Nixos Hydra

5 CVEs affecting Nixos Hydra. Latest disclosed: 2025-08-12. Critical: 0, High: 2.

Top CVEs affecting Nixos Hydra
CVESeverityScorePublishedSummary
CVE-2025-54864High7.52025-08-12Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding…
CVE-2024-45049High7.52024-08-27Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the s…
CVE-2025-54800Medium6.12025-08-12Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the…
CVE-2024-32657Medium4.62024-04-22Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticate…
CVE-2025-32435Low2.62025-04-15Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessib…