Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2011-2808
created 2 months ago Activity log
  • Created suggestion 2 months ago
A stale layout root is set as an input element …

A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.

Affected products

Chrome
  • ==before Blink M13

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

Permalink CVE-2011-1490
created 2 months ago Activity log
  • Created suggestion 2 months ago
A memory leak in rsyslog before 5.7.6 was found in …

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset

Affected products

rsyslog
  • ==before 5.7.6

Matching in nixpkgs

Permalink CVE-2012-1155
created 2 months ago Activity log
  • Created suggestion 2 months ago
Moodle has a database activity export permission issue where the …

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Affected products

Moodle
  • ==2.1.x
  • ==2.2.x
  • ==1.9.x
  • ==2.0.x

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Permalink CVE-2012-1157
created 2 months ago Activity log
  • Created suggestion 2 months ago
Moodle before 2.2.2 has a default repository capabilities issue where …

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

Affected products

Moodle
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+
  • ==2.0 to 2.0.7+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Permalink CVE-2011-4125
created 2 months ago Activity log
  • Created suggestion 2 months ago
A untrusted search path issue was found in Calibre at …

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

References

Affected products

Calibre
  • ==unknown

Matching in nixpkgs

pkgs.calibre-web

Web app for browsing, reading and downloading eBooks stored in a Calibre database

Package maintainers

Permalink CVE-2012-6083
created 2 months ago Activity log
  • Created suggestion 2 months ago
Freeciv before 2.3.3 allows remote attackers to cause a denial …

Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.

References

Affected products

freeciv
  • ==before 2.3.3

Matching in nixpkgs

pkgs.freeciv

Multiplayer (or single player), turn-based strategy game

pkgs.freeciv_qt

Multiplayer (or single player), turn-based strategy game

pkgs.freeciv_gtk

Multiplayer (or single player), turn-based strategy game

pkgs.freeciv_sdl2

Multiplayer (or single player), turn-based strategy game

Package maintainers

Permalink CVE-2011-1489
created 2 months ago Activity log
  • Created suggestion 2 months ago
A memory leak in rsyslog before 5.7.6 was found in …

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.

Affected products

rsyslog
  • ==before 5.7.6

Matching in nixpkgs

Permalink CVE-2012-4438
created 2 months ago Activity log
  • Created suggestion 2 months ago
Jenkins main before 1.482 and LTS before 1.466.2 allows remote …

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

Affected products

jenkins
  • ==1.447.2

Matching in nixpkgs

pkgs.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

Permalink CVE-2008-3280
created 2 months ago Activity log
  • Created suggestion 2 months ago
It was found that various OpenID Providers (OPs) had TLS …

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.

Affected products

openid
  • ==unknown

Matching in nixpkgs

Package maintainers

Permalink CVE-2010-2488
created 2 months ago Activity log
  • Created suggestion 2 months ago
NULL pointer dereference vulnerability in ZNC before 0.092 caused by …

NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.

References

Affected products

znc
  • ==before 0.092

Matching in nixpkgs

Package maintainers