Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-0408
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server: selinux unlabeled glx pbuffer

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

Affected products

tigervnc
xorg-server
  • <21.1.11
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

CVE-2025-49175
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

Affected products

tigervnc
  • *
xwayland
  • <24.1.8
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

CVE-2024-0553
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Gnutls: incomplete fix for cve-2023-5981

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Affected products

gnutls
  • *
  • <3.8.3
odf4/cephcsi-rhel9
  • *
odf4/odf-cli-rhel9
  • *
odf4/mcg-core-rhel9
  • *
odf4/odf-console-rhel9
  • *
odf4/mcg-rhel9-operator
  • *
odf4/ocs-rhel9-operator
  • *
odf4/odf-rhel9-operator
  • *
odf4/odr-rhel9-operator
  • *
odf4/mcg-operator-bundle
  • *
odf4/ocs-operator-bundle
  • *
odf4/odf-operator-bundle
  • *
odf4/odf-must-gather-rhel9
  • *
odf4/odf-cosi-sidecar-rhel9
  • *
odf4/odr-hub-operator-bundle
  • *
odf4/ocs-client-console-rhel9
  • *
odf4/rook-ceph-rhel9-operator
  • *
odf4/ocs-client-rhel9-operator
  • *
openshift-logging/vector-rhel9
  • *
odf4/ocs-client-operator-bundle
  • *
odf4/ocs-metrics-exporter-rhel9
  • *
openshift-logging/fluentd-rhel9
  • *
odf4/odr-cluster-operator-bundle
  • *
odf4/odf-csi-addons-sidecar-rhel9
  • *
odf4/odf-csi-addons-rhel9-operator
  • *
odf4/odf-csi-addons-operator-bundle
  • *
odf4/odf-multicluster-console-rhel9
  • *
openshift-logging/eventrouter-rhel9
  • *
odf4/odf-multicluster-rhel9-operator
  • *
openshift-logging/logging-loki-rhel9
  • *
odf4/odf-multicluster-operator-bundle
  • *
openshift-logging/loki-rhel9-operator
  • *
openshift-logging/opa-openshift-rhel9
  • *
openshift-logging/elasticsearch6-rhel9
  • *
openshift-logging/loki-operator-bundle
  • *
openshift-logging/logging-curator5-rhel9
  • *
openshift-logging/lokistack-gateway-rhel9
  • *
openshift-logging/elasticsearch-proxy-rhel9
  • *
openshift-logging/logging-view-plugin-rhel9
  • *
openshift-logging/elasticsearch-rhel9-operator
  • *
openshift-logging/elasticsearch-operator-bundle
  • *
openshift-logging/cluster-logging-rhel9-operator
  • *
openshift-logging/log-file-metric-exporter-rhel9
  • *
openshift-logging/cluster-logging-operator-bundle
  • *

Matching in nixpkgs

pkgs.python312Packages.python3-gnutls.x86_64-linux

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.aarch64-linux

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.x86_64-darwin

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.aarch64-darwin

Python wrapper for the GnuTLS library

Package maintainers: 3

CVE-2025-49176
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

Affected products

tigervnc
  • *
xwayland
  • <24.1.7
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

CVE-2023-6816
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Affected products

tigervnc
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

CVE-2023-52204
8.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months ago
WordPress Randomize Plugin <= 1.4.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.

Affected products

randomize
  • =<1.4.3

Matching in nixpkgs

CVE-2025-49179
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

Affected products

tigervnc
  • *
xwayland
  • <24.1.7
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

CVE-2023-43788
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer()

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.

Affected products

motif
  • *
libXpm
  • *
  • <3.5.17

Matching in nixpkgs

pkgs.motif

Unix standard widget-toolkit and window-manager

pkgs.motif.x86_64-linux

Unix standard widget-toolkit and window-manager

pkgs.motif.aarch64-linux

Unix standard widget-toolkit and window-manager

pkgs.motif.x86_64-darwin

Unix standard widget-toolkit and window-manager

pkgs.motif.aarch64-darwin

Unix standard widget-toolkit and window-manager

pkgs.tests.pkg-config.defaultPkgConfigPackages.xpm

Test whether libXpm-3.5.17 exposes pkg-config modules xpm

  • nixos-25.05 ???
    • nixos-25.05-small
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable

Package maintainers: 1

CVE-2024-22050
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Iodine Static File Server Path Traversal Vulnerability

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

Affected products

iodine
  • <0.7.33

Matching in nixpkgs

pkgs.iodine

Tool to tunnel IPv4 data through a DNS server

pkgs.iodine.x86_64-linux

Tool to tunnel IPv4 data through a DNS server

Package maintainers: 3

CVE-2025-49794
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Libxml: heap use after free (uaf) leads to denial of service (dos)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Affected products

rhcos
  • *
libxml2
  • *
  • <2.15.0
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
compliance/openshift-file-integrity-rhel8-operator
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.libxml2.x86_64-linux

XML parsing library for C

pkgs.libxml2.aarch64-linux

XML parsing library for C

pkgs.libxml2.x86_64-darwin

XML parsing library for C

pkgs.libxml2.aarch64-darwin

XML parsing library for C

pkgs.python311Packages.libxml2

XML parsing library for C

pkgs.libxml2Python.x86_64-linux

pkgs.libxml2Python.aarch64-linux

pkgs.libxml2Python.x86_64-darwin

pkgs.libxml2Python.aarch64-darwin

pkgs.python312Packages.libxml2.x86_64-linux

XML parsing library for C

pkgs.python312Packages.libxml2.aarch64-linux

XML parsing library for C

pkgs.python312Packages.libxml2.x86_64-darwin

XML parsing library for C

pkgs.python312Packages.libxml2.aarch64-darwin

XML parsing library for C

pkgs.tests.pkg-config.defaultPkgConfigPackages."libxml-2.0"

Test whether libxml2-2.13.8 exposes pkg-config modules libxml-2.0

Package maintainers: 6