Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2024-22029
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 2 months ago
tomcat packaging allows for escalation to root from tomcat user

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

Affected products

tomcat
  • <9.0.85-150200.57.1
  • <9.0.85-3.1

Matching in nixpkgs

pkgs.tomcat9

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat10

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat11

Implementation of the Java Servlet and JavaServer Pages technologies

pkgs.tomcat-native

Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc

Package maintainers

Permalink CVE-2023-46846
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 2 months ago
Squid: request/response smuggling in http/1.1 and icap

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

References

Affected products

squid
  • ==6.4
  • <6.4
  • *
squid34
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 6.10
    • nixpkgs-unstable 6.10
    • nixos-unstable-small 6.10

Package maintainers

Permalink CVE-2025-23803
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 2 months ago
WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1.

Affected products

snippy
  • =<1.4.1

Matching in nixpkgs

Permalink CVE-2025-23592
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 2 months ago
WordPress dForms plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound dForms allows Reflected XSS. This issue affects dForms: from n/a through 1.0.

Affected products

dforms
  • =<1.0

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-23919
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 2 months ago
WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39.

Affected products

slide
  • =<0.0.39

Matching in nixpkgs

pkgs.slides

Terminal based presentation tool

pkgs.openslide

C library that provides a simple interface to read whole-slide images

pkgs.dvd-slideshow

Suite of command line programs that creates a slideshow-style video from groups of pictures

pkgs.gnomeExtensions.backslide

Automatic background-image (wallpaper) slideshow for Gnome Shell

  • nixos-unstable 33
    • nixpkgs-unstable 33
    • nixos-unstable-small 33

pkgs.gnomeExtensions.night-light-slider-updated

Kiyui's Night Light Slider updated for GNOME >= 45. Provides a slider in the quick settings menu to control the night light temperature. Some nice options can be set in the extension preferences menu. Original implementation: https://codeberg.org/kiyui/gnome-shell-night-light-slider-extension/

  • nixos-unstable 12
    • nixpkgs-unstable 12
    • nixos-unstable-small 12

Package maintainers

Permalink CVE-2024-12086
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 3 months ago
Rsync: rsync server leaks arbitrary client files

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

References

Affected products

rhcos
rsync
  • =<3.3.0

Matching in nixpkgs

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

Package maintainers

Permalink CVE-2024-12747
5.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 3 months ago
Rsync: race condition in rsync handling symbolic links

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.

References

Affected products

rhcos
rsync
  • *
  • =<3.3.0
discovery/discovery-ui-rhel9
  • *
registry.redhat.io/discovery/discovery-ui-rhel9
  • *

Matching in nixpkgs

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

Package maintainers

Permalink CVE-2024-12087
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 year, 3 months ago
Rsync: path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

References

Affected products

rhcos
rsync
  • *
  • =<3.3.0
discovery/discovery-ui-rhel9
  • *
registry.redhat.io/discovery/discovery-ui-rhel9
  • *

Matching in nixpkgs

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

Package maintainers

Permalink CVE-2024-12088
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 year, 3 months ago
Rsync: --safe-links option bypass leads to path traversal

A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

References

Affected products

rhcos
rsync
  • *
  • =<3.3.0
discovery/discovery-ui-rhel9
  • *
registry.redhat.io/discovery/discovery-ui-rhel9
  • *

Matching in nixpkgs

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

Package maintainers

Permalink CVE-2024-12085
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 3 months ago
Rsync: info leak via uninitialized stack contents

A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

References

Affected products

rhcos
  • *
rsync
  • *
  • =<3.3.0
openshift-logging/vector-rhel9
  • *
openshift-logging/fluentd-rhel9
  • *
openshift4/ose-operator-sdk-rhel9
  • *
openshift4/ose-helm-rhel9-operator
  • *
openshift-logging/eventrouter-rhel9
  • *
openshift-logging/logging-loki-rhel9
  • *
openshift-logging/loki-rhel9-operator
  • *
openshift-logging/opa-openshift-rhel9
  • *
openshift4/ose-ansible-rhel9-operator
  • *
openshift-logging/elasticsearch6-rhel9
  • *
openshift-logging/loki-operator-bundle
  • *
openshift-logging/logging-curator5-rhel9
  • *
openshift-logging/lokistack-gateway-rhel9
  • *
openshift-logging/elasticsearch-proxy-rhel9
  • *
openshift-logging/logging-view-plugin-rhel9
  • *
openshift-logging/elasticsearch-rhel9-operator
  • *
openshift-logging/elasticsearch-operator-bundle
  • *
openshift-logging/cluster-logging-rhel8-operator
openshift-logging/cluster-logging-rhel9-operator
  • *
openshift-logging/log-file-metric-exporter-rhel9
  • *
compliance/openshift-compliance-must-gather-rhel8
  • *
openshift-logging/cluster-logging-operator-bundle
  • *

Matching in nixpkgs

pkgs.rsync

Fast incremental file transfer utility

pkgs.grsync

Synchronize folders, files and make backups

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

pkgs.librsync

Implementation of the rsync remote-delta algorithm

pkgs.diskrsync

Rsync for block devices and disk images

Package maintainers