Every CVE whose affected-product data names Nixos Hydra, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-45049 — CVSS 7.5 (high): Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any…
CVE-2025-54864 — CVSS 7.5 (high): Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called…
CVE-2025-54800 — CVSS 6.1 (medium): Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary…
CVE-2024-32657 — CVSS 4.6 (medium): Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and…
CVE-2025-32435 — CVSS 2.6 (low): Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access…