Nixos Hydra
5 CVEs affecting Nixos Hydra. Latest disclosed: 2025-08-12. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54864 | High | 7.5 | 2025-08-12 | Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding… |
CVE-2024-45049 | High | 7.5 | 2024-08-27 | Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the s… |
CVE-2025-54800 | Medium | 6.1 | 2025-08-12 | Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the… |
CVE-2024-32657 | Medium | 4.6 | 2024-04-22 | Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticate… |
CVE-2025-32435 | Low | 2.6 | 2025-04-15 | Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessib… |