Known Vulnerabilities for products from NixOS
Listed below are 8 of the newest known vulnerabilities associated with the vendor "NixOS".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39860 json | Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrit... | Not Provided | 2026-04-08 | 2026-04-15 |
| CVE-2024-12088 json | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12087 json | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-ena... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12086 json | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. ... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12085 json | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipu... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2023-36476 json | calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares... | 5.5 - MEDIUM | 2023-06-29 | 2023-07-07 |
| CVE-2019-17365 json | Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-pro... | 7.8 - HIGH | 2019-10-09 | 2019-10-23 |
| CVE-2017-7412 json | NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing doc... | 7.8 - HIGH | 2017-04-04 | 2020-05-07 |