Nixpkgs security tracker

Login with GitHub

Published issues

All published security issues are tracked and resolved on GitHub.

NIXPKGS-2026-1366
published 1 month, 3 weeks ago
Permalink CVE-2026-7598
7.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Not Defined (X)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log

libssh2 userauth.c userauth_password integer overflow

libssh2
  • ==1.11.0
  • ==1.11.1
NIXPKGS-2026-1365
published 1 month, 3 weeks ago
Permalink CVE-2026-7587
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.7
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2
NIXPKGS-2026-1364
published 1 month, 3 weeks ago
Permalink CVE-2026-7585
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Open5GS AMF nudm-handler.c amf_nudm_sdm_handle_provisioned denial of service

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.7
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2
NIXPKGS-2026-1363
published 1 month, 3 weeks ago
Permalink CVE-2026-7580
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored
    3 references
    1 month, 3 weeks ago
  • @LeSuisse ignored
    7 packages
    • perlPackages.ImageExifTool
    • perl5Packages.ImageExifTool
    • python312Packages.pyexiftool
    • python313Packages.pyexiftool
    • python314Packages.pyexiftool
    • perl538Packages.ImageExifTool
    • perl540Packages.ImageExifTool
    1 month, 3 weeks ago
  • @LeSuisse ignored reference Submit #8… 1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection

Exiftool
  • ==13.24
  • ==13.26
  • ==13.54
  • ==13.8
  • ==13.53
  • ==13.21
  • ==13.22
  • ==13.42
  • ==13.19
  • ==13.40
  • ==13.3
  • ==13.6
  • ==13.9
  • ==13.16
  • ==13.45
  • ==13.28
  • ==13.30
  • ==13.38
  • ==13.50
  • ==13.43
  • ==13.36
  • ==13.20
  • ==13.39
  • ==13.49
  • ==13.52
  • ==13.51
  • ==13.33
  • ==13.11
  • ==13.41
  • ==13.32
  • ==13.27
  • ==13.4
  • ==13.5
  • ==13.13
  • ==13.12
  • ==13.29
  • ==13.34
  • ==13.1
  • ==13.15
  • ==13.35
  • ==13.2
  • ==13.44
  • ==13.17
  • ==13.47
  • ==13.37
  • ==13.7
  • ==13.46
  • ==13.0
  • ==13.25
  • ==13.48
  • ==13.14
  • ==13.31
  • ==13.23
  • ==13.10
  • ==13.18
NIXPKGS-2026-1362
published 1 month, 3 weeks ago
Permalink CVE-2026-43506
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored
    2 packages
    • prosody-filer
    • jitsi-meet-prosody
    1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

Prosody
  • <0.12.6
  • <13.0.5
NIXPKGS-2026-1361
published 1 month, 3 weeks ago
Permalink CVE-2026-7518
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.7
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2
NIXPKGS-2026-1360
published 1 month, 3 weeks ago
Permalink CVE-2026-43504
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored
    2 packages
    • prosody-filer
    • jitsi-meet-prosody
    1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

Prosody
  • <0.12.6
  • <13.0.5
NIXPKGS-2026-1359
published 1 month, 3 weeks ago
Permalink CVE-2026-43507
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored reference https://b… 1 month, 3 weeks ago
  • @LeSuisse ignored
    2 packages
    • prosody-filer
    • jitsi-meet-prosody
    1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

Prosody
  • <0.12.6
  • <13.0.5
NIXPKGS-2026-1358
published 1 month, 3 weeks ago
Permalink CVE-2026-7583
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Open5GS BSF context.c bsf_sess_find_by_ipv6prefix denial of service

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.7
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2
NIXPKGS-2026-1357
published 1 month, 3 weeks ago
Permalink CVE-2026-7586
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Open5GS AMF nudm-handler.c ogs_id_get_value denial of service

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.7
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2