Nixpkgs Security Tracker

Permalink CVE-2025-59024

updated 2 days, 3 hours ago by @LeSuisse Activity log

Created automatic suggestion 2 days, 9 hours ago
@LeSuisse removed package rotp 2 days, 5 hours ago
@LeSuisse removed
2 maintainers
- @rnhmjoj
- @jtrees
2 days, 3 hours ago
@LeSuisse accepted 2 days, 3 hours ago
@LeSuisse published on GitHub 2 days, 3 hours ago

Crafted delegations or IP fragments can poison cached delegations in Recursor

Crafted delegations or IP fragments can poison cached delegations in Recursor.

Affected products

pdns-recursor

<5.2.6
<5.1.8
<5.3.1

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.3.4
- nixpkgs-unstable 5.3.4
- nixos-unstable-small 5.3.4
nixos-25.11 5.2.7
- nixos-25.11-small 5.2.7
- nixpkgs-25.11-darwin 5.2.7

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

Package maintainers

Ignored maintainers (2)

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@jtrees Joshua Trees <me@jtrees.io>

Fixed in:
* https://github.com/NixOS/nixpkgs/commit/42bb4a06d4a01d3dbfca9a19a9daef7cb7560374 (25.11)
* https://github.com/NixOS/nixpkgs/commit/f4cf3fc15536fdc273350b98ad8f4289f32512d2 (unstable)

Permalink CVE-2026-0398

updated 2 days, 4 hours ago by @LeSuisse Activity log

Created automatic suggestion 2 days, 9 hours ago
@LeSuisse removed package rotp 2 days, 5 hours ago
@LeSuisse accepted 2 days, 5 hours ago
@LeSuisse published on GitHub 2 days, 4 hours ago

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

Affected products

pdns-recursor

<5.1.10
<5.3.5
<5.2.8

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.3.4
- nixpkgs-unstable 5.3.4
- nixos-unstable-small 5.3.4
nixos-25.11 5.2.7
- nixos-25.11-small 5.2.7
- nixpkgs-25.11-darwin 5.2.7

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

Package maintainers

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@jtrees Joshua Trees <me@jtrees.io>

Upstream advisory: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html

Permalink CVE-2025-59030

updated 4 weeks, 1 day ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse accepted 4 weeks, 1 day ago
@LeSuisse published on GitHub 4 weeks, 1 day ago

Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.

Affected products

pdns-recursor

<5.1.9
<5.2.7
<5.3.3

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.2.6
- nixpkgs-unstable 5.2.6
- nixos-unstable-small 5.2.6
nixos-25.05 5.2.6
- nixos-25.05-small 5.2.6
- nixpkgs-25.05-darwin 5.2.6

Package maintainers

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>

Upstream advisory: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html

Suggestions search

Affected products

Matching in nixpkgs

pkgs.pdns-recursor

pkgs.rotp

Package maintainers

Affected products

Matching in nixpkgs

pkgs.pdns-recursor

pkgs.rotp

Package maintainers

Affected products

Matching in nixpkgs

pkgs.pdns-recursor

Package maintainers