The Nixpkgs Security Tracker is a web service for managing information on vulnerabilities in software distributed through Nixpkgs and NixOS. It operates on the following distinctions:
- Untriaged suggestions are automatically generated matches between a CVE and Nixpkgs derivations.
- Dismissed suggestions are CVEs that already were classified by a human as not affecting Nixpkgs.
- Draft issues are matches between a CVE and Nixpkgs attributes that were selected as security relevant. They are slated to be published as a GitHub issue, but might need further refinement.
- Published issues have a persistent identifier and link to GitHub issues, which are used for notifications and coordinating mitigation.