Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2022-1482
updated 2 weeks, 2 days ago by @mweinelt Activity log
  • Created automatic suggestion 3 weeks, 4 days ago
  • @mweinelt removed
    31 packages
    • netflix
    • chromedriver
    • mkchromecast
    • chrome-export
    • go-chromecast
    • xf86videoopenchrome
    • chrome-token-signing
    • chrome-pak-customizer
    • electron-chromedriver
    • xf86-video-openchrome
    • curl-impersonate-chrome
    • undetected-chromedriver
    • electron-chromedriver_33
    • electron-chromedriver_34
    • electron-chromedriver_35
    • electron-chromedriver_36
    • electron-chromedriver_37
    • electron-chromedriver_38
    • electron-chromedriver_39
    • electron-chromedriver_40
    • xorg.xf86videoopenchrome
    • ocamlPackages.chrome-trace
    • noto-fonts-monochrome-emoji
    • python312Packages.pychromecast
    • python313Packages.pychromecast
    • python314Packages.pychromecast
    • ocamlPackages_latest.chrome-trace
    • python312Packages.undetected-chromedriver
    • python313Packages.undetected-chromedriver
    • python314Packages.undetected-chromedriver
    • grafanaPlugins.ventura-psychrometric-panel
    2 weeks, 2 days ago
Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 …

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

Affected products

Chrome
  • <101.0.4951.41

Matching in nixpkgs

Ignored packages (31)

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin

Package maintainers

Permalink CVE-2026-2784
updated 2 weeks, 2 days ago by @mweinelt Activity log
  • Created automatic suggestion 3 weeks, 4 days ago
  • @mweinelt removed
    34 packages
    • firefoxpwa
    • faust2firefox
    • firefox_decrypt
    • pkgsRocm.firefox
    • firefox-gnome-theme
    • firefox-sync-client
    • pkgsRocm.firefoxpwa
    • pkgsRocm.thunderbird
    • vscode-extensions.firefox-devtools.vscode-firefox-debug
    • pkgsRocm.firefox-beta
    • firefox-beta-unwrapped
    • pkgsRocm.firefox-mobile
    • firefox-esr-unwrapped
    • thunderbird-128-unwrapped
    • thunderbird-esr-unwrapped
    • pkgsRocm.firefox-unwrapped
    • pkgsRocm.firefox-devedition
    • pkgsRocm.thunderbird-latest
    • firefox-devedition-unwrapped
    • pkgsRocm.thunderbird-unwrapped
    • pkgsRocm.firefox-beta-unwrapped
    • thunderbirdPackages.thunderbird
    • gnomeExtensions.firefox-profiles
    • roundcubePlugins.thunderbird_labels
    • thunderbirdPackages.thunderbird-128
    • thunderbirdPackages.thunderbird-140
    • thunderbirdPackages.thunderbird-esr
    • pkgsRocm.firefox-devedition-unwrapped
    • pkgsRocm.thunderbird-latest-unwrapped
    • thunderbirdPackages.thunderbird-latest
    • pkgsRocm.thunderbirdPackages.thunderbird
    • gnomeExtensions.firefox-pip-always-on-top
    • gnomeExtensions.pip-alwaysontop-for-firefox
    • pkgsRocm.thunderbirdPackages.thunderbird-latest
    2 weeks, 2 days ago
Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Ignored packages (34)

Package maintainers

Permalink CVE-2022-1312
created 3 weeks, 4 days ago
Use after free in storage in Google Chrome prior to …

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

References

Affected products

Chrome
  • <100.0.4896.88

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin
Permalink CVE-2026-2806
created 3 weeks, 4 days ago
Uninitialized memory in the Graphics: Text component

Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2773
created 3 weeks, 4 days ago
Incorrect boundary conditions in the Web Audio component

Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
  • <115.33
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2768
created 3 weeks, 4 days ago
Sandbox escape in the Storage: IndexedDB component

Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2022-1486
created 3 weeks, 4 days ago
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 …

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

References

Affected products

Chrome
  • <101.0.4951.41

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin
Permalink CVE-2026-2770
created 3 weeks, 4 days ago
Use-after-free in the DOM: Bindings (WebIDL) component

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
  • <115.33
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2022-1493
created 3 weeks, 4 days ago
Use after free in Dev Tools in Google Chrome prior …

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

References

Affected products

Chrome
  • <101.0.4951.41

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin
Permalink CVE-2026-2797
created 3 weeks, 4 days ago
Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

Package maintainers