Nixpkgs security tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2026-27545
6.1 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): Low (L)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind

OpenClaw
  • <2026.2.26
Permalink CVE-2026-30922
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

pyasn1
  • ==< 0.6.3
Permalink CVE-2026-33001
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not …

Jenkins
  • <2.541.*
  • *
Permalink CVE-2026-31970
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

HTSlib BGZF index file reader has a heap buffer overflow

htslib
  • ==< 1.21.1
  • ==>= 1.22, < 1.22.2
  • === 1.23
Permalink CVE-2026-32693
8.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Unauthorized access to Kubernetes secrets in Juju

juju
  • <3.6.19
Permalink CVE-2026-33058
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Kanboard has Authenticated SQL Injection in Project Permissions Handler

kanboard
  • ==< 1.2.51
Permalink CVE-2026-33002
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS …

Jenkins
  • <2.426.3
  • <2.541.*
  • <2.442
  • *
Permalink CVE-2026-4407
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Out-of-bounds array write in Xpdf 4.06 due to missing validation

Xpdf
  • ==4.06
Permalink CVE-2026-22170
4.8 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration

OpenClaw
  • <2026.2.22
Permalink CVE-2026-32608
7.0 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago

Glances has a Command Injection via Process Names in Action Command Templates

glances
  • ==< 4.5.2