Nixpkgs security tracker

Login with GitHub

Published issues

All published security issues are tracked and resolved on GitHub.

NIXPKGS-2026-1039
published on
Permalink CVE-2026-28500
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created suggestion 1 month, 1 week ago
  • @LeSuisse ignored
    47 packages
    • onnxruntime
    • sherpa-onnx
    • pkgsRocm.onnxruntime
    • pkgsRocm.sherpa-onnx
    • python312Packages.onnx
    • python312Packages.tf2onnx
    • python313Packages.onnx-ir
    • python313Packages.tf2onnx
    • python314Packages.onnx-ir
    • python312Packages.onnxslim
    • python312Packages.skl2onnx
    • python313Packages.onnx-asr
    • python313Packages.onnxslim
    • python313Packages.skl2onnx
    • python314Packages.onnx-asr
    • python314Packages.onnxslim
    • python314Packages.skl2onnx
    • python313Packages.onnxscript
    • python314Packages.onnxscript
    • python312Packages.onnxmltools
    • python312Packages.onnxruntime
    • python312Packages.paddle2onnx
    • python313Packages.onnxmltools
    • python313Packages.onnxruntime
    • python313Packages.sherpa-onnx
    • python314Packages.onnxmltools
    • python314Packages.onnxruntime
    • python314Packages.sherpa-onnx
    • python313Packages.optimum-onnx
    • python314Packages.optimum-onnx
    • pkgsRocm.python3Packages.onnx-ir
    • pkgsRocm.python3Packages.tf2onnx
    • pkgsRocm.python3Packages.onnx-asr
    • pkgsRocm.python3Packages.onnxscript
    • python312Packages.onnxruntime-tools
    • python313Packages.onnxruntime-tools
    • python314Packages.onnxruntime-tools
    • pkgsRocm.python3Packages.onnxruntime
    • pkgsRocm.python3Packages.sherpa-onnx
    • pkgsRocm.python3Packages.optimum-onnx
    • python312Packages.onnxconverter-common
    • python312Packages.rapidocr-onnxruntime
    • python313Packages.onnxconverter-common
    • python313Packages.rapidocr-onnxruntime
    • python314Packages.onnxconverter-common
    • python314Packages.rapidocr-onnxruntime
    • pkgsRocm.python3Packages.rapidocr-onnxruntime
    2 weeks, 5 days ago
  • @LeSuisse restored package python312Packages.onnx 2 weeks, 5 days ago
  • @LeSuisse accepted 2 weeks, 5 days ago
  • @LeSuisse published on GitHub 2 weeks, 5 days ago
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

Affected products

onnx
  • ==<= 1.20.1

Matching in nixpkgs

pkgs.onnx

Open Neural Network Exchange

Ignored packages (46)

pkgs.sherpa-onnx

Speech-to-text, text-to-speech, and speaker recognition using next-gen Kaldi with onnxruntime

Package maintainers

NIXPKGS-2026-1038
published on
Permalink CVE-2026-35043
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 1 day ago
  • @LeSuisse accepted 2 weeks, 5 days ago
  • @LeSuisse published on GitHub 2 weeks, 5 days ago
BentoML: command injection in cloud deployment setup script (deployment.py)

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates system_packages directly into a shell command using an f-string without any quoting. The generated script is uploaded to BentoCloud as setup.sh and executed on the cloud build infrastructure during deployment, making this a remote code execution on the CI/CD tier. This vulnerability is fixed in 1.4.38.

Affected products

BentoML
  • ==< 1.4.38

Matching in nixpkgs

Package maintainers

NIXPKGS-2026-1037
published on
Permalink CVE-2026-34612
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 4 days ago
  • @LeSuisse accepted 2 weeks, 5 days ago
  • @LeSuisse published on GitHub 2 weeks, 5 days ago
Kestra: Remote Code Execution via SQL Injection

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated, simply visiting a crafted link is enough to trigger the vulnerability. The injected payload is executed by PostgreSQL using COPY ... TO PROGRAM ..., which in turn runs arbitrary OS commands on the host. This issue has been patched in version 1.3.7.

