Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Published issues

All published security issues are tracked and resolved on GitHub.

NIXPKGS-2026-0006
published 4 months, 2 weeks ago
updated 4 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created suggestion
  • @fricklerhandwerk ignored
    31 packages
    • netflix
    • chromedriver
    • mkchromecast
    • chrome-export
    • go-chromecast
    • xf86videoopenchrome
    • chrome-token-signing
    • chrome-pak-customizer
    • electron-chromedriver
    • xf86-video-openchrome
    • curl-impersonate-chrome
    • electron-chromedriver_33
    • electron-chromedriver_34
    • electron-chromedriver_35
    • electron-chromedriver_36
    • electron-chromedriver_37
    • electron-chromedriver_38
    • electron-chromedriver_39
    • electron-chromedriver_40
    • xorg.xf86videoopenchrome
    • ocamlPackages.chrome-trace
    • noto-fonts-monochrome-emoji
    • python312Packages.pychromecast
    • python313Packages.pychromecast
    • python314Packages.pychromecast
    • ocamlPackages_latest.chrome-trace
    • python312Packages.undetected-chromedriver
    • python313Packages.undetected-chromedriver
    • python314Packages.undetected-chromedriver
    • grafanaPlugins.ventura-psychrometric-panel
    • undetected-chromedriver
  • @fricklerhandwerk accepted
  • @fricklerhandwerk restored package chromedriver
  • @fricklerhandwerk published on GitHub

Out of bounds read and write in Tint in Google …


Chrome
  • <145.0.7632.116
Upstream: https://issues.chromium.org/issues/483751167
NIXPKGS-2026-0004
published 5 months, 2 weeks ago
Permalink CVE-2024-45781
6.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 5 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created suggestion
  • @fricklerhandwerk ignored package grub2_pvhgrub_image
  • @fricklerhandwerk accepted
  • @fricklerhandwerk published on GitHub

Grub2: fs/ufs: oob write in the heap


grub2
  • =<2.12
  • *
rhcos
NIXPKGS-2026-0005
published 5 months, 2 weeks ago
Permalink CVE-2026-1587
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 5 months, 2 weeks ago by @fricklerhandwerk Activity log
  • Created suggestion
  • @fricklerhandwerk dismissed
  • @fricklerhandwerk accepted
  • @fricklerhandwerk published on GitHub

Open5GS SGWC s11-handler.c sgwc_s11_handle_modify_bearer_request denial of service


Open5GS
  • ==2.7.6
  • ==2.7.3
  • ==2.7.2
  • ==2.7.1
  • ==2.7.0
  • ==2.7.5
  • ==2.7.4
jhk
NIXPKGS-2026-0002
published 5 months, 3 weeks ago
Permalink CVE-2024-0406
6.1 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 5 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created suggestion
  • @LeSuisse accepted
  • @fricklerhandwerk ignored
    6 packages
    • xarchiver
    • fsarchiver
    • wayback-machine-archiver
    • CuboCore.corearchiver
    • python311Packages.nskeyedunarchiver
    • python312Packages.nskeyedunarchiver
  • @fricklerhandwerk deleted
    4 maintainers
    • @dan4ik605743
    • @kalbasit
    • @romildo
    • @jchv
    maintainer.delete
  • @fricklerhandwerk published on GitHub

Mholt/archiver: path traversal vulnerability


mholt
  • ==4
archiver
  • *
  • *
openshift4/oc-mirror-plugin-rhel8
openshift4/oc-mirror-plugin-rhel9
  • *
advanced-cluster-security/rhacs-main-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-scanner-rhel8
NIXPKGS-2026-0001
published 5 months, 4 weeks ago
Permalink CVE-2025-7195
5.2 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): High (H)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): Low (L)
updated 5 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created suggestion
  • @fricklerhandwerk accepted
  • @fricklerhandwerk published on GitHub

Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd


operator-sdk
  • <0.15.2
odf4/cephcsi-rhel9
  • *
odf4/mcg-cli-rhel9
  • *
odf4/odf-cli-rhel9
  • *
odf4/mcg-core-rhel9
  • *
odf4/odf-console-rhel9
  • *
odf4/mcg-rhel9-operator
  • *
odf4/ocs-rhel9-operator
  • *
odf4/odf-rhel9-operator
  • *
odf4/odr-rhel9-operator
  • *
odf4/odf-must-gather-rhel9
  • *
openshift4/cnf-tests-rhel8
openshift4/cnf-tests-rhel9
odf4/cephcsi-rhel9-operator
  • *
odf4/odf-cosi-sidecar-rhel9
  • *
odf4/ocs-client-console-rhel9
  • *
odf4/rook-ceph-rhel9-operator
  • *
rhacm2/rbac-query-proxy-rhel9
rhacm2/search-collector-rhel9
multicluster-engine/work-rhel8
multicluster-engine/work-rhel9
  • *
odf4/ocs-client-rhel9-operator
  • *
rhacm2/metrics-collector-rhel9
odf4/ocs-metrics-exporter-rhel9
  • *
apicurio/apicurio-registry-rhel8
  • *
apicurio/apicurio-studio-ui-rhel8
  • *
odf4/odf-csi-addons-sidecar-rhel9
  • *
odf4/odf-csi-addons-rhel9-operator
  • *
openshift4/ztp-site-generate-rhel8
rhacm2/iam-policy-controller-rhel9
apicurio/apicurio-registry-ui-rhel8
  • *
fuse7/fuse-apicurito-rhel8-operator
multicluster-engine/discovery-rhel8
multicluster-engine/discovery-rhel9
  • *
multicluster-engine/placement-rhel8
multicluster-engine/placement-rhel9
  • *
odf4/odf-multicluster-console-rhel9
  • *
rhacm2/acm-cluster-permission-rhel8
rhacm2/acm-cluster-permission-rhel9
  • *
rhacm2/cert-policy-controller-rhel9
odf4/odf-multicluster-rhel9-operator
  • *
rhacm2/cluster-backup-rhel9-operator
  • *
rhacm2/multicloud-integrations-rhel8
rhacm2/multicloud-integrations-rhel9
  • *
web-terminal/web-terminal-exec-rhel9
rhacm2/config-policy-controller-rhel9
rhacm2/grafana-dashboard-loader-rhel9
multicluster-engine/registration-rhel8
multicluster-engine/registration-rhel9
  • *
multicluster-engine/addon-manager-rhel8
multicluster-engine/addon-manager-rhel9
  • *
devworkspace/devworkspace-rhel8-operator
devworkspace/devworkspace-rhel9-operator
rhacm2/klusterlet-addon-controller-rhel8
rhacm2/klusterlet-addon-controller-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
apicurio/apicurio-registry-rhel8-operator
  • *
rhacm2/endpoint-monitoring-rhel9-operator
rhacm2/governance-policy-propagator-rhel9
openshift4/lifecycle-agent-operator-bundle
rhacm2/multicluster-operators-channel-rhel8
rhacm2/multicluster-operators-channel-rhel9
  • *
apicurio/apicurio-registry-3-operator-bundle
  • *
devworkspace/devworkspace-project-clone-rhel8
devworkspace/devworkspace-project-clone-rhel9
advanced-cluster-security/rhacs-rhel8-operator
compliance/openshift-compliance-rhel8-operator
  • *
container-native-virtualization/virt-api-rhel9
  • *
container-native-virtualization/pr-helper-rhel9
  • *
multicluster-engine/registration-operator-rhel8
multicluster-engine/registration-operator-rhel9
  • *
rhacm2/multicluster-operators-application-rhel8
rhacm2/multicluster-operators-application-rhel9
  • *
container-native-virtualization/aaq-server-rhel9
  • *
container-native-virtualization/virtio-win-rhel9
  • *
container-native-virtualization/wasp-agent-rhel9
  • *
rhacm2/multicluster-observability-rhel9-operator
rhacm2/multicluster-operators-subscription-rhel9
  • *
container-native-virtualization/kubemacpool-rhel9
  • *
compliance/openshift-file-integrity-rhel8-operator
  • *
container-native-virtualization/aaq-operator-rhel9
  • *
container-native-virtualization/sidecar-shim-rhel9
  • *
container-native-virtualization/virt-handler-rhel9
  • *
rhacm2/acm-governance-policy-framework-addon-rhel9
compliance/openshift-file-integrity-operator-bundle
container-native-virtualization/bridge-marker-rhel9
  • *
container-native-virtualization/virt-launcher-rhel9
  • *
container-native-virtualization/virt-operator-rhel9
  • *
multicluster-engine/hypershift-addon-rhel8-operator
multicluster-engine/hypershift-addon-rhel9-operator
container-native-virtualization/aaq-controller-rhel9
  • *
container-native-virtualization/ovs-cni-plugin-rhel9
  • *
container-native-virtualization/cnv-must-gather-rhel9
  • *
container-native-virtualization/virt-cdi-cloner-rhel9
  • *
container-native-virtualization/virt-controller-rhel9
  • *
container-native-virtualization/kubesecondarydns-rhel9
  • *
container-native-virtualization/libguestfs-tools-rhel9
  • *
container-native-virtualization/virt-exportproxy-rhel9
  • *
container-native-virtualization/vm-console-proxy-rhel9
  • *
container-native-virtualization/virt-cdi-importer-rhel9
  • *
container-native-virtualization/virt-cdi-operator-rhel9
  • *
container-native-virtualization/virt-exportserver-rhel9
  • *
container-native-virtualization/virt-cdi-apiserver-rhel9
  • *
multicluster-engine/clusterlifecycle-state-metrics-rhel8
multicluster-engine/clusterlifecycle-state-metrics-rhel9
  • *
container-native-virtualization/hco-bundle-registry-rhel9
  • *
container-native-virtualization/hostpath-csi-driver-rhel9
  • *
container-native-virtualization/virt-cdi-controller-rhel9
  • *
multicluster-globalhub/multicluster-globalhub-agent-rhel9
container-native-virtualization/hostpath-provisioner-rhel9
  • *
container-native-virtualization/virt-cdi-uploadproxy-rhel9
  • *
multicluster-engine/managedcluster-import-controller-rhel8
multicluster-engine/managedcluster-import-controller-rhel9
  • *
container-native-virtualization/kubevirt-dpdk-checkup-rhel9
  • *
container-native-virtualization/kubevirt-ssp-operator-rhel9
  • *
container-native-virtualization/virt-artifacts-server-rhel9
  • *
container-native-virtualization/virt-cdi-uploadserver-rhel9
  • *
multicluster-globalhub/multicluster-globalhub-manager-rhel9
openshift4/topology-aware-lifecycle-manager-operator-bundle
multicluster-globalhub/multicluster-globalhub-rhel9-operator
container-native-virtualization/kubevirt-console-plugin-rhel9
  • *
container-native-virtualization/multus-dynamic-networks-rhel9
  • *
multicluster-globalhub/multicluster-globalhub-operator-bundle
container-native-virtualization/kubevirt-apiserver-proxy-rhel9
  • *
container-native-virtualization/kubevirt-ipam-controller-rhel9
  • *
container-native-virtualization/kubevirt-storage-checkup-rhel9
  • *
container-native-virtualization/cluster-network-addons-operator
container-native-virtualization/kubevirt-realtime-checkup-rhel9
  • *
container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm
container-native-virtualization/vm-network-latency-checkup-rhel9
  • *
container-native-virtualization/kubevirt-template-validator-rhel9
  • *
container-native-virtualization/hostpath-provisioner-operator-rhel9
  • *
container-native-virtualization/kubevirt-common-instancetypes-rhel9
  • *
container-native-virtualization/hyperconverged-cluster-webhook-rhel9
  • *
container-native-virtualization/cluster-network-addons-operator-rhel9
  • *
container-native-virtualization/cnv-containernetworking-plugins-rhel9
  • *
container-native-virtualization/hyperconverged-cluster-operator-rhel9
  • *
container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9
container-native-virtualization/passt-network-binding-plugin-cni-rhel9
  • *
container-native-virtualization/kubevirt-api-lifecycle-automation-rhel9
  • *
container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status
container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9
  • *
container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9
  • *
container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9
  • *
container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9
NIXPKGS-2025-0024
published 7 months ago
Permalink CVE-2025-49053
5.9 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 7 months ago by @fricklerhandwerk Activity log
  • Created suggestion
  • @fricklerhandwerk ignored package pairdrop
  • @fricklerhandwerk accepted
  • @fricklerhandwerk deleted
    2 maintainers
    • @dit7ya
    • @Enzime
    maintainer.delete
  • @fricklerhandwerk published on GitHub

WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability


airdrop
  • =<1.0.5
NIXPKGS-2025-0023
published 7 months ago
Permalink CVE-2025-59030
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 7 months ago by @fricklerhandwerk Activity log
  • Created suggestion
  • @fricklerhandwerk accepted
  • @fricklerhandwerk published on GitHub

Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor


pdns-recursor
  • <5.3.3
  • <5.1.9
  • <5.2.7
NIXPKGS-2025-0021
published 8 months, 2 weeks ago
Permalink CVE-2023-46847
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
updated 8 months, 2 weeks ago by @Erethon Activity log
  • Created suggestion
  • @Erethon accepted
  • @Erethon published on GitHub

Squid: denial of service in http digest authentication


squid
  • ==6.4
  • <6.4
  • *
squid34
  • *
squid:4
  • *
NIXPKGS-2025-0022
published 8 months, 2 weeks ago
Permalink CVE-2024-11218
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 8 months, 2 weeks ago by @Erethon Activity log
  • Created suggestion
  • @fricklerhandwerk accepted
  • @Erethon published on GitHub

Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile


rhcos
  • *
podman
  • *
buildah
  • <1.33.12
  • <1.35.5
  • <1.37.6
  • *
  • <1.38.1
container-tools:rhel8
  • *
container-tools:rhel8/podman
container-tools:rhel8/buildah
NIXPKGS-2025-0020
published 9 months, 1 week ago
Permalink CVE-2025-0750
6.6 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
updated 9 months, 1 week ago by @Erethon Activity log
  • Created suggestion
  • @fricklerhandwerk accepted
  • @Erethon published on GitHub

Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting


cri-o
  • <1.33.1
  • *
rhcos