaPlugins.doitintl-bigquery-datasource

BigQuery DataSource for Grafana

nixos-unstable 2.0.3
- nixpkgs-unstable 2.0.3
- nixos-unstable-small 2.0.3
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.python312Packages.azure-ai-documentintelligence

Azure AI Document Intelligence client library for Python

nixos-25.11 1.0.2
- nixos-25.11-small 1.0.2
- nixpkgs-25.11-darwin 1.0.2

pkgs.python313Packages.azure-ai-documentintelligence

Azure AI Document Intelligence client library for Python

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.2
- nixos-25.11-small 1.0.2
- nixpkgs-25.11-darwin 1.0.2

pkgs.python314Packages.azure-ai-documentintelligence

Azure AI Document Intelligence client library for Python

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2

Package maintainers

@honnip Jung seungwoo <me@honnip.page>
@NickCao Nick Cao <nickcao@nichi.co>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@FRidh Frederik Rietdijk <fridh@fridh.nl>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@K900 Ilya K. <me@0upti.me>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@bkchr Bastian Köcher <nixos@kchr.de>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@vandenoever Jos van den Oever <jos@vandenoever.info>
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@abathur Travis A. Everett <travis.a.everett+nixpkgs@gmail.com>
@pluiedev Leah Amelia Chen <hi@pluie.me>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@jwygoda Jarosław Wygoda <jaroslaw@wygoda.me>
@vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
@ashish0kumar Ashish Kumar <ashishkumar901336@gmail.com>

Permalink CVE-2025-68843

created 1 month ago

WordPress FeedWordPress Advanced Filters plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Schuiling FeedWordPress Advanced Filters faf allows Reflected XSS.This issue affects FeedWordPress Advanced Filters: from n/a through <= 0.6.2.

References

https://patchstack.com/database/Wordpress/Plugin/faf/vulnerability/wordpress-fe… vdb-entry

Affected products

faf

=<<= 0.6.2

Matching in nixpkgs

pkgs.maiko

Medley Interlisp virtual machine

nixos-unstable 250616-de1fafba
- nixpkgs-unstable 250616-de1fafba
- nixos-unstable-small 250616-de1fafba
nixos-25.11 250616-de1fafba
- nixos-25.11-small 250616-de1fafba
- nixpkgs-25.11-darwin 250616-de1fafba

pkgs.error-inject.mce-inject

MCE error injection tool

nixos-unstable 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixpkgs-unstable 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixos-unstable-small 4cbe46321b4a81365ff3aafafe63967264dbfec5
nixos-25.11 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixos-25.11-small 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixpkgs-25.11-darwin 4cbe46321b4a81365ff3aafafe63967264dbfec5

pkgs.tests.fetchzip.postFetch

None

nixos-25.11 xav2rax2mfaf
- nixos-25.11-small xav2rax2mfaf
- nixpkgs-25.11-darwin xav2rax2mfaf

Permalink CVE-2019-13758

created 1 month ago

Insufficient policy enforcement in navigation in Google Chrome on Android …

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

References

https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop… x_refsource_MISC
https://crbug.com/979441 x_refsource_MISC
RHSA-2019:4238 vendor-advisory x_refsource_REDHAT
openSUSE-SU-2019:2692 vendor-advisory x_refsource_SUSE
FEDORA-2019-1a10c04281 vendor-advisory x_refsource_FEDORA
openSUSE-SU-2019:2694 vendor-advisory x_refsource_SUSE
FEDORA-2020-4355ea258e vendor-advisory x_refsource_FEDORA
20200120 [SECURITY] [DSA 4606-1] chromium security update mailing-list x_refsource_BUGTRAQ
DSA-4606 vendor-advisory x_refsource_DEBIAN
GLSA-202003-08 vendor-advisory x_refsource_GENTOO
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop… x_transferred x_refsource_MISC
https://crbug.com/979441 x_transferred x_refsource_MISC
RHSA-2019:4238 vendor-advisory x_refsource_REDHAT x_transferred
openSUSE-SU-2019:2692 vendor-advisory x_transferred x_refsource_SUSE
FEDORA-2019-1a10c04281 vendor-advisory x_transferred x_refsource_FEDORA
openSUSE-SU-2019:2694 vendor-advisory x_transferred x_refsource_SUSE
FEDORA-2020-4355ea258e vendor-advisory x_transferred x_refsource_FEDORA
20200120 [SECURITY] [DSA 4606-1] chromium security update mailing-list x_transferred x_refsource_BUGTRAQ
DSA-4606 vendor-advisory x_refsource_DEBIAN x_transferred
GLSA-202003-08 vendor-advisory x_refsource_GENTOO x_transferred

