diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 36a1a054fea90..1bdaf713ab5dc 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -327,7 +327,7 @@ in
       hdfs = 295;
       mapred = 296;
       hadoop = 297;
-      hydron = 298;
+      #hydron = 298; # removed 2024-08-03
       cfssl = 299;
       cassandra = 300;
       qemu-libvirtd = 301;
@@ -637,7 +637,7 @@ in
       hdfs = 295;
       mapred = 296;
       hadoop = 297;
-      hydron = 298;
+      #hydron = 298; # removed 2024-08-03
       cfssl = 299;
       cassandra = 300;
       qemu-libvirtd = 301;
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 436aa850cd52a..6df7d784a974e 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1495,7 +1495,6 @@
   ./services/web-servers/fcgiwrap.nix
   ./services/web-servers/garage.nix
   ./services/web-servers/hitch/default.nix
-  ./services/web-servers/hydron.nix
   ./services/web-servers/jboss/default.nix
   ./services/web-servers/keter
   ./services/web-servers/lighttpd/cgit.nix
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 2e37a984a34ee..df6090e41d7d4 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -67,6 +67,7 @@ in
     (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
     (mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
+    (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
     (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
     (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
diff --git a/nixos/modules/services/web-servers/hydron.nix b/nixos/modules/services/web-servers/hydron.nix
deleted file mode 100644
index 68c0859fc3322..0000000000000
--- a/nixos/modules/services/web-servers/hydron.nix
+++ /dev/null
@@ -1,164 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  cfg = config.services.hydron;
-in with lib; {
-  options.services.hydron = {
-    enable = mkEnableOption "hydron";
-
-    dataDir = mkOption {
-      type = types.path;
-      default = "/var/lib/hydron";
-      example = "/home/okina/hydron";
-      description = "Location where hydron runs and stores data.";
-    };
-
-    interval = mkOption {
-      type = types.str;
-      default = "weekly";
-      example = "06:00";
-      description = ''
-        How often we run hydron import and possibly fetch tags. Runs by default every week.
-
-        The format is described in
-        {manpage}`systemd.time(7)`.
-      '';
-    };
-
-    password = mkOption {
-      type = types.str;
-      default = "hydron";
-      example = "dumbpass";
-      description = "Password for the hydron database.";
-    };
-
-    passwordFile = mkOption {
-      type = types.path;
-      default = "/run/keys/hydron-password-file";
-      example = "/home/okina/hydron/keys/pass";
-      description = "Password file for the hydron database.";
-    };
-
-    postgresArgs = mkOption {
-      type = types.str;
-      description = "Postgresql connection arguments.";
-      example = ''
-        {
-          "driver": "postgres",
-          "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable"
-        }
-      '';
-    };
-
-    postgresArgsFile = mkOption {
-      type = types.path;
-      default = "/run/keys/hydron-postgres-args";
-      example = "/home/okina/hydron/keys/postgres";
-      description = "Postgresql connection arguments file.";
-    };
-
-    listenAddress = mkOption {
-      type = types.nullOr types.str;
-      default = null;
-      example = "127.0.0.1:8010";
-      description = "Listen on a specific IP address and port.";
-    };
-
-    importPaths = mkOption {
-      type = types.listOf types.path;
-      default = [];
-      example = [ "/home/okina/Pictures" ];
-      description = "Paths that hydron will recursively import.";
-    };
-
-    fetchTags = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Fetch tags for imported images and webm from gelbooru.";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);
-    services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);
-    services.hydron.postgresArgs = mkDefault ''
-      {
-        "driver": "postgres",
-        "connection": "user=hydron password=${cfg.password} host=/run/postgresql dbname=hydron sslmode=disable"
-      }
-    '';
-
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "hydron" ];
-      ensureUsers = [
-        { name = "hydron";
