434 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-52993
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld ...
Linux Distros Unpatched Vulnerability : CVE-2025-46415
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28....
Linux Distros Unpatched Vulnerability : CVE-2025-52991
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800
CVE-2025-54800 describes a persistent XSS in Hydra (Nix-based CI) where a malicious package could inject arbitrary JavaScript into Hydra’s database, which then gets evaluated in a client’s browser when visiting the build page. The issue is stated as fixed by commit dea1e16; workarounds include no...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
PT-2025-32681 · Hydra · Hydra
Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16 Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is...
CVE-2025-53819
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...
Ubuntu: Security Advisory (USN-7633-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS / 24.04 LTS : Nix vulnerabilities (USN-7633-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7633-1 advisory. Linus Heckemann discovered that Nix did not correctly handle certain binaries. An attacker could possibly use this issue to execute arbitrary...
CVE-2025-53819
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...
CVE-2025-53819 Nix's privilege dropping to build user broke for macOS
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...
CVE-2025-53819
CVE-2025-53819 affects Nix (package manager). On macOS, builds using Nix 2.30.0 ran with elevated privileges (root) instead of the intended build user privileges, due to the privilege-dropping change. The issue is resolved by upgrading to Nix 2.30.1 or later; no public workarounds are documented....
CVE-2025-53819 Nix's privilege dropping to build user broke for macOS
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...
CVE-2025-53819 Nix's privilege dropping to build user broke for macOS
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...
USN-7633-1: Nix vulnerabilities
Linus Heckemann discovered that Nix did not correctly handle certain binaries. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-38531 Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS certificates. A remote attacker could possibly use this issue ...
PT-2025-29514 · Nix · Nix
Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.30.1 Description: Nix, a package manager for Linux and other Unix systems, exhibited a privilege escalation issue on macOS. Builds executed with Nix 2.30.0 were performed with elevated privileges root instead of the...
Nix 安全漏洞
Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix version 2.30.0 that stems from the use of elevated privileges when building on macOS...