CVE-2025-54800

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16

Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is then automatically evaluated in a client's browser when a user visits the build page. This could be initiated by a third-party project during its build process.

Recommendations: Do not build untrusted packages. Do not visit the builds page.