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-
-    systemd.tmpfiles.rules = [
-      "d '${cfg.dataDir}' 0750 hydron hydron - -"
-      "d '${cfg.dataDir}/.hydron' - hydron hydron - -"
-      "d '${cfg.dataDir}/images' - hydron hydron - -"
-      "Z '${cfg.dataDir}' - hydron hydron - -"
-
-      "L+ '${cfg.dataDir}/.hydron/db_conf.json' - - - - ${cfg.postgresArgsFile}"
-    ];
-
-    systemd.services.hydron = {
-      description = "hydron";
-      after = [ "network.target" "postgresql.service" ];
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig = {
-        User = "hydron";
-        Group = "hydron";
-        ExecStart = "${pkgs.hydron}/bin/hydron serve"
-        + optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}";
-      };
-    };
-
-    systemd.services.hydron-fetch = {
-      description = "Import paths into hydron and possibly fetch tags";
-
-      serviceConfig = {
-        Type = "oneshot";
-        User = "hydron";
-        Group = "hydron";
-        ExecStart = "${pkgs.hydron}/bin/hydron import "
-        + optionalString cfg.fetchTags "-f "
-        + (escapeShellArg cfg.dataDir) + "/images " + (escapeShellArgs cfg.importPaths);
-      };
-    };
-
-    systemd.timers.hydron-fetch = {
-      description = "Automatically import paths into hydron and possibly fetch tags";
-      after = [ "network.target" "hydron.service" ];
-      wantedBy = [ "timers.target" ];
-
-      timerConfig = {
-        Persistent = true;
-        OnCalendar = cfg.interval;
-      };
-    };
-
-    users = {
-      groups.hydron.gid = config.ids.gids.hydron;
-
-      users.hydron = {
-        description = "hydron server service user";
-        home = cfg.dataDir;
-        group = "hydron";
-        uid = config.ids.uids.hydron;
-      };
-    };
-  };
-
-  imports = [
-    (mkRenamedOptionModule [ "services" "hydron" "baseDir" ] [ "services" "hydron" "dataDir" ])
-  ];
-
-  meta.maintainers = with maintainers; [ Madouura ];
-}
diff --git a/pkgs/servers/hydron/default.nix b/pkgs/servers/hydron/default.nix
deleted file mode 100644
index 912d0971f01a1..0000000000000
--- a/pkgs/servers/hydron/default.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ lib
-, buildGoModule
-, fetchFromGitHub
-, gitUpdater
-, pkg-config
-, ffmpeg_4
-}:
-
-buildGoModule rec {
-  pname = "hydron";
-  version = "3.3.6";
-
-  src = fetchFromGitHub {
-    owner = "bakape";
-    repo = "hydron";
-    rev = "v${version}";
-    hash = "sha256-Q1pZf5FPQw+pHItcZyOGx0N+iHmz9rW0+ANFsketh6E=";
-  };
-
-  vendorHash = "sha256-hKF2RCGnk/5hNS65vGoDdF1OUPSLe4PDegYlKTeqJDM=";
-  proxyVendor = true;
-
-  nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ ffmpeg_4 ];
-
-  passthru.updateScript = gitUpdater {
-    rev-prefix = "v";
-  };
-
-  meta = with lib; {
-    homepage = "https://github.com/bakape/hydron";
-    description = "High performance media tagger and organizer";
-    license = with licenses; [ lgpl3Plus ];
-    knownVulnerabilities = [ "CVE-2023-4863" ];  # Via https://github.com/chai2010/webp dep
-    maintainers = with maintainers; [ Madouura ];
-  };
-}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index a0b4ad43fbe1b..17dc611b6a7c5 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -642,6 +642,8 @@ mapAliases ({
   hll2390dw-cups = throw "The hll2390dw-cups package was dropped since it was unmaintained."; # Added 2024-06-21
   ht-rust = xh; # Added 2021-02-13
   hydra-unstable = hydra_unstable; # added 2022-05-10
+  hydron = throw "hydron has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability";
+
   hyper-haskell = throw "'hyper-haskell' has been removed. reason: has been broken for a long time and depends on an insecure electron version"; # Added 2024-03-14
   hyper-haskell-server-with-packages = throw "'hyper-haskell-server-with-packages' has been removed. reason: has been broken for a long time"; # Added 2024-03-14
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a529941abd264..3dc3b69367a67 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -25329,8 +25329,6 @@ with pkgs;
 
   https-dns-proxy = callPackage ../servers/dns/https-dns-proxy { };
 
-  hydron = callPackage ../servers/hydron { };
-
   ic-keysmith = callPackage ../tools/security/ic-keysmith { };
 
   icecream = callPackage ../servers/icecream { };