Nixpkgs security tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2026-27523
6.1 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): Low (L)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths

OpenClaw
  • <2026.2.24
Permalink CVE-2026-22174
5.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe

OpenClaw
  • <2026.2.22
Permalink CVE-2025-41258
8.0 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

LibreChat RAG API Authentication Bypass

LibreChat
  • ==0.8.1-rc2
Permalink CVE-2026-22179
6.6 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run

OpenClaw
  • ==2026.2.22
  • <2026.2.22
Permalink CVE-2026-22171
8.2 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming

OpenClaw
  • <2026.2.19
Permalink CVE-2026-32611
7.0 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

glances
  • ==< 4.5.2
Permalink CVE-2026-32634
8.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

glances
  • ==< 4.5.2
Permalink CVE-2026-29056
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin

kanboard
  • ==< 1.2.51
Permalink CVE-2026-31973
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

NULL pointer dereference in samtools cram-size

samtools
  • === 1.23
  • ==>= 1.22, < 1.22.2
  • ==>= 1.17, < 1.21.1
Permalink CVE-2026-3479
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

pkgutil.get_data() does not enforce documented restrictions

CPython
  • <3.15.0