Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: systemd-bootchart

Found 13 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-40225
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In udev in systemd before 260, local root execution can …

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40226
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In nspawn in systemd 233 through 259 before 260, an …

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40227
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In systemd 260 before 261, a local unprivileged user can …

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

Affected products

systemd
  • <261

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40224
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In systemd 259 before 260, there is local privilege escalation …

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40228
2.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 days, 3 hours ago
In systemd 259, systemd-journald can send ANSI escape sequences to …

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

Affected products

systemd
  • ==259

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40223
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 3 hours ago
In systemd 258 before 260, a local unprivileged user can …

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-29111
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks, 1 day ago
systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Affected products

systemd
  • ==>= 239, < 257.11
  • ==>= 259, < 259.2
  • ==>= 258, < 258.5

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemd

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemdLibs

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemdUkify

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4
Untriaged
Permalink CVE-2012-1101
created 1 month, 4 weeks ago
systemd 37-1 does not properly handle non-existent services, which causes …

systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

References

Affected products

systemd
  • ==37-1

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4
Untriaged
Permalink CVE-2026-1489
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
Glib: glib: memory corruption via integer overflow in unicode case conversion

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable 48.1
    • nixpkgs-unstable 48.1
    • nixos-unstable-small 48.1
  • nixos-25.11 49.1
    • nixpkgs-25.11-darwin 49.1

pkgs.papers

GNOME's document viewer

  • nixos-unstable 48.4
    • nixpkgs-unstable 48.4
    • nixos-unstable-small 48.4
  • nixos-25.11 49.2
    • nixpkgs-25.11-darwin 49.2

pkgs.qbootctl

Qualcomm bootctl HAL for Linux

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixpkgs-25.11-darwin 235

Package maintainers

Untriaged
Permalink CVE-2026-1484
4.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable 48.1
    • nixpkgs-unstable 48.1
    • nixos-unstable-small 48.1
  • nixos-25.11 49.1
    • nixpkgs-25.11-darwin 49.1

pkgs.papers

GNOME's document viewer

  • nixos-unstable 48.4
    • nixpkgs-unstable 48.4
    • nixos-unstable-small 48.4
  • nixos-25.11 49.2
    • nixpkgs-25.11-darwin 49.2

pkgs.qbootctl

Qualcomm bootctl HAL for Linux

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixpkgs-25.11-darwin 235

Package maintainers