VYPR

Nixpkgs

by Nixos

Source repositories

CVEs (4)

  • CVE-2026-25137CriFeb 2, 2026
    risk 0.60cvss 9.1epss 0.10

    The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including…

  • CVE-2026-23838HigJan 19, 2026
    risk 0.57cvss epss 0.00

    Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may…

  • CVE-2025-32438HigApr 15, 2025
    risk 0.50cvss 8.8epss 0.00

    make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches…

  • CVE-2025-64766MedNov 17, 2025
    risk 0.27cvss 5.3epss 0.00

    NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice…