|
About the Security category
|
|
0
|
344
|
July 1, 2024
|
|
Security Advisory: Local privilege escalation in Lix and Nix
|
|
7
|
6873
|
May 9, 2026
|
|
Nix security advisory: Privilege escalation via symlink following during FOD output registration
|
|
33
|
12679
|
April 10, 2026
|
|
Security Advisory: Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module (CVE-2026-25740)
|
|
0
|
310
|
February 9, 2026
|
|
Security Advisory: Database and filestore publicly accessible with default Odoo configuration (CVE-2026-25137)
|
|
0
|
320
|
January 31, 2026
|
|
Security Advisory: SQLite database externally accessible with the default settings of Tandoor Recipes module (CVE-2026-23838)
|
|
0
|
254
|
January 19, 2026
|
|
Pre-disclosure announcement: Security Advisory for Hydra on August 12, 2025
|
|
6
|
849
|
August 12, 2025
|
|
Critical security issue in Nix 2.30 on macOS
|
|
3
|
1207
|
July 16, 2025
|
|
Security Advisory: Privilege Escalations in Nix, Lix and Guix
|
|
46
|
8642
|
July 15, 2025
|
|
Pre-disclosure announcement: Security Advisory for Nix and Lix on June 24, 2025
|
|
24
|
4211
|
June 24, 2025
|
|
Firefox 138.0.4/128.10.1esr (Pwn2Own Releases)
|
|
3
|
598
|
May 20, 2025
|
|
Security Advisory: Local privilege escalation in make-initrd-ng (CVE-2025-32438)
|
|
6
|
1071
|
April 22, 2025
|
|
Security Advisory: Kanidm Provisioned Admin Credentials Leaked into System Log (CVE-2025-30205)
|
|
0
|
496
|
March 24, 2025
|
|
cups, cups-filters and libppd security issues
|
|
1
|
1408
|
September 27, 2024
|
|
Security Advisory: Unsafe handling of credentials in `pkgs.fetchurl`
|
|
0
|
494
|
September 26, 2024
|
|
Nix 2.24.8 released fixing builtin:fetchurl credentials leak, severity 5.9 (moderate)
|
|
16
|
2306
|
September 26, 2024
|
|
Security Advisory: Environment variables accessible during a build might be world readable
|
|
0
|
538
|
September 24, 2024
|
|
Vulnerability in Nix 2.24
|
|
7
|
2896
|
September 17, 2024
|
|
Security advisory: Sensitive Data Exposure via `services.prometheus.exporters.pgbouncer`
|
|
1
|
390
|
September 11, 2024
|
|
Security advisory: local privilege escalation in the fcgiwrap NixOS module (also affecting the cgit, smokeping, and zoneminder modules)
|
|
0
|
1100
|
August 31, 2024
|
|
Security advisory: Missing authentication in Hydra when triggering evaluations
|
|
0
|
384
|
August 28, 2024
|
|
Security Advisory: Hardcoded default password for the root user in NixOS OpenStack configuration module
|
|
0
|
1290
|
August 18, 2024
|
|
Security advisory: Graphical installer disk encryption bug regression on legacy BIOS systems using manual partitioning (CVE-2024-43378 / GHSA-vfxf-gpmj-2p25)
|
|
3
|
817
|
August 16, 2024
|
|
Several information leaks fixed in Vaultwarden 1.32.0
|
|
0
|
1092
|
August 12, 2024
|
|
Security advisory: OpenSSH CVE-2024-6387 “regreSSHion” – update your servers ASAP
|
|
37
|
8250
|
July 14, 2024
|
|
CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs
|
|
65
|
19603
|
July 6, 2024
|
|
Security Advisory - Use of hardcoded cryptographic settings by default in the LimeSurvey NixOS module
|
|
0
|
557
|
June 29, 2024
|
|
OpenSSL 3.0.7 update (2022-11-01) FAQ
|
|
7
|
6321
|
November 1, 2022
|