Nixpkgs security tracker

Login with GitHub

Published issues

All published security issues are tracked and resolved on GitHub.

NIXPKGS-2026-1346
published 1 month, 3 weeks ago
Permalink CVE-2026-41174
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

traefik
  • ==< 2.11.43
  • ==>= 3.7.0-ea.1, < 3.7.0-rc.2 
No real impact in standard NixOS use case.
NIXPKGS-2026-1345
published 1 month, 3 weeks ago
Permalink CVE-2026-41263
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Traefik: BasicAuth middleware: timing side-channel vulnerability

traefik
  • ==< 2.11.43
  • ==>= 3.7.0-ea.1, < 3.7.0-rc.2
  • ==>= 3.0.0-beta1, < 3.6.14
NIXPKGS-2026-1344
published 1 month, 3 weeks ago
Permalink CVE-2026-35051
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth

traefik
  • ==< 2.11.43
  • ==>= 3.7.0-ea.1, < 3.7.0-rc.2
  • ==>= 3.0.0-beta1, < 3.6.14
NIXPKGS-2026-1343
published 1 month, 3 weeks ago
Permalink CVE-2026-40912
updated 1 month, 3 weeks ago by @LeSuisse Activity log

Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

traefik
  • ==< 2.11.43
  • ==>= 3.7.0-ea.1, < 3.7.0-rc.2
  • ==>= 3.0.0-beta1, < 3.6.14
NIXPKGS-2026-1342
published 1 month, 3 weeks ago
Permalink CVE-2026-1584
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 2 weeks ago
  • @LeSuisse ignored
    4 packages
    • guile-gnutls
    • python312Packages.python3-gnutls
    • python313Packages.python3-gnutls
    • python314Packages.python3-gnutls
    1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder

rhcos
gnutls
NIXPKGS-2026-1341
published 1 month, 3 weeks ago
Permalink CVE-2026-33845
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored
    4 packages
    • guile-gnutls
    • python312Packages.python3-gnutls
    • python313Packages.python3-gnutls
    • python314Packages.python3-gnutls
    1 month, 3 weeks ago
  • @LeSuisse ignored maintainer @vcunat 1 month, 3 weeks ago maintainer.ignore
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

Gnutls: gnutls: denial of service via dtls zero-length fragment

rhcos
gnutls
NIXPKGS-2026-1340
published 1 month, 3 weeks ago
Permalink CVE-2025-9820
4.0 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 5 months ago
  • @LeSuisse ignored
    3 packages
    • guile-gnutls
    • python312Packages.python3-gnutls
    • python313Packages.python3-gnutls
    4 months, 2 weeks ago
  • @LeSuisse ignored maintainer @vcunat 1 month, 3 weeks ago maintainer.ignore
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function

rhcos
gnutls
NIXPKGS-2026-1339
published 1 month, 3 weeks ago
Permalink CVE-2026-3832
3.7 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored
    4 packages
    • guile-gnutls
    • python312Packages.python3-gnutls
    • python313Packages.python3-gnutls
    • python314Packages.python3-gnutls
    1 month, 3 weeks ago
  • @LeSuisse ignored maintainer @vcunat 1 month, 3 weeks ago maintainer.ignore
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse ignored
    2 references
    1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

Ignored references (2)
rhcos
gnutls
NIXPKGS-2026-1338
published 1 month, 3 weeks ago
Permalink CVE-2026-3833
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored
    4 packages
    • guile-gnutls
    • python312Packages.python3-gnutls
    • python313Packages.python3-gnutls
    • python314Packages.python3-gnutls
    1 month, 3 weeks ago
  • @LeSuisse ignored maintainer @vcunat 1 month, 3 weeks ago maintainer.ignore
  • @LeSuisse ignored
    2 references
    1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison

Ignored references (2)
rhcos
gnutls
NIXPKGS-2026-1337
published 1 month, 3 weeks ago
Permalink CVE-2026-6538
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse ignored
    2 maintainers
    • @fpletz
    • @bjornfor
    1 month, 3 weeks ago maintainer.ignore
  • @LeSuisse published on GitHub 1 month, 3 weeks ago

Stack-based Buffer Overflow in Wireshark

Wireshark
  • <4.4.15
  • <4.6.5