Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-31083
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Xorg-x11-server: use-after-free in procrenderaddglyphs

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.

Affected products

tigervnc
  • *
xorg-x11-server
  • ==21.1.12
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

CVE-2024-31081
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Affected products

tigervnc
  • *
xorg-server
  • ==1.7.0
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

CVE-2020-25720
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Samba: check attribute access rights for ldap adds of computers

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.

Affected products

rhcos
samba
  • <4.17.8
samba4

Matching in nixpkgs

pkgs.samba

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba.x86_64-linux

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba.aarch64-linux

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba.x86_64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4.x86_64-linux

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba.aarch64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4.aarch64-linux

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4.x86_64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4.aarch64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.sambamba.x86_64-linux

SAM/BAM processing tool

pkgs.sambaFull.x86_64-linux

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.sambamba.x86_64-darwin

SAM/BAM processing tool

pkgs.sambaFull.aarch64-linux

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.sambaFull.x86_64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4Full.aarch64-linux

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4Full.x86_64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.sambaFull.aarch64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4Full.aarch64-darwin

Standard Windows interoperability suite of programs for Linux and Unix

Package maintainers: 2

CVE-2024-31082
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 5 months, 1 week ago
Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Affected products

tigervnc
xorg-server
  • <21.1.12
xorg-x11-server
xorg-x11-server-Xwayland

Matching in nixpkgs

CVE-2024-6237
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 5 months, 1 week ago
389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

Affected products

389-ds-base
  • *
  • <2.4.5
redhat-ds:12
  • *
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

Package maintainers: 1

CVE-2025-5372
5.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 5 months, 1 week ago
Libssh: incorrect return code handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

Affected products

rhcos
libssh
  • *
libssh2

Matching in nixpkgs

pkgs.libssh.x86_64-linux

SSH client library

pkgs.libssh.aarch64-linux

SSH client library

pkgs.libssh.x86_64-darwin

SSH client library

pkgs.libssh2.x86_64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh.aarch64-darwin

SSH client library

pkgs.libssh2.aarch64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.x86_64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.aarch64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.haskellPackages.libssh2

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.python311Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.haskellPackages.libssh.x86_64-linux

libssh bindings

pkgs.haskellPackages.libssh.aarch64-linux

libssh bindings

pkgs.haskellPackages.libssh.x86_64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.x86_64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh.aarch64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.aarch64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.x86_64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.aarch64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit.x86_64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.x86_64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2

Package maintainers: 3

CVE-2025-5351
4.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 months, 1 week ago
Libssh: double free vulnerability in libssh key export functions

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Affected products

rhcos
libssh
  • <0.11.2
libssh2

Matching in nixpkgs

pkgs.libssh.x86_64-linux

SSH client library

pkgs.libssh.aarch64-linux

SSH client library

pkgs.libssh.x86_64-darwin

SSH client library

pkgs.libssh2.x86_64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh.aarch64-darwin

SSH client library

pkgs.libssh2.aarch64-linux

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.x86_64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.libssh2.aarch64-darwin

Client-side C library implementing the SSH2 protocol

pkgs.haskellPackages.libssh2

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.python311Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

pkgs.haskellPackages.libssh.x86_64-linux

libssh bindings

pkgs.haskellPackages.libssh.aarch64-linux

libssh bindings

pkgs.haskellPackages.libssh.x86_64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.x86_64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh.aarch64-darwin

libssh bindings

pkgs.haskellPackages.libssh2.aarch64-linux

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.x86_64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2.aarch64-darwin

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

pkgs.haskellPackages.libssh2-conduit.x86_64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-linux

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.x86_64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.haskellPackages.libssh2-conduit.aarch64-darwin

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2

Package maintainers: 3

CVE-2024-9453
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 5 months, 1 week ago
Jenkins-image: sensitive data disclosure when using openshift jenkins image

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

Affected products

jenkins
openshift-sync-plugin
  • <1.1.0.818.v3883b_3b_df89a_

Matching in nixpkgs

pkgs.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

pkgs.python311Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

pkgs.python312Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

pkgs.python313Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

pkgs.python311Packages.python-jenkins

Python bindings for the remote Jenkins API

pkgs.python312Packages.python-jenkins

Python bindings for the remote Jenkins API

pkgs.python311Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

pkgs.python312Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

pkgs.python312Packages.jenkinsapi.x86_64-linux

Python API for accessing resources on a Jenkins continuous-integration server

pkgs.python312Packages.jenkinsapi.aarch64-linux

Python API for accessing resources on a Jenkins continuous-integration server

pkgs.python312Packages.jenkinsapi.x86_64-darwin

Python API for accessing resources on a Jenkins continuous-integration server

pkgs.python312Packages.jenkinsapi.aarch64-darwin

Python API for accessing resources on a Jenkins continuous-integration server

Package maintainers: 7

CVE-2025-52718
7.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 5 months, 1 week ago
WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.

Affected products

alone
  • =<7.8.2

Matching in nixpkgs

pkgs.selendroid

Test automation for native or hybrid Android apps and the mobile web

pkgs.argp-standalone

Standalone version of arguments parsing functions from Glibc

pkgs.htmlunit-driver

WebDriver server for running Selenium tests on the HtmlUnit headless browser

pkgs.selendroid.x86_64-linux

Test automation for native or hybrid Android apps and the mobile web

pkgs.selendroid.aarch64-linux

Test automation for native or hybrid Android apps and the mobile web

pkgs.selendroid.x86_64-darwin

Test automation for native or hybrid Android apps and the mobile web

pkgs.selendroid.aarch64-darwin

Test automation for native or hybrid Android apps and the mobile web

pkgs.selenium-server-standalone.x86_64-linux

Selenium Server for remote WebDriver

pkgs.selenium-server-standalone.aarch64-linux

Selenium Server for remote WebDriver

pkgs.selenium-server-standalone.x86_64-darwin

Selenium Server for remote WebDriver

pkgs.selenium-server-standalone.aarch64-darwin

Selenium Server for remote WebDriver

Package maintainers: 8

CVE-2023-4042
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 5 months, 2 weeks ago
Ghostscript: incomplete fix for cve-2020-16305

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

Affected products

ghostscript
  • *
gimp:flatpak/ghostscript
  • *

Matching in nixpkgs

pkgs.python312Packages.ghostscript

Interface to the Ghostscript C-API using ctypes.

pkgs.python313Packages.ghostscript

Interface to the Ghostscript C-API using ctypes.

pkgs.tests.texlive.dvipng.ghostscript

  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

pkgs.haskellPackages.ghostscript-parallel

Let Ghostscript render pages in parallel

Package maintainers: 2