Home/Product/nixos
Product

nixos

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-31431
< 25.11
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This m
7.8HIGH
 CVE-2026-39860
>= 2.18.2 and <= 2.18.9
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of
9.0CRITICAL
 CVE-2025-54864
< 2025-08-12
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea ar
7.5HIGH
 CVE-2025-54800
< 2025-08-12
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbit
6.1MEDIUM
 CVE-2025-32435
< 2025-04-11
Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially acc
2.6LOW
 CVE-2024-12084
< 24.11
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled che
9.8CRITICAL
 CVE-2024-12088
< 24.11
A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link dest
6.5MEDIUM
 CVE-2024-12087
< 24.11
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled
6.5MEDIUM
 CVE-2024-12086
< 24.11
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This
6.1MEDIUM
 CVE-2024-12085
< 24.11
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate
7.5HIGH
 CVE-2024-45593
>= 2.24.0 and < 2.24.6
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious use
9.0CRITICAL
 CVE-2024-45049
< 2024-08-27
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authe
7.5HIGH
 CVE-2024-32657
< 23.11
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of H
4.6MEDIUM
 CVE-2024-27297
< 2.3.18
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files
6.3MEDIUM
 CVE-2023-36476
< 0.3.13
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixo
7.9HIGH
 CVE-2019-17365
<= 2.3
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile
7.8HIGH
 CVE-2017-11501
<= 17.03
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module impl
5.9MEDIUM
 CVE-2017-7412
all versions
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker c
7.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin