Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2010-3872
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months ago Activity log
  • Created suggestion 2 months ago
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

References

Affected products

mod_fcgid
  • ==2.3.6

Matching in nixpkgs

Package maintainers

Permalink CVE-2011-2807
created 2 months ago Activity log
  • Created suggestion 2 months ago
Incorrect handling of timer information in Timer.cpp in WebKit in …

Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.

References

Affected products

Chrome
  • ==before Blink M13

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

Permalink CVE-2011-2923
created 2 months ago Activity log
  • Created suggestion 2 months ago
foomatic-rip filter, all versions, used insecurely creates temporary files for …

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Affected products

foomatic-filters
  • ==all versions

Matching in nixpkgs

Package maintainers

Permalink CVE-2012-1159
created 2 months ago Activity log
  • Created suggestion 2 months ago
Moodle before 2.2.2: Overview report allows users to see hidden …

Moodle before 2.2.2: Overview report allows users to see hidden courses

Affected products

Moodle
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Permalink CVE-2012-0049
created 2 months ago Activity log
  • Created suggestion 2 months ago
OpenTTD before 1.1.5 contains a Denial of Service (slow read …

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

Affected products

openttd
  • ==1.1.5

Matching in nixpkgs

pkgs.openttd

Open source clone of the Microprose game "Transport Tycoon Deluxe"

  • nixos-unstable 15.1
    • nixpkgs-unstable 15.1
    • nixos-unstable-small 15.1
  • nixos-25.11 14.1
    • nixos-25.11-small 14.1
    • nixpkgs-25.11-darwin 14.1

pkgs.openttd-ttf

TrueType typefaces for text in a pixel art style, designed for use in OpenTTD

  • nixos-unstable 0.8
    • nixpkgs-unstable 0.8
    • nixos-unstable-small 0.8
  • nixos-25.11 0.8
    • nixos-25.11-small 0.8
    • nixpkgs-25.11-darwin 0.8

Package maintainers

Permalink CVE-2010-4532
created 2 months ago Activity log
  • Created suggestion 2 months ago
offlineimap before 6.3.2 does not check for SSL server certificate …

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

Affected products

offlineimap
  • ==before 6.3.2

Matching in nixpkgs

pkgs.offlineimap

Synchronize emails between two repositories, so that you can read the same mailbox from multiple computers

Permalink CVE-2011-2670
created 2 months ago Activity log
  • Created suggestion 2 months ago
Mozilla Firefox before 3.6 is vulnerable to XSS via the …

Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets

References

Affected products

Firefox
  • ==before 3.6

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Permalink CVE-2011-2335
created 2 months ago Activity log
  • Created suggestion 2 months ago
A double-free vulnerability exists in WebKit in Google Chrome before …

A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.

References

Affected products

Chrome
  • ==before Blink M12

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

Permalink CVE-2011-1145
created 2 months ago Activity log
  • Created suggestion 2 months ago
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible …

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

Affected products

unixodbc
  • ==before 2.2.14p2

Matching in nixpkgs

Permalink CVE-2010-2061
created 2 months ago Activity log
  • Created suggestion 2 months ago
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) …

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

Affected products

rpcbind
  • ==0.2.0

Matching in nixpkgs

Package maintainers