VYPR
Vendor

Nixos

Products
7
CVEs
31
Across products
33
Status
Private

Products

7

Recent CVEs

31
View all 31 CVEs →
  • CVE-2026-25137CriFeb 2, 2026
    risk 0.60cvss 9.1epss 0.10

    The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including…

  • CVE-2026-31431HigKEVApr 22, 2026
    risk 0.59cvss 7.8epss 0.97

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…

  • CVE-2026-23838HigJan 19, 2026
    risk 0.57cvss epss 0.00

    Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may…

  • CVE-2018-14346HigJul 17, 2018
    risk 0.57cvss 8.8epss 0.02

    GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).

  • CVE-2026-39860CriApr 8, 2026
    risk 0.52cvss 9.0epss 0.00

    Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following…

  • CVE-2017-7412HigApr 4, 2017
    risk 0.51cvss 7.8epss 0.00

    NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.

  • CVE-2025-32438HigApr 15, 2025
    risk 0.50cvss 8.8epss 0.00

    make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches…

  • CVE-2025-53819HigJul 14, 2025
    risk 0.44cvss 7.9epss 0.00

    Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.

  • CVE-2024-43378HigAug 16, 2024
    risk 0.44cvss 7.8epss 0.00

    calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI;…

  • CVE-2024-12087MedJan 14, 2025
    risk 0.43cvss 6.5epss 0.02

    A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive`…

  • CVE-2024-12085HigJan 14, 2025
    risk 0.43cvss 7.5epss 0.09

    A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a…

  • CVE-2026-44028HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack…

  • CVE-2024-12088MedJan 14, 2025
    risk 0.42cvss 6.5epss 0.05

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary…

  • CVE-2024-12086MedJan 14, 2025
    risk 0.40cvss 6.1epss 0.02

    A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the…

  • CVE-2026-25740MedFeb 9, 2026
    risk 0.38cvss epss 0.00

    captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged…

  • CVE-2017-11501MedJul 20, 2017
    risk 0.38cvss 5.9epss 0.01

    NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with…

  • CVE-2025-52993MedJun 27, 2025
    risk 0.36cvss 5.6epss 0.00

    A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1;…

  • CVE-2024-47174MedSep 26, 2024
    risk 0.31cvss 5.9epss 0.00

    Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking…

  • CVE-2024-36050MedMay 18, 2024
    risk 0.28cvss 4.3epss 0.00

    Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.

  • CVE-2026-44029MedMay 5, 2026
    risk 0.27cvss 5.3epss 0.01

    An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);