Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26139
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 2 months, 1 week ago Activity log
  • Created suggestion 2 months, 1 week ago
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Affected products

Microsoft Purview
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26138
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 2 months, 1 week ago Activity log
  • Created suggestion 2 months, 1 week ago
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Affected products

Microsoft Purview
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-32169
10.0 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 months, 1 week ago Activity log
  • Created suggestion 2 months, 1 week ago
Azure Cloud Shell Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

Affected products

Azure Cloud Shell
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-23651
6.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Affected products

Microsoft ACI Confidential Containers
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26124
6.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Affected products

Microsoft ACI Confidential Containers
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26125
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Payment Orchestrator Service Elevation of Privilege Vulnerability

Payment Orchestrator Service Elevation of Privilege Vulnerability

Affected products

Payment Orchestrator Service
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-21536
9.8 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Affected products

Microsoft Devices Pricing Program
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26122
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Affected products

Microsoft ACI Confidential Containers
  • ==-
Permalink CVE-2025-47379
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 months, 4 weeks ago by @Erethon Activity log
  • Created suggestion 2 months, 4 weeks ago
  • @Erethon dismissed 2 months, 4 weeks ago
  • @Erethon accepted 2 months, 4 weeks ago
  • @Erethon dismissed 2 months, 4 weeks ago
Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.

Affected products

Snapdragon
  • ==QCA6584AU
  • ==QRB5165N
  • ==Snapdragon 865 5G Mobile Platform
  • ==SA8255P
  • ==WCD9385
  • ==Snapdragon 6 Gen 4 Mobile Platform
  • ==SM8550P
  • ==SM7325P
  • ==SM7550
  • ==WCD9390
  • ==SA7775P
  • ==WSA8840
  • ==FastConnect 6900
  • ==G1 Gen 1
  • ==Smart Audio 400 Platform
  • ==SA4150P
  • ==QCC710
  • ==Qualcomm Video Collaboration VC1 Platform
  • ==FastConnect 6200
  • ==SM7635P
  • ==SM8635P
  • ==WCD9370
  • ==QCA6174A
  • ==SA8145P
  • ==SM8635
  • ==QCN9011
  • ==SA2150P
  • ==MDM9628
  • ==QAM8295P
  • ==SA6145P
  • ==Snapdragon 480 5G Mobile Platform
  • ==Robotics RB5 Platform
  • ==Snapdragon X72 5G Modem-RF System
  • ==Snapdragon 8 Gen 3 Mobile Platform
  • ==WCN3910
  • ==SM6650P
  • ==Snapdragon X75 5G Modem-RF System
  • ==Snapdragon 778G 5G Mobile Platform
  • ==QCN9012
  • ==SnapdragonAuto 4GModem
  • ==WCN3988
  • ==QCA9367
  • ==SA9000P
  • ==Robotics RB2 Platform
  • ==WCD9360
  • ==QCM5430
  • ==WCD9380
  • ==SM6225P
  • ==WCN3660B
  • ==WCD9341
  • ==Qualcomm 215 Mobile Platform
  • ==QAM8255P
  • ==SDA660
  • ==Snapdragon XR2+ Gen 1 Platform
  • ==QCS4290
  • ==SA8150P
  • ==WSA8830
  • ==WSA8845H
  • ==QCA6678AQ
  • ==QCA6698AU
  • ==Snapdragon X12 LTE Modem
  • ==QCA6696
  • ==QCA6595
  • ==QRB5165M
  • ==Snapdragon 888 5G Mobile Platform
  • ==WCN3680B
  • ==QCM6490
  • ==Snapdragon W5+ Gen 1 Wearable Platform
  • ==QFW7124
  • ==QCA6574
  • ==QCA8337
  • ==WCN3615
  • ==FWA Gen 3 Ultra Platform
  • ==FastConnect 6700
  • ==Snapdragon X53 5G Modem-RF System
  • ==QEP8111
  • ==SA7255P
  • ==SM7550P
  • ==Snapdragon 8+ Gen 2 Mobile Platform
  • ==Snapdragon 7s Gen 3 Mobile Platform
  • ==AR8031
  • ==Snapdragon XR2 5G Platform
  • ==CSRA6640
  • ==Snapdragon 695 5G Mobile Platform
  • ==Snapdragon 460 Mobile Platform
  • ==WCN3990
  • ==LeMansAU
  • ==Snapdragon X35 5G Modem-RF System
  • ==WCD9335
  • ==SM7675P
  • ==QCA8695AU
  • ==SA8620P
  • ==WCN3980
  • ==Snapdragon Auto 5G Modem-RF Gen 2
  • ==Snapdragon 870 5G Mobile Platform
  • ==WCN3950
  • ==QCM4325
  • ==Snapdragon 7c+ Gen 3 Compute
  • ==Snapdragon 8 Gen 2 Mobile Platform
  • ==WCD9375
  • ==WCN6755
  • ==QCA6564A
  • ==WCN6650
  • ==LeMans_AU_LGIT
  • ==5G Fixed Wireless Access Platform
  • ==Qualcomm Video Collaboration VC3 Platform
  • ==QCA6698AQ
  • ==Snapdragon 782G Mobile Platform
  • ==WCD9371
  • ==SRV1H
  • ==WSA8815
  • ==WCD9340
  • ==SA4155P
  • ==SD865 5G
  • ==SA8155P
  • ==QFW7114
  • ==Snapdragon 480+ 5G Mobile Platform
  • ==QCA6574AU
  • ==WSA8832
  • ==WSA8845
  • ==QCA6564AU
  • ==MDM9250
  • ==QCS8550
  • ==QCA6797AQ
  • ==Snapdragon 690 5G Mobile Platform
  • ==QCA8081
  • ==QCA9377
  • ==SM8650Q
  • ==QCA6595AU
  • ==SW5100
  • ==Snapdragon 660 Mobile Platform
  • ==QCN6224
  • ==QCA6688AQ
  • ==FastConnect 7800
  • ==WCD9378
  • ==Milos
  • ==SA8155
  • ==SA8195P
  • ==Snapdragon Auto 5G Modem-RF
  • ==Flight RB5 5G Platform
  • ==CSRA6620
  • ==SRV1M
  • ==WCD9326
  • ==Qualcomm Video Collaboration VC5 Platform
  • ==SW5100P
  • ==QCM2290
  • ==QCN6274
  • ==QCA2066
  • ==C-V2X 9150
  • ==SD662
  • ==Snapdragon 662 Mobile Platform
  • ==Snapdragon 680 4G Mobile Platform
  • ==FastConnect 6800
  • ==SA8770P
  • ==Snapdragon X55 5G Modem-RF System
  • ==WCD9395
  • ==SA6155
  • ==QCA6564
  • ==Snapdragon 888+ 5G Mobile Platform
  • ==Snapdragon 4 Gen 1 Mobile Platform
  • ==QCM6125
  • ==WSA8835
  • ==SA8295P
  • ==Snapdragon 865+ 5G Mobile Platform
  • ==SA6155P
  • ==SA6150P
  • ==AR8035
  • ==SM7675
  • ==Snapdragon 778G+ 5G Mobile Platform
  • ==Snapdragon 685 4G Mobile Platform
  • ==QCA6574A
  • ==QCA6391
  • ==QCS2290
  • ==WSA8810
  • ==Snapdragon X32 5G Modem-RF System
  • ==QAMSRV1H
  • ==WCN6450
  • ==QAMSRV1M

Matching in nixpkgs

Testing suggestion edit
Testing round #2
Test round #3
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26365
4.0 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 2 months, 4 weeks ago by @ADMIN Activity log
  • Created suggestion 3 months, 1 week ago
  • @ADMIN dismissed 2 months, 4 weeks ago
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles …

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing path. This could result in the origin server parsing the request body incorrectly, leading to HTTP request smuggling.

Affected products

Ghost
  • <2026-02-06

Matching in nixpkgs

pkgs.ghostie

Github notifications in your terminal

pkgs.ghostty

Fast, native, feature-rich terminal emulator pushing modern features

pkgs.ghostunnel

TLS proxy with mutual authentication support for securing non-TLS backend applications

pkgs.ghostty-bin

Fast, native, feature-rich terminal emulator pushing modern features

Package maintainers