Nixpkgs security tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Permalink CVE-1999-0022
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    3 packages
    • aixlog
    • mairix
    • tests.fetchgit.describe-tag
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
Local user gains root privileges via buffer overflow in rdist, …

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

References

  • 00179 x_refsource_SUNx_transferredvendor-advisory

Affected products

aix
  • ==4.1.2
  • ==3.2.5
  • ==4.2
  • ==3.1
  • ==3.2
  • ==3.2.4
  • ==4.1.3
  • ==4.1.4
  • ==4.1.1
  • ==4.1.5
  • ==4.1
n/a
  • ==n/a
irix
  • ==5.0.1
  • ==5.1
  • ==5.0
  • ==6.1
  • ==6.2
  • ==6.4
  • ==6.3
  • ==6.0.1
  • ==5.2
  • ==5.1.1
  • ==6.0
  • ==5.3
hp-ux
  • ==10.00
sunos
  • ==5.4
  • ==4.1.2
  • ==5.1
  • ==5.0
  • ==4.1.3u1
  • ==5.2
  • ==4.1.1
  • ==5.3
bsd_os
  • ==1.1
freebsd
  • ==2.0.5
  • ==2.0
  • ==2.1.0
solaris
  • ==4.1.3
Ignored packages (3)

pkgs.aixlog

Header-only C++ logging library

Old issue. Impacted packages not present in nixpkgs.
Permalink CVE-2005-2351
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    12 packages
    • mutter
    • neomutt
    • mutt-ics
    • mutter46
    • mutter48
    • mutt-wizard
    • fontmuttmisc
    • notmuch-mutt
    • font-mutt-misc
    • pantheon.mutter
    • xorg.fontmuttmisc
    • vimPlugins.nvim-treesitter-parsers.muttrc
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
Mutt before 1.5.20 patch 7 allows an attacker to cause …

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.

Affected products

mutt
  • ==before 1.5.20-7

Matching in nixpkgs

pkgs.mutt

Small but very powerful text-based mail client

Ignored packages (12)

pkgs.mutter

Window manager for GNOME

  • nixos-unstable 49.3
    • nixpkgs-unstable 49.4
    • nixos-unstable-small 49.4
  • nixos-25.11 49.2
    • nixos-25.11-small 49.2
    • nixpkgs-25.11-darwin 49.2

pkgs.mutt-ics

Tool to show calendar event details in Mutt

pkgs.mutter46

Window manager for GNOME

  • nixos-25.11 46.8
    • nixos-25.11-small 46.8
    • nixpkgs-25.11-darwin 46.8

pkgs.mutter48

Window manager for GNOME

  • nixos-unstable 48.7
    • nixpkgs-unstable 48.7
    • nixos-unstable-small 48.7