Affected products

Chrome

<79.0.3945.79

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.5.2
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.3.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@teutat3s teutat3s <teutates@mailbox.org>
@TomaSajt TomaSajt
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2025-67980

created 1 month ago

WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17.

References

https://patchstack.com/database/Wordpress/Theme/hara/vulnerability/wordpress-ha… vdb-entry

Affected products

hara

=<<= 1.2.17

Matching in nixpkgs

pkgs.charasay

Future of cowsay - Colorful characters saying something

nixos-unstable 3.3.0
- nixpkgs-unstable 3.3.0
- nixos-unstable-small 3.3.0
nixos-25.11 3.3.0
- nixos-25.11-small 3.3.0
- nixpkgs-25.11-darwin 3.3.0

pkgs.gnome-characters

Simple utility application to find and insert unusual characters

nixos-unstable 49.1
- nixpkgs-unstable 49.1
- nixos-unstable-small 49.1
nixos-25.11 49.1
- nixos-25.11-small 49.1
- nixpkgs-25.11-darwin 49.1

pkgs.keepass-charactercopy

None

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.unicode-character-database

Unicode Character Database

nixos-unstable 17.0.0
- nixpkgs-unstable 17.0.0
- nixos-unstable-small 17.0.0
nixos-25.11 17.0.0
- nixos-25.11-small 17.0.0
- nixpkgs-25.11-darwin 17.0.0

pkgs.haskellPackages.character-ps

Pattern synonyms for ASCII characters for Word8, Word16 etc

nixos-unstable 0.1
- nixpkgs-unstable 0.1
- nixos-unstable-small 0.1
nixos-25.11 0.1
- nixos-25.11-small 0.1
- nixpkgs-25.11-darwin 0.1

pkgs.coqPackages.mathcomp-character

None

nixos-unstable core9.0-mathcomp-character-2.5.0
- nixpkgs-unstable core9.0-mathcomp-character-2.5.0
- nixos-unstable-small core9.0-mathcomp-character-2.5.0
nixos-25.11 2.5.0
- nixos-25.11-small 2.5.0
- nixpkgs-25.11-darwin 2.5.0

pkgs.rocqPackages.mathcomp-character

None

nixos-unstable core9.0-mathcomp-character-2.5.0
- nixpkgs-unstable core9.0-mathcomp-character-2.5.0
- nixos-unstable-small core9.0-mathcomp-character-2.5.0

pkgs.python312Packages.characteristic

Python attributes without boilerplate

nixos-25.11 14.3.0
- nixos-25.11-small 14.3.0
- nixpkgs-25.11-darwin 14.3.0

pkgs.python313Packages.characteristic

Python attributes without boilerplate

nixos-25.11 14.3.0
- nixos-25.11-small 14.3.0
- nixpkgs-25.11-darwin 14.3.0

pkgs.magnetophonDSP.CharacterCompressor

Compressor with character. For jack and lv2

nixos-unstable 0.3.3
- nixpkgs-unstable 0.3.3
- nixos-unstable-small 0.3.3
nixos-25.11 0.3.3
- nixos-25.11-small 0.3.3
- nixpkgs-25.11-darwin 0.3.3

pkgs.python312Packages.character-encoding-utils

Some character encoding utils

nixos-25.11 0.0.9
- nixos-25.11-small 0.0.9
- nixpkgs-25.11-darwin 0.0.9

pkgs.python313Packages.character-encoding-utils

Some character encoding utils

nixos-unstable 0.0.9
- nixpkgs-unstable 0.0.9
- nixos-unstable-small 0.0.9
nixos-25.11 0.0.9
- nixos-25.11-small 0.0.9
- nixpkgs-25.11-darwin 0.0.9

pkgs.python314Packages.character-encoding-utils

Some character encoding utils

nixos-unstable 0.0.9
- nixpkgs-unstable 0.0.9
- nixos-unstable-small 0.0.9

Package maintainers

@hmajid2301 Haseeb Majid <hello@haseebmajid.dev>
@CohenCyril Cyril Cohen <cyril.cohen@inria.fr>
@vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
@jwiegley John Wiegley <johnw@newartisans.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@TakWolf TakWolf <takwolf@foxmail.com>
@h7x4 h7x4 <h7x4@nani.wtf>

Permalink CVE-2019-13723

created 1 month ago

Use after free in WebBluetooth in Google Chrome prior to …

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

References

https://crbug.com/1024121 x_refsource_MISC
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop… x_refsource_MISC
RHSA-2019:3955 vendor-advisory x_refsource_REDHAT
FEDORA-2019-3e46b182ff vendor-advisory x_refsource_FEDORA
FEDORA-2019-00d5e55259 vendor-advisory x_refsource_FEDORA
openSUSE-SU-2019:2693 vendor-advisory x_refsource_SUSE
GLSA-202003-08 vendor-advisory x_refsource_GENTOO
https://crbug.com/1024121 x_transferred x_refsource_MISC
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop… x_transferred x_refsource_MISC
RHSA-2019:3955 vendor-advisory x_refsource_REDHAT x_transferred
FEDORA-2019-3e46b182ff vendor-advisory x_transferred x_refsource_FEDORA
FEDORA-2019-00d5e55259 vendor-advisory x_transferred x_refsource_FEDORA
openSUSE-SU-2019:2693 vendor-advisory x_transferred x_refsource_SUSE
GLSA-202003-08 vendor-advisory x_refsource_GENTOO x_transferred

Affected products

Chrome

<78.0.3904.108

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.5.2
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.3.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@teutat3s teutat3s <teutates@mailbox.org>
@TomaSajt TomaSajt
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2026-2033

created 1 month ago

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.

References

ZDI-26-105 x_research-advisory
vendor-provided URL vendor-advisory

Affected products

MLflow

==3.1.1 and 5b9c01925c2e2a8cf0951f155a6a468ff99cfe0f

Matching in nixpkgs

pkgs.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.pkgsRocm.mlflow-server

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python312Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python313Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python314Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1

pkgs.pkgsRocm.python3Packages.mlflow

Open source platform for the machine learning lifecycle

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python312Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.pkgsRocm.python3Packages.sagemaker-mlflow

MLFlow plugin for SageMaker

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

Package maintainers

@tbenst Tyler Benster <nix@tylerbenster.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Permalink CVE-2019-13716

created 1 month ago

Insufficient policy enforcement in service workers in Google Chrome prior …

Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

References

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop… x_refsource_MISC
https://crbug.com/1005948 x_refsource_MISC
openSUSE-SU-2020:0010 vendor-advisory x_refsource_SUSE
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop… x_transferred x_refsource_MISC
https://crbug.com/1005948 x_transferred x_refsource_MISC
openSUSE-SU-2020:0010 vendor-advisory x_transferred x_refsource_SUSE

Affected products

Chrome

<78.0.3904.70

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.5.2
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.3.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@teutat3s teutat3s <teutates@mailbox.org>
@TomaSajt TomaSajt
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2025-68545

created 1 month ago

WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.

References

https://patchstack.com/database/Wordpress/Theme/nika/vulnerability/wordpress-ni… vdb-entry

Affected products

nika

=<<= 1.2.14

Matching in nixpkgs

pkgs.nika-fonts

Persian/Arabic Open Source Font

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python312Packages.minikanren

Relational programming in Python

nixos-25.11 1.0.5
- nixos-25.11-small 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.minikanren

Relational programming in Python

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixos-25.11-small 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python314Packages.minikanren

Relational programming in Python

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5

Package maintainers

@Etjean Etienne Jean <et.jean@outlook.fr>

Permalink CVE-2019-13728

created 1 month ago

Out of bounds write in JavaScript in Google Chrome prior …

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop… x_refsource_MISC
https://crbug.com/1024758 x_refsource_MISC
RHSA-2019:4238 vendor-advisory x_refsource_REDHAT
openSUSE-SU-2019:2692 vendor-advisory x_refsource_SUSE
FEDORA-2019-1a10c04281 vendor-advisory x_refsource_FEDORA
openSUSE-SU-2019:2694 vendor-advisory x_refsource_SUSE
FEDORA-2020-4355ea258e vendor-advisory x_refsource_FEDORA
20200120 [SECURITY] [DSA 4606-1] chromium security update mailing-list x_refsource_BUGTRAQ
DSA-4606 vendor-advisory x_refsource_DEBIAN
GLSA-202003-08 vendor-advisory x_refsource_GENTOO
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop… x_transferred x_refsource_MISC
https://crbug.com/1024758 x_transferred x_refsource_MISC
RHSA-2019:4238 vendor-advisory x_refsource_REDHAT x_transferred
openSUSE-SU-2019:2692 vendor-advisory x_transferred x_refsource_SUSE
FEDORA-2019-1a10c04281 vendor-advisory x_transferred x_refsource_FEDORA
openSUSE-SU-2019:2694 vendor-advisory x_transferred x_refsource_SUSE
FEDORA-2020-4355ea258e vendor-advisory x_transferred x_refsource_FEDORA
20200120 [SECURITY] [DSA 4606-1] chromium security update mailing-list x_transferred x_refsource_BUGTRAQ
DSA-4606 vendor-advisory x_refsource_DEBIAN x_transferred
GLSA-202003-08 vendor-advisory x_refsource_GENTOO x_transferred

Affected products

Chrome

<79.0.3945.79

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.109
nixos-25.11 145.0.7632.75
- nixos-25.11-small 145.0.7632.75
- nixpkgs-25.11-darwin 145.0.7632.75

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.5.2
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.3.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@teutat3s teutat3s <teutates@mailbox.org>
@TomaSajt TomaSajt
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2026-2038

created 1 month ago

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.

References

ZDI-26-075 x_research-advisory

Affected products

Archiver

==15.10

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

nixos-25.11 3.5.1
- nixos-25.11-small 3.5.1
- nixpkgs-25.11-darwin 3.5.1

pkgs.xarchiver

GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)

nixos-unstable 0.5.4.26
- nixpkgs-unstable 0.5.4.26
- nixos-unstable-small 0.5.4.26
nixos-25.11 0.5.4.26
- nixos-25.11-small 0.5.4.26
- nixpkgs-25.11-darwin 0.5.4.26

pkgs.fsarchiver

File system archiver for linux

nixos-unstable 0.8.9
- nixpkgs-unstable 0.8.9
- nixos-unstable-small 0.8.9
nixos-25.11 0.8.8
- nixos-25.11-small 0.8.8
- nixpkgs-25.11-darwin 0.8.8

pkgs.the-unarchiver

Unpacks archive files

nixos-unstable 4.3.9
- nixpkgs-unstable 4.3.9
- nixos-unstable-small 4.3.9
nixos-25.11 4.3.9
- nixos-25.11-small 4.3.9
- nixpkgs-25.11-darwin 4.3.9

pkgs.lxqt.lxqt-archiver

Archive tool for the LXQt desktop environment

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.3.0
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.CuboCore.corearchiver

