Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-29075

8.3 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 month, 1 week ago

Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in privileged runner

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commit c35b8cd.

References

https://github.com/mesa/mesa/security/advisories/GHSA-3j55-5q6x-2h48 x_refsource_CONFIRM
https://github.com/mesa/mesa/commit/c35b8cd67fc89dd680ae218e49b77f6e1ee07a27 x_refsource_MISC

Affected products

mesa

==<= 3.5.0

Matching in nixpkgs

pkgs.mesa

Open source 3D graphics library

nixos-unstable 26.0.1
- nixpkgs-unstable 26.0.1
- nixos-unstable-small 26.0.1
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.libGLX

Open source 3D graphics library

nixos-unstable 26.0.1
- nixpkgs-unstable 26.0.1
- nixos-unstable-small 26.0.1
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.libgbm

Open source 3D graphics library

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0
nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.mesa-demos

Collection of demos and test programs for OpenGL and Mesa

nixos-unstable 9.0.0
- nixpkgs-unstable 9.0.0
- nixos-unstable-small 9.0.0
nixos-25.11 9.0.0
- nixos-25.11-small 9.0.0
- nixpkgs-25.11-darwin 9.0.0

pkgs.mesa-gl-headers

Open source 3D graphics library

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0
nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.mesa_i686.x86_64-linux

Open source 3D graphics library

nixos-unstable 26.0.1
- nixpkgs-unstable 26.0.1
- nixos-unstable-small 26.0.1
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.driversi686Linux.mesa.x86_64-linux

Open source 3D graphics library

nixos-unstable 26.0.1
- nixpkgs-unstable 26.0.1
- nixos-unstable-small 26.0.1
nixos-25.11 25.2.6
- nixos-25.11-small 25.2.6
- nixpkgs-25.11-darwin 25.2.6

pkgs.grafanaPlugins.mesak-imagesave-panel

Plugin for Grafana that allows you to save image to grafana and display it in dashboard

nixos-unstable 1.0.4
- nixpkgs-unstable 1.0.4
- nixos-unstable-small 1.0.4

pkgs.driversi686Linux.mesa-demos.x86_64-linux

Collection of demos and test programs for OpenGL and Mesa

nixos-unstable 9.0.0
- nixpkgs-unstable 9.0.0
- nixos-unstable-small 9.0.0
nixos-25.11 9.0.0
- nixos-25.11-small 9.0.0
- nixpkgs-25.11-darwin 9.0.0

Package maintainers

@primeos Michael Weiss <dev.primeos@gmail.com>
@vcunat Vladimír Čunát <v@cunat.cz>
@K900 Ilya K. <me@0upti.me>
@andersk Anders Kaseorg <andersk@mit.edu>
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>