pkgs.mutt-wizard

System for automatically configuring mutt and isync

Package maintainers

Old issue. No impact on current stable branch.
Permalink CVE-2004-2154
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    68 packages
    • apcupsd
    • cups-bjnp
    • cups-dymo
    • carps-cups
    • cups-zj-58
    • cups-browsed
    • cups-filters
    • cups-kyocera
    • cups-printers
    • gutenprintBin
    • cups-kyodialog
    • cups-pk-helper
    • gutenprint-bin
    • libcupsfilters
    • canon-cups-ufr2
    • cups-idprt-tspl
    • cups-pdf-to-pdf
    • cups-idprt-mt888
    • cups-idprt-mt890
    • cups-idprt-sp900
    • cups-idprt-barcode
    • brgenml1cupswrapper
    • mfc465cncupswrapper
    • cups-brother-dcpt310
    • cups-toshiba-estudio
    • dcp375cw-cupswrapper
    • mfc5890cncupswrapper
    • mfcj880dwcupswrapper
    • perlPackages.NetCUPS
    • mfc9140cdncupswrapper
    • mfcj470dw-cupswrapper
    • mfcl2700dncupswrapper
    • mfcl2720dwcupswrapper
    • mfcl2740dwcupswrapper
    • perl5Packages.NetCUPS
    • magicard-cups-driver
    • cups-brother-dcpt725dw
    • cups-brother-hl3170cdw
    • cups-brother-hll2350dw
    • cups-brother-hll2375dw
    • cups-kyocera-3500-4500
    • dcp9020cdw-cupswrapper
    • mfcj6510dw-cupswrapper
    • mfcl3770cdwcupswrapper
    • mfcl8690cdwcupswrapper
    • cups-brother-mfcl2710dw
    • cups-brother-mfcl2750dw
    • cups-brother-mfcl2800dw
    • perl538Packages.NetCUPS
    • perl540Packages.NetCUPS
    • cups-brother-dcp1610wlpr
    • cups-brother-dcpl3550cdw
    • python312Packages.pycups
    • python313Packages.pycups
    • python314Packages.pycups
    • mfcj470dwlpr.x86_64-linux
    • prometheus-apcupsd-exporter
    • cups-kyocera-ecosys-m552x-p502x
    • cups-brother-hl1110.x86_64-linux
    • cups-brother-hl1210w.x86_64-linux
    • cups-brother-hl2260d.x86_64-linux
    • cups-brother-hl3140cw.x86_64-linux
    • cups-brother-hll2340dw.x86_64-linux
    • home-assistant-component-tests.cups
    • cups-brother-hll3230cdw.x86_64-linux
    • home-assistant-component-tests.apcupsd
    • cups-kyocera-ecosys-m2x35-40-p2x35-40dnw
    • tests.home-assistant-component-tests.apcupsd
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as …

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

References

Affected products

n/a
  • ==n/a
cups
  • <1.1.21
ubuntu_linux
  • ==4.10

Matching in nixpkgs

Ignored packages (68)

pkgs.cups-filters

Backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc

pkgs.cups-kyocera

CUPS drivers for several Kyocera FS-{1020,1025,1040,1060,1120,1125} printers

pkgs.cups-pk-helper

PolicyKit helper to configure cups with fine-grained privileges

pkgs.libcupsfilters

Backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc

pkgs.cups-idprt-tspl

CUPS drivers for TSPL-based iDPRT thermal label printers (SP210, SP310, SP320, SP320E, SP410, SP410BT, SP420, SP450, SP460BT)

pkgs.cups-idprt-barcode

CUPS drivers for iDPRT barcode printers (iD2P, iD2X, iD4P, iD4S, iE2P, iE2X, iE4P, iE4S, iT4B, iT4E, iT4P, iT4S, iT4X, iX4E, iX4L, iX4P, iX4E, iX6P)

pkgs.cups-toshiba-estudio

Printer only driver for the Toshiba e-STUDIO class of printers

  • nixos-unstable 7.89
    • nixpkgs-unstable 7.89
    • nixos-unstable-small 7.89
  • nixos-25.11 7.89
    • nixos-25.11-small 7.89
    • nixpkgs-25.11-darwin 7.89

Package maintainers

Old issue. No impact on current stable branch.
Permalink CVE-2003-0063
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    3 packages
    • fontxfree86type1
    • font-xfree86-type1
    • xorg.fontxfree86type1
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
The xterm terminal emulator in XFree86 4.2.0 and earlier allows …

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

References

Affected products

n/a
  • ==n/a
xfree86
  • =<4.2.0
Ignored packages (3) 
Old issue. No impact on current stable branch.
Permalink CVE-2026-2531
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.mindsdb-evaluator
    • python313Packages.mindsdb-evaluator
    • python314Packages.mindsdb-evaluator
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
MindsDB File Upload security.py clear_filename server-side request forgery

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.

