Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Dismissed
(exclusively hosted service)
Permalink CVE-2026-23659
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Azure Data Factory Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

Affected products

Azure Data Factory
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-32191
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Microsoft Bing Images Remote Code Execution Vulnerability

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

Affected products

Microsoft Bing Images
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26137
8.9 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

Affected products

Microsoft 365 Copilot's Business Chat
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-32194
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Microsoft Bing Images Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

Affected products

Microsoft Bing Images
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-23658
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Azure DevOps: msazure Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

Affected products

Azure DevOps: msazure
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26136
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Microsoft Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

Affected products

Microsoft Copilot
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26139
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Affected products

Microsoft Purview
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26138
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Affected products

Microsoft Purview
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-32169
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Azure Cloud Shell Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

Affected products

Azure Cloud Shell
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-23651
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month, 1 week ago
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Affected products

Microsoft ACI Confidential Containers
  • ==-