Affected products

kestra
  • ==< 1.3.7

Matching in nixpkgs

pkgs.python312Packages.kestra

Infinitely scalable orchestration and scheduling platform, creating, running, scheduling, and monitoring millions of complex pipelines

pkgs.python313Packages.kestra

Infinitely scalable orchestration and scheduling platform, creating, running, scheduling, and monitoring millions of complex pipelines

pkgs.python314Packages.kestra

Infinitely scalable orchestration and scheduling platform, creating, running, scheduling, and monitoring millions of complex pipelines

Package maintainers

NIXPKGS-2026-1036
published on
Permalink CVE-2026-3029
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created suggestion 1 month, 1 week ago
  • @LeSuisse ignored
    6 packages
    • python312Packages.pymupdf4llm
    • python313Packages.pymupdf4llm
    • python314Packages.pymupdf4llm
    • python312Packages.pymupdf-fonts
    • python313Packages.pymupdf-fonts
    • python314Packages.pymupdf-fonts
    2 weeks, 5 days ago
  • @LeSuisse accepted 2 weeks, 5 days ago
  • @LeSuisse published on GitHub 2 weeks, 5 days ago
CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.

Affected products

PyMuPDF
  • <1.26.7

Matching in nixpkgs

Ignored packages (6)

Package maintainers

NIXPKGS-2026-1035
published on
Permalink CVE-2026-39863
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 6 days ago
  • @LeSuisse published on GitHub 2 weeks, 6 days ago
Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data packet sent over TCP. The issue impacts Kamailio instances having TCP or TLS listeners. This vulnerability is fixed in 5.1.1, 6.0.6, and 5.8.8.

Affected products

kamailio
  • ==>= 6.0.0, < 6.0.6
  • ==>= 6.1.0, < 6.1.1
  • ==< 5.8.8

Matching in nixpkgs

pkgs.kamailio

Fast and flexible SIP server, proxy, SBC, and load balancer

Package maintainers

NIXPKGS-2026-1034
published on
Permalink CVE-2026-39864
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 6 days ago
  • @LeSuisse published on GitHub 2 weeks, 6 days ago
Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet if a successful user authentication without a database backend is followed by additional user identity checks. This vulnerability is fixed in 6.0.5 and 5.8.7.

Affected products

kamailio
  • ==>= 6.0.0, < 6.0.5
  • ==< 5.8.7

Matching in nixpkgs

pkgs.kamailio

Fast and flexible SIP server, proxy, SBC, and load balancer

Package maintainers

NIXPKGS-2026-1033
published on
Permalink CVE-2026-34723
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 6 days ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.zammad-py
    • python313Packages.zammad-py
    • python314Packages.zammad-py
    2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 6 days ago
  • @LeSuisse published on GitHub 2 weeks, 6 days ago
Zammad has incorrect access control in getting_started_controller

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed in 7.0.1 and 6.5.4.

Affected products

zammad
  • ==< 6.5.4
  • ==>= 7.0.0-alpha, < 7.0.1

Matching in nixpkgs

pkgs.zammad

Zammad, a web-based, open source user support/ticketing solution

Ignored packages (3)

Package maintainers

NIXPKGS-2026-1032
published on
Permalink CVE-2026-34248
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 6 days ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.zammad-py
    • python313Packages.zammad-py
    • python314Packages.zammad-py
    2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 6 days ago
  • @LeSuisse published on GitHub 2 weeks, 6 days ago
Zammad has an information disclosure in ticket detail view of customers in shared organizations

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could see fields which are not intended for customers - including fields not intended for them at all (e.g. priority, custom ticket attributes for internal purposes). This was the case when a customer opened a ticket from another user of the same shared organization. They are not able to modify these field. This vulnerability is fixed in 7.0.1.

Affected products

zammad
  • ==>= 7.0.0, < 7.0.1

Matching in nixpkgs

pkgs.zammad

Zammad, a web-based, open source user support/ticketing solution

Ignored packages (3)

Package maintainers

NIXPKGS-2026-1031
published on
Permalink CVE-2026-34722
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 6 days ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.zammad-py
    • python313Packages.zammad-py
    • python314Packages.zammad-py
    2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 6 days ago
  • @LeSuisse published on GitHub 2 weeks, 6 days ago
Zammad is missing authorization in ticket create endpoint

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4.

Affected products

zammad
  • ==< 6.5.4
  • ==>= 7.0.0-alpha, < 7.0.1

Matching in nixpkgs

pkgs.zammad

Zammad, a web-based, open source user support/ticketing solution

Ignored packages (3)

Package maintainers

NIXPKGS-2026-1030
published on
Permalink CVE-2026-34724
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 6 days ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.zammad-py
    • python313Packages.zammad-py
    • python314Packages.zammad-py
    2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 6 days ago
  • @LeSuisse published on GitHub 2 weeks, 6 days ago
Zammad has a server-side template injection leading to RCE via AI Agent

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence type_enrichment_data (typically high-privilege administrative configuration). This vulnerability is fixed in 7.0.1.

Affected products

zammad
  • ==>= 7.0.0, < 7.0.1

Matching in nixpkgs

pkgs.zammad

Zammad, a web-based, open source user support/ticketing solution

Ignored packages (3)

Package maintainers