Affected products

MindsDB
  • ==25.14.1
  • ==25.14.0
Ignored packages (3) 
mindsdb/mindsdb is not present in nixpkgs.
Permalink CVE-2005-2354
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    45 packages
    • tests.hardeningFlags.sfa1StdenvUnsupp
    • tests.hardeningFlags.sfa3StdenvUnsupp
    • tests.hardeningFlags.fortifyStdenvUnsupp
    • tests.hardeningFlags.lchFastStdenvUnsupp
    • tests.hardeningFlags-gcc.sfa1StdenvUnsupp
    • tests.hardeningFlags-gcc.sfa3StdenvUnsupp
    • tests.hardeningFlags.fortify3StdenvUnsupp
    • tests.hardeningFlags-clang.sfa1StdenvUnsupp
    • tests.hardeningFlags-clang.sfa3StdenvUnsupp
    • tests.hardeningFlags-gcc.fortifyStdenvUnsupp
    • tests.hardeningFlags-gcc.fortify3StdenvUnsupp
    • tests.hardeningFlags-clang.fortifyStdenvUnsupp
    • tests.hardeningFlags-clang.lchFastStdenvUnsupp
    • tests.hardeningFlags-clang.fortify3StdenvUnsupp
    • tests.hardeningFlags.stackProtectorStdenvUnsupp
    • tests.hardeningFlags.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-gcc.stackProtectorStdenvUnsupp
    • tests.hardeningFlags.sfa1StdenvUnsuppUnsupportsSfa3
    • tests.hardeningFlags-clang.stackProtectorStdenvUnsupp
    • tests.hardeningFlags.sfa3StdenvUnsuppDoesntUnsuppSfa1
    • tests.hardeningFlags.stackClashProtectionStdenvUnsupp
    • tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-gcc.sfa1StdenvUnsuppUnsupportsSfa3
    • tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-clang.sfa1StdenvUnsuppUnsupportsSfa3
    • tests.hardeningFlags-gcc.sfa3StdenvUnsuppDoesntUnsuppSfa1
    • tests.hardeningFlags-gcc.stackClashProtectionStdenvUnsupp
    • tests.hardeningFlags.fortifyStdenvUnsuppUnsupportsFortify3
    • tests.hardeningFlags-clang.sfa3StdenvUnsuppDoesntUnsuppSfa1
    • tests.hardeningFlags-clang.stackClashProtectionStdenvUnsupp
    • tests.hardeningFlags.fortify3StdenvUnsuppDoesntUnsuppFortify1
    • tests.hardeningFlags.sfa3StdenvUnsuppDoesntUnsuppSfa1ExecTest
    • tests.hardeningFlags-gcc.fortifyStdenvUnsuppUnsupportsFortify3
    • tests.hardeningFlags.lchFastStdenvUnsuppUnsupportsLchExtensive
    • tests.hardeningFlags-clang.fortifyStdenvUnsuppUnsupportsFortify3
    • tests.hardeningFlags-gcc.fortify3StdenvUnsuppDoesntUnsuppFortify1
    • tests.hardeningFlags-gcc.sfa3StdenvUnsuppDoesntUnsuppSfa1ExecTest
    • tests.hardeningFlags-clang.fortify3StdenvUnsuppDoesntUnsuppFortify1
    • tests.hardeningFlags-clang.sfa3StdenvUnsuppDoesntUnsuppSfa1ExecTest
    • tests.hardeningFlags.lchExtensiveStdenvUnsuppDoesntUnsupportLchFast
    • tests.hardeningFlags-clang.lchFastStdenvUnsuppUnsupportsLchExtensive
    • tests.hardeningFlags.fortify3StdenvUnsuppDoesntUnsuppFortify1ExecTest
    • tests.hardeningFlags-clang.lchExtensiveStdenvUnsuppDoesntUnsupportLchFast
    • tests.hardeningFlags-gcc.fortify3StdenvUnsuppDoesntUnsuppFortify1ExecTest
    • tests.hardeningFlags-clang.fortify3StdenvUnsuppDoesntUnsuppFortify1ExecTest
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which …

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.

