Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

The Nixpkgs Security Tracker is a web service for managing information on vulnerabilities in software distributed through Nixpkgs and NixOS.

It is intended to help with solving the record linkage problem of matching packages in the CVE database and Nixpkgs.

Workflow

Untriaged suggestions are automatically generated matches between a CVE Record and Nixpkgs derivations.

Dismissed suggestions are CVEs that already were classified by a human as not affecting Nixpkgs.

Accepted suggestions are slated to be published, but might need further refinement.

Published issues have a persistent identifier and link to GitHub issues, where maintainers are notified and mitigation is coordinated.

Contributors

Nixpkgs committers can edit suggestions to help the NixOS security team with triaging.

Nixpkgs maintainers are encouraged to check their notifications.

Users

If you use NixOS or otherwise rely on software from Nixpkgs, subscribe to notifications on published vulnerabilities.