Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: python312Packages.jupyterhub-systemdspawner

Found 9 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-40225
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In udev in systemd before 260, local root execution can …

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40226
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In nspawn in systemd 233 through 259 before 260, an …

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40227
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In systemd 260 before 261, a local unprivileged user can …

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

Affected products

systemd
  • <261

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40224
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In systemd 259 before 260, there is local privilege escalation …

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40228
2.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 days, 3 hours ago
In systemd 259, systemd-journald can send ANSI escape sequences to …

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

Affected products

systemd
  • ==259

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40223
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In systemd 258 before 260, a local unprivileged user can …

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-33709
created 1 week, 4 days ago
JupyterHub has an Open Redirect Vulnerability

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a JupyterHub page, bypassing JupyterHub's check to prevent this. This issue has been patched in version 5.4.4.

Affected products

jupyterhub
  • ==< 5.4.4

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2026-29111
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks, 1 day ago
systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Affected products

systemd
  • ==>= 239, < 257.11
  • ==>= 259, < 259.2
  • ==>= 258, < 258.5

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemd

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemdLibs

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemdUkify

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4
Untriaged
Permalink CVE-2012-1101
created 1 month, 4 weeks ago
systemd 37-1 does not properly handle non-existent services, which causes …

systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

References

Affected products

systemd
  • ==37-1

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4