Archiver from the C Suite to create and extract archives

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0
nixos-25.11 5.0.0
- nixos-25.11-small 5.0.0
- nixpkgs-25.11-darwin 5.0.0

pkgs.wayback-machine-archiver

Python script to submit web pages to the Wayback Machine for archiving

nixos-unstable 1.9.1
- nixpkgs-unstable 1.9.1
- nixos-unstable-small 1.9.1
nixos-25.11 1.9.1
- nixos-25.11-small 1.9.1
- nixpkgs-25.11-darwin 1.9.1

pkgs.python312Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

nixos-25.11 1.5.2
- nixos-25.11-small 1.5.2
- nixpkgs-25.11-darwin 1.5.2

pkgs.python313Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

nixos-unstable 1.5.2
- nixpkgs-unstable 1.5.2
- nixos-unstable-small 1.5.2
nixos-25.11 1.5.2
- nixos-25.11-small 1.5.2
- nixpkgs-25.11-darwin 1.5.2

pkgs.python314Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

nixos-unstable 1.5.2
- nixpkgs-unstable 1.5.2
- nixos-unstable-small 1.5.2

Package maintainers

@dan4ik605743 Danil Danevich <6057430gu@gmail.com>
@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@jchv John Chadwick <johnwchadwick@gmail.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@PapayaJackal PapayaJackal
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
@D4ndellion Daniel Olsen <daniel@dodsorf.as>
@domenkozar Domen Kozar <domen@dev.si>

Automatically generated suggestions

References

Affected products

Matching in nixpkgs

pkgs.tint

pkgs.tint2

pkgs.tinty

pkgs.tintin

pkgs.xfractint

pkgs.ocamlPackages.optint

pkgs.gnomeExtensions.alphatint

pkgs.gnomeExtensions.colortint

pkgs.libsForQt5.kontactinterface

pkgs.ocamlPackages_latest.optint

pkgs.gnomeExtensions.tinted-shell

pkgs.kdePackages.kontactinterface

pkgs.plasma5Packages.kontactinterface

pkgs.gnomeExtensions.rebootintowindows

pkgs.grafanaPlugins.doitintl-bigquery-datasource

pkgs.python312Packages.azure-ai-documentintelligence

pkgs.python313Packages.azure-ai-documentintelligence

pkgs.python314Packages.azure-ai-documentintelligence

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.maiko

pkgs.error-inject.mce-inject

pkgs.tests.fetchzip.postFetch

References

Affected products

Matching in nixpkgs

pkgs.netflix

pkgs.chromedriver

pkgs.mkchromecast

pkgs.chrome-export

pkgs.go-chromecast

pkgs.google-chrome

pkgs.xf86videoopenchrome

pkgs.chrome-token-signing

pkgs.chrome-pak-customizer

pkgs.electron-chromedriver

pkgs.xf86-video-openchrome

pkgs.curl-impersonate-chrome

pkgs.undetected-chromedriver

pkgs.electron-chromedriver_33

pkgs.electron-chromedriver_34

pkgs.electron-chromedriver_35

pkgs.electron-chromedriver_36

pkgs.electron-chromedriver_37

pkgs.electron-chromedriver_38

pkgs.electron-chromedriver_39

pkgs.electron-chromedriver_40

pkgs.xorg.xf86videoopenchrome

pkgs.ocamlPackages.chrome-trace

pkgs.noto-fonts-monochrome-emoji

pkgs.python312Packages.pychromecast

pkgs.python313Packages.pychromecast

pkgs.python314Packages.pychromecast

pkgs.ocamlPackages_latest.chrome-trace

pkgs.python312Packages.undetected-chromedriver

pkgs.python313Packages.undetected-chromedriver

pkgs.python314Packages.undetected-chromedriver

pkgs.grafanaPlugins.ventura-psychrometric-panel

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.charasay

pkgs.gnome-characters

pkgs.keepass-charactercopy

pkgs.unicode-character-database

pkgs.haskellPackages.character-ps

pkgs.coqPackages.mathcomp-character

pkgs.rocqPackages.mathcomp-character

pkgs.python312Packages.characteristic

pkgs.python313Packages.characteristic

pkgs.magnetophonDSP.CharacterCompressor

pkgs.python312Packages.character-encoding-utils

pkgs.python313Packages.character-encoding-utils