Nixpkgs security tracker

Login with GitHub

Published issues

All published security issues are tracked and resolved on GitHub.

NIXPKGS-2026-0887
published 2 months, 3 weeks ago
Permalink CVE-2026-4789
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt ignored package kyverno-chainsaw 2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

CVE-2026-4789

Kyverno
  • ==1.16.0 
https://github.com/kyverno/kyverno/pull/15729
NIXPKGS-2026-0886
published 2 months, 3 weeks ago
Permalink CVE-2026-33952
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks

FreeRDP
  • ==< 3.24.2 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93
NIXPKGS-2026-0885
published 2 months, 3 weeks ago
Permalink CVE-2026-33984
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

FreeRDP: ClearCodec resize_vbar_entry() Heap OOB Write

FreeRDP
  • ==< 3.24.2 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6
NIXPKGS-2026-0884
published 2 months, 3 weeks ago
Permalink CVE-2026-28505
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt ignored
    5 packages
    • python312Packages.pytautulli
    • python313Packages.pytautulli
    • python314Packages.pytautulli
    • home-assistant-component-tests.tautulli
    • tests.home-assistant-component-tests.tautulli
    2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check

Tautulli
  • ==< 2.17.0 
https://github.com/Tautulli/Tautulli/security/advisories/GHSA-m62j-gwm9-7p8m
NIXPKGS-2026-0880
published 2 months, 3 weeks ago
Permalink CVE-2026-31804
4.0 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt ignored
    5 packages
    • python312Packages.pytautulli
    • python313Packages.pytautulli
    • python314Packages.pytautulli
    • home-assistant-component-tests.tautulli
    • tests.home-assistant-component-tests.tautulli
    2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server

Tautulli
  • ==< 2.17.0 
https://github.com/Tautulli/Tautulli/security/advisories/GHSA-qj2f-4c4p-wv97
NIXPKGS-2026-0878
published 2 months, 3 weeks ago
Permalink CVE-2026-33982
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

FreeRDP: Persistent Cache Allocator Mismatch - Heap OOB Read

FreeRDP
  • ==< 3.24.2 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2
NIXPKGS-2026-0876
published 2 months, 3 weeks ago
Permalink CVE-2025-66215
3.8 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Physical (P)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Physical (P)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt ignored
    11 packages
    • openscad
    • openscap
    • openscreen
    • openscad-lsp
    • openscenegraph
    • openscad-unstable
    • kakounePlugins.openscad-kak
    • vscode-extensions.antyos.openscad
    • tree-sitter-grammars.tree-sitter-openscad
    • python313Packages.tree-sitter-grammars.tree-sitter-openscad
    • python314Packages.tree-sitter-grammars.tree-sitter-openscad
    2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

OpenSC: Stack-buffer-overflow WRITE in card-oberthur

OpenSC
  • ==< 0.27.0 
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2
NIXPKGS-2026-0874
published 2 months, 3 weeks ago
Permalink CVE-2026-33729
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt ignored
    4 packages
    • python314Packages.openfga-sdk
    • python313Packages.openfga-sdk
    • python312Packages.openfga-sdk
    • openfga-cli
    2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

OpenFGA has an Authorization Bypass through cached keys

openfga
  • ==< 1.13.1 
https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf
NIXPKGS-2026-0872
published 2 months, 3 weeks ago
Permalink CVE-2025-66037
3.9 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Physical (P)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Physical (P)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt ignored
    11 packages
    • openscad
    • openscap
    • openscreen
    • openscad-lsp
    • openscenegraph
    • openscad-unstable
    • kakounePlugins.openscad-kak
    • vscode-extensions.antyos.openscad
    • tree-sitter-grammars.tree-sitter-openscad
    • python313Packages.tree-sitter-grammars.tree-sitter-openscad
    • python314Packages.tree-sitter-grammars.tree-sitter-openscad
    2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

OpenSC: Out of Bounds vulnerability

OpenSC
  • ==< 0.27.0 
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx
NIXPKGS-2026-0870
published 2 months, 3 weeks ago
Permalink CVE-2026-5123
3.7 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Not Defined (X)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago

osrg GoBGP bgp.go DecodeFromBytes off-by-one

GoBGP
  • ==4.2
  • ==4.1
  • ==4.0
  • ==4.3.0 
https://github.com/osrg/gobgp/commit/67c059413470df64bc20801c46f64058e88f800f
https://github.com/osrg/gobgp/pull/3342