Affected products

Nvu
  • ==0.99+1.0pre
Ignored packages (45) 
Old issue, no impact on the current stable branch.
Permalink CVE-1999-0084
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    15 packages
    • python312Packages.pynfsclient
    • perl538Packages.FileNFSLock
    • perl5Packages.FileNFSLock
    • perlPackages.FileNFSLock
    • mkinitcpio-nfs-utils
    • nfs-ganesha
    • nfs-utils
    • openfst
    • unfs3
    • libnfs
    • svnfs
    • nfstrace
    • unionfs-fuse
    • coqPackages.InfSeqExt
    • perl540Packages.FileNFSLock
    2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
Certain NFS servers allow users to use mknod to gain …

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

References

Affected products

n/a
  • ==n/a
nfs
  • <4.1.3
Ignored packages (15)

pkgs.svnfs

FUSE filesystem for accessing Subversion repositories

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

pkgs.openfst

Library for working with finite-state transducers

pkgs.nfstrace

NFS and CIFS tracing/monitoring/capturing/analyzing tool

pkgs.nfs-ganesha

NFS server that runs in user space

  • nixos-unstable 9.5
    • nixpkgs-unstable 9.5
    • nixos-unstable-small 9.5
  • nixos-25.11 6.5
    • nixos-25.11-small 6.5
    • nixpkgs-25.11-darwin 6.5

pkgs.unionfs-fuse

FUSE UnionFS implementation

  • nixos-unstable 3.7
    • nixpkgs-unstable 3.7
    • nixos-unstable-small 3.7
  • nixos-25.11 3.7
    • nixos-25.11-small 3.7
    • nixpkgs-25.11-darwin 3.7

pkgs.mkinitcpio-nfs-utils

ipconfig and nfsmount tools for root on NFS, ported from klibc

  • nixos-unstable 0.3
    • nixpkgs-unstable 0.3
    • nixos-unstable-small 0.3
  • nixos-25.11 0.3
    • nixos-25.11-small 0.3
    • nixpkgs-25.11-darwin 0.3 
Old issue. Unclear what was impacted but it is very unlikely something in the current stable branch is.
Permalink CVE-1999-0038
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored package xlockmore 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
Buffer overflow in xlock program allows local users to execute …

Buffer overflow in xlock program allows local users to execute commands as root.

Affected products

n/a
  • ==n/a
xlock
  • *
Ignored packages (1)

pkgs.xlockmore

Screen locker for the X Window System

  • nixos-unstable 5.87
    • nixpkgs-unstable 5.87
    • nixos-unstable-small 5.87
  • nixos-25.11 5.84
    • nixos-25.11-small 5.84
    • nixpkgs-25.11-darwin 5.84 
Old issue. Current stable branch was never impacted.
Permalink CVE-1999-0036
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored package mairix 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
IRIX login program with a nonzero LOCKOUT parameter allows creation …

IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

References

  • 990 vdb-entryx_refsource_OSVDBx_transferred
  • H-106 third-party-advisoryx_transferredgovernment-resourcex_refsource_CIAC
  • 19970508-02-PX x_transferredx_refsource_SGIvendor-advisory
  • sgi-lockout(557) vdb-entryx_refsource_XFx_transferred

Affected products

n/a
  • ==n/a
irix
  • ==5.0.1
  • ==5.1
  • ==5.0
  • ==6.1
  • ==6.2
  • ==6.4
  • ==6.3
  • ==6.0.1
  • ==5.2
  • ==5.1.1
  • ==6.0
  • ==5.3
Ignored packages (1) 
Not present in nixpkgs. Old issue.
Permalink CVE-1999-0029
8.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored package mairix 2 months, 1 week ago
  • @LeSuisse dismissed 2 months, 1 week ago
root privileges via buffer overflow in ordist command on SGI …

root privileges via buffer overflow in ordist command on SGI IRIX systems.

Affected products

n/a
  • ==n/a
irix
  • *
Ignored packages (1) 
Not present in nixpkgs. Old issue.